Firefox will not stop changing search provider from Google to "Bing Search Engine" (Not standard "Bing"!)
As of two days ago, I made the mistake of installing (verified) legitimate software without selecting custom installation. Lo and behold, 2 or 3 bits of malware are tossed onto my PC, but even after scanning twice with both AVG AND Malware Bytes, the default search provider on my firefox forcibly resets to "Bing Search Engine" on firefox every new session.
What's interesting is that "Bing" is the actual, formal search engine for Bing, meaning this is almost certainly illegitimate. In an attempt to fix this I have already: A. Changed the preference AND deleted "Bing Search Engine" from the accepted search engines. B. Removed all cookies, addons, and plugins I have not been able to confirm to be safe. C. Reset ("refreshed") firefox completely
None of these problems have fixed this reversion of Preferred Search Engine, and I fear this is an issue for my security.
Valitud lahendus
In addition to the scanners, please check:
(1) Windows Control Panel, Uninstall a Program.
After the list loads, click the "Installed on" column heading to group the infections, I mean, additions, by date. This can help in smoking out undisclosed bundle items that snuck in with that software you agreed to install. Be suspicious of everything you do not recognize/remember, as malware often uses important or innocent sounding names to discourage you from removing it.
Take out as much trash as possible here. If you're not sure, feel free to post program names or a screenshot of the list.
(2) Possible program folder infection.
Check in these locations (varies for 32-bit / 64-bit):
C:\Program Files\Mozilla Firefox\defaults\pref C:\Program Files (x86)\Mozilla Firefox\defaults\pref
Any files other than channel-prefs.js are suspicious. Remove them to a neutral location for further analysis at your leisure.
Loe vastust kontekstis 👍 20All Replies (5)
Please use more than 1 scanner as each uses diff tech : https://support.mozilla.org/en-US/kb/troubleshoot-firefox-issues-caused-malware Save your Report and google each before deleting anything as do not want to delete something you need, If need help : https://forums.malwarebytes.com/topic/9573-im-infected-what-do-i-do-now/ Post in only 1 forum, then wait.
Try AWDcleaner also suggest going to the forum for removal by experts.
Please let us know if this solved your issue or if need further assistance.
Valitud lahendus
In addition to the scanners, please check:
(1) Windows Control Panel, Uninstall a Program.
After the list loads, click the "Installed on" column heading to group the infections, I mean, additions, by date. This can help in smoking out undisclosed bundle items that snuck in with that software you agreed to install. Be suspicious of everything you do not recognize/remember, as malware often uses important or innocent sounding names to discourage you from removing it.
Take out as much trash as possible here. If you're not sure, feel free to post program names or a screenshot of the list.
(2) Possible program folder infection.
Check in these locations (varies for 32-bit / 64-bit):
C:\Program Files\Mozilla Firefox\defaults\pref C:\Program Files (x86)\Mozilla Firefox\defaults\pref
Any files other than channel-prefs.js are suspicious. Remove them to a neutral location for further analysis at your leisure.
Fantastic catch, jscher2000. I tried using the above removal methods, and while they caught some stuff, it didn't resolve the issue.
Searched my X86 Firefox directory and found "DS-engine" in there with channel-prefs. Date of file creation? 12/9/2017. That was the guy. Deleted it by hand, and FINALLY the search engine default has stopped being changed.
Thanks for your time, gentlemen, consider this one a victory.
Hi YCCCM7, thank you for reporting back. Can you associate "DS-engine" with particular software you installed? Naming names helps when other users are Googling. Thanks.
Sure. I know one malicious program that was rolled up in the installer (the only one that showed up in the control panel) was one "Lavasoft Web Companion"... I think it's one of those cases where there's a legitimate version of it, but this is some less legitimate derivative.
Past that, I think it all came bundled with "BurnAware"... From what I googled, BurnAware's legit enough, or at least used to be, but it came from a supposedly malware free installer from CNet.
What a joke. This is about the 7th time CNet has failed me. Anyways, digression aside, those two are the only ones formally installed.
There were maybe 11 other items caught between Malware Bytes and AWDCleaner, all with very cryptic names, so there could be more behind the scenes.