X
Nhấn vào đây để đến phiên bản di động của trang web.

Diễn đàn trợ giúp

firefox goes to Mgasavezz4.com How can I stop this?

Được đăng

my firefox is redirected to this site....and starts a "scan" of my computer to fix "claimed" infections. My mcafee antivirus then blocks trojans. I cannot get rid of this megasavezz4/ any suggestions?

URL of affected sites

http://www2.megasavezz4.com

my firefox is redirected to this site....and starts a "scan" of my computer to fix "claimed" infections. My mcafee antivirus then blocks trojans. I cannot get rid of this megasavezz4/ any suggestions? == URL of affected sites == http://www2.megasavezz4.com

Giải pháp được chọn

I noticed the same thing on 2 sites today. I didn't pay any attention to the first but I took notice when I had it happen again on heartzones.com. I immediately recognized that megasavezz4.com is a scam site. Here's what I've done and/or discovered in trying to narrow down the problem:

1. I immediately blocked the entire megasavezz4.com domain via OpenDNS to prevent anything on my network from connecting to it.

2. I restarted Firefox in safemode and went to heartzones.com. The redirect happened again, leading me to believe that it was unlikely a rogue Firefox add-on. (Since I use Linux, the most likely form of infection for me would be the browser).

3. I disabled Javascript and reloaded the page. The redirect did not happen. This strengthened my suspicion that the infection may not be on computer but the web site itself.

4. With the megasavezz4.com blocked on my network, I tried accessing heartzones.com from another computer (presumably not infected with anything my laptop might be infected with). It also tried to redirect to megasavezz4.com, so either both computers were infected (unlikely) or the problem was with the web site.

5. I did a CTRL+U to look at the sourcecode of heartzones.com. Since redirects only happened with Javascript turned on, I looked for suspicious looking scripts in the page. Everything looked fine until I got to the bottom of the page and found: . This looked suspicious and when I did a web search for it I found numerous sites linking this code to infected web sites.

6. http://holasionweb.com/oo.php contains Javascript to assign browser cookies and redirect the browser to http://www3.burhot33-td.net, which in turn probably links off to mgasavezz4.com or another site that eventually ends up there.

At this point, I'd say that itlooks like the infection is on web sites you are visiting. Try looking at the source code of the site that is redirecting you and see if you can find the above code in it. Please post your findings so we can compare notes.

Đọc câu trả lời này trong ngữ cảnh 0

Chi tiết hệ thống bổ sung

Phần bổ trợ đã cài đặt

  • -Cooliris embedded in a tab
  • RealPlayer(tm) LiveConnect-Enabled Plug-In
  • 6.0.12.448
  • The QuickTime Plugin allows you to view a wide variety of multimedia content in Web pages. For more information, visit the QuickTime Web site.
  • Default Plug-in
  • Adobe PDF Plug-In For Firefox and Netscape "9.3.2"
  • NPRuntime Script Plug-in Library for Java(TM) Deploy
  • Shockwave Flash 10.0 r45
  • DivX Web Player version 1.5.0.52
  • npdivxplayerplugin
  • McAfee Virtual Technician plugin for Mozilla (Gecko Version: 1.8b1)
  • 3.0.50106.0
  • Office Live Update v1.4
  • NPWLPG
  • Next Generation Java Plug-in 1.6.0_20 for Mozilla browsers

Ứng dụng

  • Chuỗi đại diện người dùng: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3

