Can't remove plugin. Malware. I can disable it, but there's no option to remove.
A friend of mine accidentally installed something he shouldn't have which installed a plugin in Firefox called "Information Vine". The offending app is gone but the plugin remains.
The result of the addon was that it redirected every Google search to their own website (type something into Google... no "common phrase" dropdown... and it takes you to the malware's host website to display links to advertisers masquerading as Google search results.) And any installed adware/malware removal app already installed on his computer refuses to run (forcing me to install new software, which neither sees nor detects the malware.) His Avast Antivirus likewise does not detect the plugin.
Disabling the plugin solved the issue of redirecting his Google searches, but I can not find a way to *remove* the plugin itself. I've tried going thru his plugin folder (in his User\Profile directory), removing anything suspicious in his Registry that might be related, and even "HiJackThis" doesn't detect the plugin (even if I re-enable it.)
I'm stumped. How do I delete a plugin that can't be removed by conventional means? I've tried every answer found on Google but nothing works.
TIA
PS: Before anyone suggests it, I also already tried obtaining the path to the plugin via "about:plugins", found the folder and deleted it, yet it's still there.
Bewerkt door Mugsy op
Gekozen oplossing
I contacted my friend last night and provided him with instructions on how to reenable the plugin, take a screenshot, and email it back to me.
He called back to say that after reenabling the plugin, the problem did not return and all is now fine. I had spent about an hour on his computer the day before deleting suspicious software and hand-deleting suspicious Registry entries (all Chinese characters), but never rechecked to see if I had fixed his issue. It appears now I had.
I even tried to visit "VineInformation.com" myself from home but the URL no longer exists. Ugh!
I don't like not knowing what happened, but ces't la vie.
Thanks all.
Dit antwoord in context lezen 👍 0Alle antwoorden (14)
McCoy said
Convince you of the fact that the (built-in) WideVine plugin is not malware. Again : the plugin is built-in and can't be removed. I give up ......
I am not "accusing" the "WideVine" plugin of being malware. I'm telling you something calling itself "WideVine" is redirecting his searches. (What is it? Do you work for WideVine???)
If the "WideVine" plugin is "built in", it has become corrupted and needs to be fixed.
Bewerkt door Mugsy op
You started this thread saying :
"A friend of mine accidentally installed something he shouldn't have which installed a plugin in Firefox called "Information Vine". The offending app is gone but the plugin remains. "
There is no such thing as an "Information Vine" plugin .....
"Information Vine" : see these search results .....
I don't know how you (or your friend) came to the conclusion that this is the same thing as Firefox's built-in WideVine plugin.
I haven't been able to find any malicious site that uses the name 'WideVine' - even if there is such a site : it's in no way related to the built-in WideVine plugin you see in Add-ons => Plugins.
I don't know if you are being deliberately combative to protect "WideVine" or just refuse to understand.
My friend installed an app that was redirecting all of his searches to "VineInformation.com".
Disabling the "WideVine" plugin stopped that from happening. That plugin (one of only three installed) was disabled because the word "Vine" suggested the two problems were related.
There is no explanation why disabling a plugin that supposedly is not a threat resolved his issue other than whatever malware still exists, it modified "WideVine" to do its dirty work.
So unless you know of a way to fix this, you aren't helping by continuing to suggest I'm either lying or wrong.
Look it would harm Mozilla far too much to knowingly add in any form of malware in Firefox just for some financial gain.
You may say, well maybe Mozilla does not know about this. Oh they would know and can deal with it fast enough that unless some tech sites around reported on it people may not even know. The public may only know after a security or such concern is reported in being fixed.
Saying VineInformation.com and Widevine are related simply because of Vine in name is not proof at all. If that is proof then you may as well be claiming the Java Plugin from Oracle and JavaScript (was originally going to be called LiveScript) in Firefox are related as some people mistakenly think based on "java".
If your claim was true that the WideVine in Firefox was indeed affected in some way then there would be other threads about it here and at the independent forums.mozillazine.org as any negative things can be a Hot topic for a while.
I never claimed Mozilla did it. Nor did I claim "WideVine" & "VineInformation" are in cahoots. I only pointed out the fact that disabling WV resolves the issue, and it was only because the two share the word "vine" that I disabled it to see if it were the cause. Total coincidence maybe.
I specifically noted that my friend downloaded/installed something that changed his Google.com search results. The offending app was removed but the damage to "WideVine" remains.
It is most likely that whatever did this simply uses "WideVine" to do its dirty work (as I've said at least twice now.)
Whatever the cause, disabling "WideVine" is the only fix, and if WV is necessary, it needs to be fixed.
As for "If your claim was true"... you are suggesting I'm making this up???
