hello, this sounds like a problem possibly caused by malware on your pc. please go to firefox > addons > extensions & remove any suspicious entries (toolbars, things that you have not installed intentionally, don't know what purpose they serve, etc). also go to the windows control panel / programs and remove all toolbars or potentially unwanted software from there and run a full scan of your system with the security software that you have in place and different other tools like the free version of malwarebytes & adwcleaner.

Remove a toolbar that has taken over your Firefox search or home page Troubleshoot Firefox issues caused by malware

Malwarebytes Anti-malware has a good reputation for cleaning up malware "infections", and is well worth having as a second opinion back-up. So too is SurfRight's Hitman Pro. That will give you 30 days to find malware, after that it will be necessary to buy a license to get clean-up support.

I do not know adwcleaner, but it appears to be well regarded at Wilders Security Forums.

You might like to consider a "portable" "installation" of Firefox as a means of exploring functionality which is not native to Firefox, but can be added to Firefox by means of one or two extensions which you might not want to install in your main installation, even after you have put them through their paces. Using these add-ons will allow you to explore the issue which perhaps explains your "Buttersurf" infection.

Unfortunately, some time fairly recently, last year perhaps, someone decided to put the popular browsers through a test to determine how they coped with blocking a set of known malware websites. Unfortunately, Firefox scored about 20% in that test, but that would be the "vanilla" edition from Mozilla. However, Firefox can do better, if enhanced with the right add-ons. If it suits you to explore the utility of a 'shadow' installation, you will be able to examine this phenomenon.

PortableApps.com http://portableapps.com/ http://portableapps.com/apps/internet/firefox_portable

NoScript Security Suite :: Add-ons for Firefox The best security you can get in a web browser! Allow active content to run only from sites you trust, and protect yourself against XSS and Clickjacking attacks. https://addons.mozilla.org/en-US/firefox/addon/noscript/

RequestPolicy :: Add-ons for Firefox Be in control of which cross-site requests are allowed. Improve the privacy of your browsing by not letting other sites know your browsing habits. Secure yourself from Cross-Site Request Forgery (CSRF) and other attacks. RequestPolicy is an extension that improves the privacy and security of your browsing by giving you control over when cross-site requests are allowed by webpages you visit. https://addons.mozilla.org/en-US/firefox/addon/requestpolicy/

RequestPolicy will provide a full lockdown on all calls to websites/servers not listed in the address bar ["Awesome bar"], and will reveal exactly how much cross-site scripting is involved with even websites which should know better. Sometimes makes browsing hard work [eg. AVG Threat Labs], but you might appreciate the extra protection?

Wilders Security Forums http://www.wilderssecurity.com

SurfRight http:///www.surfright.nl http://hitmanpro.wordpress.com/

'"Ninety-five percent of successful exploits are Java- or PDF-based,” said Bustamante in a meeting at CNET’s San Francisco offices last June.' ZeroVulnerabilityLabs ExploitShield http://www.insanitybit.com/2012/09/28/zerovulnerabilitylabs-exploitshield/ [See the Wilders Security Forums for discussions "about other anti-malware and system protection technology". http://www.wilderssecurity.com/forumdisplay.php?s=e9d75404f5a08307c0be9586c5402925&f=35]

Delivering an executable without an executable The VRT looks at a massive amount of exploit kits a day, but this one caught our eye so we thought we'd share. While this technique isn't new, it is very interesting and further illustrates what we all believe to be true in the security world, you can't trust anything. Thursday, September 26, 2013 VRT: Delivering an executable without an executable http://vrt-blog.snort.org/2013/09/delivering-executable-without-executable.html [VRT: The Sourcefire Vulnerability Research Team.]