Thông tin chi tiết

Application Basics
Name
Firefox
Version
3.6.3
Profile Directory
Open Containing Folder
Installed Plugins
about:plugins
Build Configuration
about:buildconfig
Extensions
Name
Version
Enabled
ID
Adblock Plus
1.2
true
Cookie Monster
1.0.0
true
{45d8ff86-d909-11db-9705-005056c00008}
Cooliris
1.11.6
true
piclens@cooliris.com
Download Manager Tweak
0.9.2
true
DownloadHelper
4.7.3
true
FEBE
6.3.3
true
{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
ImTranslator
3.3.3
true
{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
Java Console
6.0.17
true
SkipScreen
0.4.7amo
true
SkipScreen@SkipScreen
Smart Bookmarks Bar
1.4.3
false
smartbookmarksbar@remy.juteau
WOT
20100503
true
BetterPrivacy
1.47.4
true
Java Console
6.0.19
true
Java Console
6.0.20
true
Modified Preferences
Name
Value
accessibility.typeaheadfind.flashBar
0
browser.history_expire_days
20
browser.history_expire_days.mirror
20
browser.history_expire_days_min
20
browser.places.smartBookmarksVersion
2
browser.startup.homepage
http://news.google.com/nwshp?hl=en&gl=us
browser.startup.homepage_override.mstone
rv:1.9.2.3
extensions.lastAppVersion
3.6.3
font.name.serif.x-western
Courier New
font.size.variable.x-western
14
general.useragent.extra.betterprivacy
network.cookie.prefsMigrated
true
places.last_vacuum
1272255823
print.print_printer
HP Photosmart C309a series
print.printer_HP_Photosmart_C309a_series.print_bgcolor
false
print.printer_HP_Photosmart_C309a_series.print_bgimages
false
print.printer_HP_Photosmart_C309a_series.print_command
print.printer_HP_Photosmart_C309a_series.print_downloadfonts
false
print.printer_HP_Photosmart_C309a_series.print_edge_bottom
0
print.printer_HP_Photosmart_C309a_series.print_edge_left
0
print.printer_HP_Photosmart_C309a_series.print_edge_right
0
print.printer_HP_Photosmart_C309a_series.print_edge_top
0
print.printer_HP_Photosmart_C309a_series.print_evenpages
true
print.printer_HP_Photosmart_C309a_series.print_footercenter
print.printer_HP_Photosmart_C309a_series.print_footerleft
&PT
print.printer_HP_Photosmart_C309a_series.print_footerright
&D
print.printer_HP_Photosmart_C309a_series.print_headercenter
print.printer_HP_Photosmart_C309a_series.print_headerleft
&T
print.printer_HP_Photosmart_C309a_series.print_headerright
&U
print.printer_HP_Photosmart_C309a_series.print_in_color
true
print.printer_HP_Photosmart_C309a_series.print_margin_bottom
0.5
print.printer_HP_Photosmart_C309a_series.print_margin_left
0.5
print.printer_HP_Photosmart_C309a_series.print_margin_right
0.5
print.printer_HP_Photosmart_C309a_series.print_margin_top
0.5
print.printer_HP_Photosmart_C309a_series.print_oddpages
true
print.printer_HP_Photosmart_C309a_series.print_orientation
0
print.printer_HP_Photosmart_C309a_series.print_pagedelay
500
print.printer_HP_Photosmart_C309a_series.print_paper_data
1
print.printer_HP_Photosmart_C309a_series.print_paper_height
11.00
print.printer_HP_Photosmart_C309a_series.print_paper_size_type
0
print.printer_HP_Photosmart_C309a_series.print_paper_size_unit
0
print.printer_HP_Photosmart_C309a_series.print_paper_width
8.50
print.printer_HP_Photosmart_C309a_series.print_reversed
false
print.printer_HP_Photosmart_C309a_series.print_scaling
1.00
print.printer_HP_Photosmart_C309a_series.print_shrink_to_fit
true
print.printer_HP_Photosmart_C309a_series.print_to_file
false
print.printer_HP_Photosmart_C309a_series.print_unwriteable_margin_bottom
0
print.printer_HP_Photosmart_C309a_series.print_unwriteable_margin_left
0
print.printer_HP_Photosmart_C309a_series.print_unwriteable_margin_right
0
print.printer_HP_Photosmart_C309a_series.print_unwriteable_margin_top
0
privacy.cpd.extensions-betterprivacy
true
privacy.cpd.siteSettings
true
privacy.sanitize.migrateFx3Prefs
true
privacy.sanitize.timeSpan
3
security.enable_ssl2
true
security.enable_tls
false
security.warn_viewing_mixed
false

Người tạo câu hỏi

wtf

wtf

Người tạo câu hỏi

THIS SITE ( megasavezz4.com ) CONTAIN VIRUSES !!! Do not open it ! It's false antyvirus !

THIS SITE ( megasavezz4.com ) CONTAIN VIRUSES !!! Do not open it ! It's false antyvirus !

