firefox goes to Mgasavezz4.com How can I stop this?
my firefox is redirected to this site....and starts a "scan" of my computer to fix "claimed" infections. My mcafee antivirus then blocks trojans. I cannot get rid of this megasavezz4/ any suggestions?
URL of affected sites
الحل المُختار
I noticed the same thing on 2 sites today. I didn't pay any attention to the first but I took notice when I had it happen again on heartzones.com. I immediately recognized that megasavezz4.com is a scam site. Here's what I've done and/or discovered in trying to narrow down the problem:
1. I immediately blocked the entire megasavezz4.com domain via OpenDNS to prevent anything on my network from connecting to it.
2. I restarted Firefox in safemode and went to heartzones.com. The redirect happened again, leading me to believe that it was unlikely a rogue Firefox add-on. (Since I use Linux, the most likely form of infection for me would be the browser).
3. I disabled Javascript and reloaded the page. The redirect did not happen. This strengthened my suspicion that the infection may not be on computer but the web site itself.
4. With the megasavezz4.com blocked on my network, I tried accessing heartzones.com from another computer (presumably not infected with anything my laptop might be infected with). It also tried to redirect to megasavezz4.com, so either both computers were infected (unlikely) or the problem was with the web site.
5. I did a CTRL+U to look at the sourcecode of heartzones.com. Since redirects only happened with Javascript turned on, I looked for suspicious looking scripts in the page. Everything looked fine until I got to the bottom of the page and found: . This looked suspicious and when I did a web search for it I found numerous sites linking this code to infected web sites.
6. http://holasionweb.com/oo.php contains Javascript to assign browser cookies and redirect the browser to http://www3.burhot33-td.net, which in turn probably links off to mgasavezz4.com or another site that eventually ends up there.
At this point, I'd say that itlooks like the infection is on web sites you are visiting. Try looking at the source code of the site that is redirecting you and see if you can find the above code in it. Please post your findings so we can compare notes.
Read this answer in context 👍 0All Replies (15)
wtf
THIS SITE ( megasavezz4.com ) CONTAIN VIRUSES !!! Do not open it ! It's false antyvirus !
Same here. Use ctrl-alt-del to quit firefox, else you'll get a virus :-(
Are you only directed to this site when using Firefox, or does it happen in other browsers (such as Internet Explorer) as well?
The first step I would recommend is scanning for spyware, as spyware is the most common cause of redirection to malicious websites.
- Download a spyware scanner - I would recommend the free version of malware bytes
- Run a full scan, and post back with what is found. Remove any spyware it finds.
- See if you are still redirected.
I tried spyware scanning using HitmanPro. No result. This is an obvious danger site. if you get directed there you get a windows looking screen that says you are infected and it must scan. then a green bar shows scanning. I delete my last 4 hours in firefox.
and it is only in firefox. at least internetexpl has not yet been infected
You suggestion to crash firefox ASAP is a good one. that is what i have done but so far there must be something to block it or remove it better than that
I am having the same problem. I clicked a Google search result and I got redirected to this malware site (http)://www2.megasavezz4.com/ but this bad site also showed in the browser history: (http)://www1.checker26-pd.xorg.pl/
I am using Firefox 3.5.5 on Windows XP.
AGV picked up the opening of www2.megasavezz4.com and blocked it but it has popped back up twice more. Anyone have any suggestions to stop the attack?
I haven't seen anything like this for a few years. Just pops up out of nowhere. Happened on both my machines. Firefox 3.6.3 on Ubuntu Linux and Firefox 3.6.3 on Vista....
Correct url is: http://www2.megasavezz4.com
Yikes - talk about scare tactics, it won't let go! Just got hijacked by the megasave4zz and will try to use ctr-alt-del to get out - then plan to scan, wish me luck
I believe it is coming from a site you visit. I just shut down my site, it's been hacked. Avast tagged it as a trojan and blocked the redirect. Did a little research, found out a php script has been added that redirects. Also adds a cookie to your browser. While Avast blocked the redirect, the cookies passed through to Firefox.
In my case, my site also was redirecting to www4. suitcase52td.net, which also redirects to Rogue Anti-Virus. Check out this site, about halfway down the page under the heading "indesignstudioinfo.com/ls.php".
http://stopmalvertising.com/malvertisements/update-on-the-latest-wordpress-hack/all-pages
Hope this helps
i have the same problem. it happened when my brother show a picture. what happened yet?? do i have a virus now? if yes, what can i do now?
This isn't limited to Windows. It's also affecting my Linux-based Firefox 3.6.3 even when run in safe-mode.
الحل المُختار
I noticed the same thing on 2 sites today. I didn't pay any attention to the first but I took notice when I had it happen again on heartzones.com. I immediately recognized that megasavezz4.com is a scam site. Here's what I've done and/or discovered in trying to narrow down the problem:
1. I immediately blocked the entire megasavezz4.com domain via OpenDNS to prevent anything on my network from connecting to it.
2. I restarted Firefox in safemode and went to heartzones.com. The redirect happened again, leading me to believe that it was unlikely a rogue Firefox add-on. (Since I use Linux, the most likely form of infection for me would be the browser).
3. I disabled Javascript and reloaded the page. The redirect did not happen. This strengthened my suspicion that the infection may not be on computer but the web site itself.
4. With the megasavezz4.com blocked on my network, I tried accessing heartzones.com from another computer (presumably not infected with anything my laptop might be infected with). It also tried to redirect to megasavezz4.com, so either both computers were infected (unlikely) or the problem was with the web site.
5. I did a CTRL+U to look at the sourcecode of heartzones.com. Since redirects only happened with Javascript turned on, I looked for suspicious looking scripts in the page. Everything looked fine until I got to the bottom of the page and found: . This looked suspicious and when I did a web search for it I found numerous sites linking this code to infected web sites.
6. http://holasionweb.com/oo.php contains Javascript to assign browser cookies and redirect the browser to http://www3.burhot33-td.net, which in turn probably links off to mgasavezz4.com or another site that eventually ends up there.
At this point, I'd say that itlooks like the infection is on web sites you are visiting. Try looking at the source code of the site that is redirecting you and see if you can find the above code in it. Please post your findings so we can compare notes.