"Does anybody still believe browsing the Web with Flash and JavaScript promiscuously enabled and no XSS protection is a good idea?" Malware 2.0 is Now! http://hackademix.net/2008/01/12/malware-20-is-now/ http://noscript.net/features#contentblocking

Pick A Download… Part 2 Last week I wrote a blog post on the dangers of ads posing as fake download buttons on various download web sites. Since then I received a lot of feedback from our readers and other security researchers on different tools available to help users avoid these dangers by blocking the ads entirely. http://blog.malwarebytes.org/intelligence/2012/10/pick-a-download-part-2/

Bluhell Firewall offers a more compact, and faster, rule set than Adblock Plus, but Adblock Plus [without a filter subscription] remains useful as it supports custom filters which will block other spam and irritants [aka "content"] which Bluhell or Adblock might miss.

Bluhell Firewall Lightweight Ad-Blocker and Privacy Protector. https://addons.mozilla.org/en-US/firefox/addon/bluhell-firewall/

Adblock Plus :: Add-ons for Firefox https://addons.mozilla.org/en-US/firefox/addon/adblock-plus/ [The Mozilla search engine will offer nine other matches for 'Adblock']

Ghostery :: Add-ons for Firefox, Chrome, Opera Protect your privacy. See who's tracking your web browsing and block them with Ghostery. https://addons.mozilla.org/en-US/firefox/addon/ghostery/

Web of Trust - WOT :: Add-ons for Firefox https://addons.mozilla.org/en-US/firefox/addon/wot-safe-browsing-tool/ [Provides useful clues as to which websites are safe, and which are best avoided.]

"URLVoid.com is a free service developed by NoVirusThanks Company Srl that allows users to scan a website address with multiple website reputation engines and domain blacklists to facilitate the detection of possible dangerous [annoying, or unsavoury] websites..." [A potentially brilliant "front-end" to multiple website reputation engines; however, check any of the listed links; not all are currently read correctly by NoVirusThanks software.] http://www.urlvoid.com/

Please take caution with using the links above, Mozilla does not guarantee the information on those websites and is not liable for damage caused due to those links. Proceed at your own risk!

I used a variety of malware checkers - Microsoft, Norton, Malwarebytes, and adwcleaner. All but adwcleaner said no malware. adwcleaner brought up and dispensed with a bunch of things it said weren't good. But no joy! I disabled all of my add-ons and extensions -- No Joy! I restored my system back four days, but no joy again! Finally I deleted my copy of FireFox and reloaded it and by gosh that worked!!! No more Do-search. Unfortunately, still don't know what caused this, but I'll certainly continue to be careful.

Interestingly, I found I had the same problem in Internet Explorer, but none of the actions above, including removing and reinstalling fixed the problems. But that's really not a problem because I never use Internet Explorer when FireFox is so much better!!!

All, thanks so much for your advice and counsel. I really appreciate the help! V/R Steve

Thank you very much for your very detailed and useful reply. It's given me a lot to think about and experiment with. Thanks again!

Steve

It is very sad  :-< but many of the software down-loaders / installers will trick you into installing not only their program, but other programs as well. You have heard of the fine print in shady contracts, right? Well, some installers you need to look at the teeny tiny fine print. You are thinking you are giving the program permission to instal the program you want by using the recommended option. But if you use the manual option instead, you discover all kinds of stuff that you do not even know what it is or what it does. From now on, everyone needs to use the manual option to put a stop to this.

In order to fix this problem for free you may visit this guide - http://www.deletevirus.net/remove-do-search-virus/ You will see some helpful information there, but please don't buy the program recommended there. You don't need to buy it. Simply download it and install. You don't even need to scan your PC with it. Click "Tools" and "Reset browser settings". This will automatically reset your browser settings for free, at no cost for you.

You can check the target line in the Firefox desktop shortcut to make sure that nothing is appended after the path to the Firefox program.

All the advice about getting Adware software wasted a whole 5 hours of time for me.

I finally decided to run %APPDATA%\Mozilla\Firefox\Profiles from the 'windows start/run' line...

When I got to the store for the profiles I went back two directory entries to the 'Mozilla' folder then searched for "do-search" inside the files.

I found several instances inside a .js file and deleted them.

problem solved!

Not sure why this isn't in the fix instructions.

I did not remove the entries in the sessionstore.js, as that appears to be past history stuff...(don't know but I solved the problem.)