Người tạo câu hỏi

Same here. Use ctrl-alt-del to quit firefox, else you'll get a virus :-(

Same here. Use ctrl-alt-del to quit firefox, else you'll get a virus :-(
zzxc 22 giải pháp 242 câu trả lời
Được đăng

Are you only directed to this site when using Firefox, or does it happen in other browsers (such as Internet Explorer) as well?

The first step I would recommend is scanning for spyware, as spyware is the most common cause of redirection to malicious websites.

  1. Download a spyware scanner - I would recommend the free version of malware bytes
  2. Run a full scan, and post back with what is found. Remove any spyware it finds.
  3. See if you are still redirected.
Are you only directed to this site when using Firefox, or does it happen in other browsers (such as Internet Explorer) as well? The first step I would recommend is scanning for spyware, as spyware is the most common cause of redirection to malicious websites. # Download a spyware scanner - I would recommend the free version of [http://www.malwarebytes.org malware bytes] # Run a full scan, and post back with what is found. Remove any spyware it finds. # See if you are still redirected.

Người tạo câu hỏi

I tried spyware scanning using HitmanPro. No result. This is an obvious danger site. if you get directed there you get a windows looking screen that says you are infected and it must scan. then a green bar shows scanning. I delete my last 4 hours in firefox.

 and it is only in firefox.  at least internetexpl has not yet been infected
I tried spyware scanning using HitmanPro. No result. This is an obvious danger site. if you get directed there you get a windows looking screen that says you are infected and it must scan. then a green bar shows scanning. I delete my last 4 hours in firefox. and it is only in firefox. at least internetexpl has not yet been infected

Người tạo câu hỏi

You suggestion to crash firefox ASAP is a good one. that is what i have done but so far there must be something to block it or remove it better than that

You suggestion to crash firefox ASAP is a good one. that is what i have done but so far there must be something to block it or remove it better than that

Người tạo câu hỏi

I am having the same problem. I clicked a Google search result and I got redirected to this malware site (http)://www2.megasavezz4.com/ but this bad site also showed in the browser history: (http)://www1.checker26-pd.xorg.pl/

I am using Firefox 3.5.5 on Windows XP.

I am having the same problem. I clicked a Google search result and I got redirected to this malware site (http)://www2.megasavezz4.com/ but this bad site also showed in the browser history: (http)://www1.checker26-pd.xorg.pl/ I am using Firefox 3.5.5 on Windows XP.

Người tạo câu hỏi

AGV picked up the opening of www2.megasavezz4.com and blocked it but it has popped back up twice more. Anyone have any suggestions to stop the attack?

AGV picked up the opening of www2.megasavezz4.com and blocked it but it has popped back up twice more. Anyone have any suggestions to stop the attack?

Người tạo câu hỏi

I haven't seen anything like this for a few years. Just pops up out of nowhere. Happened on both my machines. Firefox 3.6.3 on Ubuntu Linux and Firefox 3.6.3 on Vista....

I haven't seen anything like this for a few years. Just pops up out of nowhere. Happened on both my machines. Firefox 3.6.3 on Ubuntu Linux and Firefox 3.6.3 on Vista....

Người tạo câu hỏi

Correct url is: http://www2.megasavezz4.com

Correct url is: http://www2.megasavezz4.com

Người tạo câu hỏi

Yikes - talk about scare tactics, it won't let go! Just got hijacked by the megasave4zz and will try to use ctr-alt-del to get out - then plan to scan, wish me luck

Yikes - talk about scare tactics, it won't let go! Just got hijacked by the megasave4zz and will try to use ctr-alt-del to get out - then plan to scan, wish me luck

Người tạo câu hỏi

I believe it is coming from a site you visit. I just shut down my site, it's been hacked. Avast tagged it as a trojan and blocked the redirect. Did a little research, found out a php script has been added that redirects. Also adds a cookie to your browser. While Avast blocked the redirect, the cookies passed through to Firefox.

