Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91680 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] Need help again, nasty attacks


  • This topic is locked This topic is locked
85 replies to this topic

#61 Noviciate

Noviciate

    Retired WTT Teacher

  • Visiting Fellow
  • PipPipPipPipPip
  • 2,907 posts

Posted 14 November 2009 - 03:15 PM

noahdfear has been kind enough to cast an eye over your log and has suggested we go for a lateral option. As the problem seems to be restricted to FireFox, take a read through this linky and create a new Profile and see if that is subject to the same redirections.
If it is, then we, or more accurately you, can fully remove FF and then reinstall and see if that clears things up. This linky explains how to do this properly as there are a few folders that get left behind with a simple Add/remove uninstallation.
Death to the salad eaters!

    Advertisements

Register to Remove


#62 coastalbuck

coastalbuck

    Authentic Member

  • Authentic Member
  • PipPip
  • 68 posts

Posted 15 November 2009 - 07:33 AM

I switched profiles to the default user one, and ran firefox from there. I had no bookmarks, personas, themes or anything else in that profile. The redirects still happened and got worse as I messed with it. It even led to rogue scanner sites that lit up AVG and one that firefox didn't even want me to open saying it was an attack site. Needless to say I didn't open it and got out. I read the stuff on deleting firefox and I'm not too excited about the prospect of deleting it as it seems a little complicated and I'll probably lose all my bookmarks and other stuff I've accumulated that I use frequently. I just tried something back in my normal profile that is odd. If I search for google in the AVG taskbar, then click on the link to the google home page it takes me there normally and I can search all I want with no misdirects. On the other hand, if I search google in the firefox taskbar it takes me to a google/firefox page and the madness starts all over again. Sounds like the problem does rest in firefox somewhere. Also, what should I do with all the programs and logs I've accumulated trying to fix this? Keep them in case I need them again or delete them the correct way,(whatever that is).

#63 Noviciate

Noviciate

    Retired WTT Teacher

  • Visiting Fellow
  • PipPipPipPipPip
  • 2,907 posts

Posted 15 November 2009 - 02:08 PM

The problem is that it isn't obvious what exactly is causing the redirections. You may have picked up a nasty that has added some malicious code to a legitimate file, or has replaced it completely, and this makes it much more difficult to root out. Fully uninstalling Firefox will hopefully remove the file(s) in question and allow you to reinstall and surf normally.
If it is just a matter of bookmarks, try mozbackup - it's a freeware program that allows you to backup selected items and then reinstall them into a fresh FF installation. It's what I use when I reformat.

As to the programs you have downloaded, just delete them.
Death to the salad eaters!

#64 coastalbuck

coastalbuck

    Authentic Member

  • Authentic Member
  • PipPip
  • 68 posts

Posted 15 November 2009 - 03:13 PM

10-4, will do. I'll print out the directions and delete firefox. I'll post back when that is accomplished. Thanks.

#65 coastalbuck

coastalbuck

    Authentic Member

  • Authentic Member
  • PipPip
  • 68 posts

Posted 19 November 2009 - 10:29 AM

I haven't forget, just haven't had time. Will try the uninstall soon as possible. Sorry.

#66 coastalbuck

coastalbuck

    Authentic Member

  • Authentic Member
  • PipPip
  • 68 posts

Posted 22 November 2009 - 08:27 AM

OK! Running on clean new install of firefox with no redirections in google so far. I'll keep experimenting this morning. Should I reinstall my goodies using MozBackup where I saved them before and see if the problems come back?

#67 Noviciate

Noviciate

    Retired WTT Teacher

  • Visiting Fellow
  • PipPipPipPipPip
  • 2,907 posts

Posted 22 November 2009 - 12:50 PM

Yup. Let me know how you get on.
Death to the salad eaters!

#68 coastalbuck

coastalbuck

    Authentic Member

  • Authentic Member
  • PipPip
  • 68 posts

Posted 26 November 2009 - 10:39 AM

Unfortunately not so well. After restoring personas, themes, add-ons, and bookmarks the redirects in Google search returned. They may even be worse than before. :pullhair: I guess one of my little add-ons is causing the havoc. Any idea how to root out which one?

#69 Noviciate

Noviciate

    Retired WTT Teacher

  • Visiting Fellow
  • PipPipPipPipPip
  • 2,907 posts

Posted 26 November 2009 - 01:59 PM

List the add-ons that you have installed and we'll take it from there.
Death to the salad eaters!

#70 coastalbuck

coastalbuck

    Authentic Member

  • Authentic Member
  • PipPip
  • 68 posts

Posted 27 November 2009 - 05:40 AM

Extensions are as follows. AVG safe search AVG security toolbar Better Privacy Java quick starter Microsoft .net framework assistant Personas Stumble upon toolbar TVU web player XUL cache I also have a couple of different colored themes and personas. Plug in list. Adobe Acrobat DivX content upload DivX player Java SE6 v12 Java SE6 v16 Microsoft DRM Microsoft DRM Mozilla default Quick time Shockwave flash Shockwave for Director Silverlight TVU webplayer Unity player VLC multimedia Windows media player Windows presentation foundation.

    Advertisements

Register to Remove


#71 Noviciate

Noviciate

    Retired WTT Teacher

  • Visiting Fellow
  • PipPipPipPipPip
  • 2,907 posts

Posted 27 November 2009 - 02:25 PM

OK, do you remember installing all of the extensions - in particular XUL cache?

Edit: Also, is this the full title that you see in Tools > Add-ons?
Death to the salad eaters!

#72 coastalbuck

coastalbuck

    Authentic Member

  • Authentic Member
  • PipPip
  • 68 posts

Posted 27 November 2009 - 05:30 PM

I don't really remember the XUL thingy. It says it is a support for Firefox extensions/plugins. Also, it does not provide secure updates.

#73 Noviciate

Noviciate

    Retired WTT Teacher

  • Visiting Fellow
  • PipPipPipPipPip
  • 2,907 posts

Posted 27 November 2009 - 06:25 PM

Does it have an option to disable?
Death to the salad eaters!

#74 coastalbuck

coastalbuck

    Authentic Member

  • Authentic Member
  • PipPip
  • 68 posts

Posted 28 November 2009 - 08:34 AM

It did, I used it and "viola" no redirects in google anymore. I searched Mozilla's add-on area for XUL cache and found nothing like it. Evidently, something snuck it on there on its own accord. Anyway, thanks to your patience that problem seems to be no more. Anything else I need to do Coach? You're the man..... :woot:

#75 Noviciate

Noviciate

    Retired WTT Teacher

  • Visiting Fellow
  • PipPipPipPipPip
  • 2,907 posts

Posted 28 November 2009 - 02:47 PM

OK, i'd like a little more information about this as it may be something that others get stuck with, and hopefully this could make it easier to shift in future.
If you navigate to C:\Documents and Settings\your username\Application Data\Mozilla\Firefox\Profiles\random characters.default\extensions you see a number of folders. In each one is a file called install.rdf. I'd like you to open each folder in turn, right click these files and select Open with.... Scroll down until you find Wordpad, select it and hit OK.
If you don't have the option Open with..., try Open instead. It should tell you it can't open the file and you should select the Select the program from a list option and access Wordpad that way. The next time you try to open a file, the Open with... option should be present.
You are looking for em:name. I want you to see if you can find one that references XUL cache if at all possible and copy and paste the full contents of the file into your next reply.
Death to the salad eaters!

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users