Bewerkt door Mugsy op
Mugsy, believe me : nobody here is thinking that you're lying or making things up - if we did, we wouldn't spend so much of our spare time trying to help you find an answer.
We're merely trying to make you see that none of this has anything to do with the built-in WideVine plugin - like I said earlier : the fact that disabling the plugin and the Google search redirects stopping after that : mere coincidence.
I have been trying to find out if maybe some hacker is using the name "WideVine" - to no avail.
Could it be that your friend mentioned "WideVine" when in fact he may be talking about something like, let's say : "Mindspark" ? Or (as I mentioned earlier) "Generation Vine" ?
But as everything seems to be back to normal now and there are nomore redirects : let's just say "problem solved" and keep our fingers crossed that it will stay that way.
I'm a PC tech, so a buddy of mine calls me whenever he has a problem. This is what happened:
He couldn't get "Yahoo Maps" to load for some reason, so he went searching online for "Maps" and found a link to some spurious "map" software. When he installed it, (according to him) it asked if he'd also like to install some other utility (I forget what.) Foolishly (he admits) he clicked on OK.
After he installed the software, the next time he returned to Google, he immediately noticed that when he typed something in the Search box, he did not get the drop-down showing search suggestions as usual (indicating to him something was wrong.) And when he searched for something, instead of the normal Google search results, he got a page that was made to "look" like normal Google search results, except that ALL links were for totally unrelated products, and there was a graphic header across the upper left that read "Vine {icon} Information". Clearly, something was wrong. He uninstalled the new software he had just installed but it didn't fix it, so he called me.
A quick check online, all the "solutions" for "redirection" adware said to look for an errant plugin. When I called back to tell him, he said he had already "fixed it" himself by going into FF "Add-ons", where he saw "WideVine", made the logical assumption that the two were related, disabled it, and indeed everything went back to normal, suggesting he was correct.
He asked me to inspect his computer anyway for fear it was still infected. So I went over and confirmed that the "virus" returned when I reenabled "WideVine" and went away when I disabled it. I witnessed for myself the lack of drop-down, errant search results & graphic header above those search results (the URL on the page containing those search results was not "google" but instead "vineinformation".) This was definitely the result of Malware. Since the "virus" is still present on his system, I can reenable it and provide you with screenshots if necessary.
I thoroughly scanned his computer for viruses/adware/malware and found nothing. Nor could I find a way to remove the offending (or so we assumed) "WideVine" plugin.
Which brought me here.
Saying "Problem solved" isn't an option. If "WideVine" is stock software necessary to perform certain functions, he will not be able to perform those functions. And I don't like leaving malware... even disabled malware... on a client's computer. Telling people to "live with it" doesn't make me look very good. And I need to find a true fix if I ever encounter this again.
Thank you for that elaborate explanation ! I now understand a lot better why you want to remove the WideVine plugin ....... What's happening doesn't make any sense to me - this shouldn't happen at all. It would indeed be great if you could provide the screenshot you mentioned ! I must admit that I don't have a clue what's going on here :( 'Did some more searching about anything 'Vine-related' but couldn't find anything that would shed some light on this mistery.
I'm therefore leaving you in the capable hands of my fellow contributors, who will (hopefully) be able to solve this problem.
I apologize if in any way I gave you the impression earlier that I didn't believe you - I never for a moment doubted that what you were saying is true.
I've asked somebody for help - but we're dealing with different time zones (among other things), so it might take a while ......
Great. I've asked my friend to temporarily reenable the plugin and email me a screenshot.
Can you attach a screenshot that shows this plugin just to be sure?
- https://support.mozilla.org/en-US/kb/how-do-i-create-screenshot-my-problem
- use a compressed image type like PNG or JPG to save the screenshot
Gekozen oplossing
I contacted my friend last night and provided him with instructions on how to reenable the plugin, take a screenshot, and email it back to me.
He called back to say that after reenabling the plugin, the problem did not return and all is now fine. I had spent about an hour on his computer the day before deleting suspicious software and hand-deleting suspicious Registry entries (all Chinese characters), but never rechecked to see if I had fixed his issue. It appears now I had.
I even tried to visit "VineInformation.com" myself from home but the URL no longer exists. Ugh!
I don't like not knowing what happened, but ces't la vie.
Thanks all.
Mugsy said
I even tried to visit "VineInformation.com" myself from home but the URL no longer exists. Ugh!
Try visiting informationvine.com instead (that's what you mentioned in your original post : "Information Vine").
Here's what Scamadviser says about that site :
https://www.scamadviser.com/check-website/informationvine.com
Gack! Yep. I forgot that was the URL. :)