In my case, my site also was redirecting to www4. suitcase52td.net, which also redirects to Rogue Anti-Virus. Check out this site, about halfway down the page under the heading "indesignstudioinfo.com/ls.php".

http://stopmalvertising.com/malvertisements/update-on-the-latest-wordpress-hack/all-pages

Hope this helps

I believe it is coming from a site you visit. I just shut down my site, it's been hacked. Avast tagged it as a trojan and blocked the redirect. Did a little research, found out a php script has been added that redirects. Also adds a cookie to your browser. While Avast blocked the redirect, the cookies passed through to Firefox. In my case, my site also was redirecting to www4. suitcase52td.net, which also redirects to Rogue Anti-Virus. Check out this site, about halfway down the page under the heading "indesignstudioinfo.com/ls.php". http://stopmalvertising.com/malvertisements/update-on-the-latest-wordpress-hack/all-pages Hope this helps

Người tạo câu hỏi

i have the same problem. it happened when my brother show a picture. what happened yet?? do i have a virus now? if yes, what can i do now?

i have the same problem. it happened when my brother show a picture. what happened yet?? do i have a virus now? if yes, what can i do now?

Người tạo câu hỏi

This isn't limited to Windows. It's also affecting my Linux-based Firefox 3.6.3 even when run in safe-mode.

This isn't limited to Windows. It's also affecting my Linux-based Firefox 3.6.3 even when run in safe-mode.

Giải pháp được chọn

I noticed the same thing on 2 sites today. I didn't pay any attention to the first but I took notice when I had it happen again on heartzones.com. I immediately recognized that megasavezz4.com is a scam site. Here's what I've done and/or discovered in trying to narrow down the problem:

1. I immediately blocked the entire megasavezz4.com domain via OpenDNS to prevent anything on my network from connecting to it.

2. I restarted Firefox in safemode and went to heartzones.com. The redirect happened again, leading me to believe that it was unlikely a rogue Firefox add-on. (Since I use Linux, the most likely form of infection for me would be the browser).

3. I disabled Javascript and reloaded the page. The redirect did not happen. This strengthened my suspicion that the infection may not be on computer but the web site itself.

4. With the megasavezz4.com blocked on my network, I tried accessing heartzones.com from another computer (presumably not infected with anything my laptop might be infected with). It also tried to redirect to megasavezz4.com, so either both computers were infected (unlikely) or the problem was with the web site.

5. I did a CTRL+U to look at the sourcecode of heartzones.com. Since redirects only happened with Javascript turned on, I looked for suspicious looking scripts in the page. Everything looked fine until I got to the bottom of the page and found: . This looked suspicious and when I did a web search for it I found numerous sites linking this code to infected web sites.

6. http://holasionweb.com/oo.php contains Javascript to assign browser cookies and redirect the browser to http://www3.burhot33-td.net, which in turn probably links off to mgasavezz4.com or another site that eventually ends up there.

At this point, I'd say that itlooks like the infection is on web sites you are visiting. Try looking at the source code of the site that is redirecting you and see if you can find the above code in it. Please post your findings so we can compare notes.

I noticed the same thing on 2 sites today. I didn't pay any attention to the first but I took notice when I had it happen again on heartzones.com. I immediately recognized that megasavezz4.com is a scam site. Here's what I've done and/or discovered in trying to narrow down the problem: 1. I immediately blocked the entire megasavezz4.com domain via OpenDNS to prevent anything on my network from connecting to it. 2. I restarted Firefox in safemode and went to heartzones.com. The redirect happened again, leading me to believe that it was unlikely a rogue Firefox add-on. (Since I use Linux, the most likely form of infection for me would be the browser). 3. I disabled Javascript and reloaded the page. The redirect did not happen. This strengthened my suspicion that the infection may not be on computer but the web site itself. 4. With the megasavezz4.com blocked on my network, I tried accessing heartzones.com from another computer (presumably not infected with anything my laptop might be infected with). It also tried to redirect to megasavezz4.com, so either both computers were infected (unlikely) or the problem was with the web site. 5. I did a CTRL+U to look at the sourcecode of heartzones.com. Since redirects only happened with Javascript turned on, I looked for suspicious looking scripts in the page. Everything looked fine until I got to the bottom of the page and found: . This looked suspicious and when I did a web search for it I found numerous sites linking this code to infected web sites. 6. http://holasionweb.com/oo.php contains Javascript to assign browser cookies and redirect the browser to http://www3.burhot33-td.net, which in turn probably links off to mgasavezz4.com or another site that eventually ends up there. At this point, I'd say that itlooks like the infection is on web sites you are visiting. Try looking at the source code of the site that is redirecting you and see if you can find the above code in it. Please post your findings so we can compare notes.