I get spam malware messages on one profile only and not the others
A few days ago I started getting full page spam messages when looking at threads in one forum only. I have to keep backing out or closing out of Firefox. Initially FF blocked them, but not anymore. Norton never blocked them.
These messages only come up when using one FF profile, not another. They also do not show up when using a Chromebook, so I presume the problem is on my end.
I have cleared all cookies & cache and did a complete scan with Norton, Malwarebytes, & AdwCleaner. Even restored Windows 7 back to an earlier time. But none of this helped.
They are full page messages & say they're from AT&T, Walmart, or Visa. However the addresses all start out with: happy.luckyparkclub.com/………..
Sometimes the messages appears right away & sometimes it takes a few minutes.
I cleared FF cookies, went back to the forum, & then looked at the cookies again. I noticed that happy.luckyparkclub.com and dbmtrk.xyz both appeared in the cookies list at the same time, 23 seconds. The forum cookie was time stamped at 22 seconds.
If I look at the forum using a different FF profile there is no problem & neither of these 2 cookies are there.
If I open a New Private Window in the problem profile then I don't get the messages either, at least not yet.
What does the Private Window NOT access that the regular window does?
Which profile folder or file could be causing the problem?
Thanks for any suggestions.
All Replies (18)
Okay, let's try this;
On the system/profile with the problem:
Type about:support in the address bar and press Enter. Under the main banner, press the button; Copy Text To Clipboard.. Now in the Reply Box on the forum page, do a right-click in the box and select Paste.
This will show us your system details. No Personal Information Is Collected.
Many site issues can be caused by corrupt cookies or cache.
Warning ! ! This will log you out of sites you're logged in to. You may also lose any settings for that website.
- How to clear the Firefox cache {web link}
If there is still a problem, Start Firefox in Safe Mode {web link} by holding down the <Shift> (Mac=Options) key, and then starting Firefox.
A small dialog should appear. Click Start In Safe Mode (not Refresh). Did this help?
While you are in safe mode;
Try disabling graphics hardware acceleration in Firefox. Since this feature was added to Firefox it has gradually improved but there are still a few glitches.
How to disable Hardware Acceleration {web link}
I was sent this link; Showing results for happy lucky park club
I cleared the cookies & cache & started in Safe Mode but it made no difference. Neither did disabling graphics hardware acceleration.
The link mentions looking for unfamiliar programs & processes. There are folders & files with non-descript names, such as the ones with 20-30 characters, but I have no idea what these are for. There is nothing unfamiliar in Control Panel > Installed Programs, and I have not installed any new software in a long time.
The links want me to install SpyHunter, but I’m reluctant to install anything at this point. Plus I’ve already done complete scans with 3 other programs.
I searched the registry for “Happy Lucky Park Club” and also each word separately. “Happy” & “park” showed up but they were related to programs I know about.
I'll take a look at the about: support and paste it here.
Do you have any extensions installed in this profile ?
Did you check the connection settings ?
cor-el said
Do you have any extensions installed in this profile ? Did you check the connection settings ?
I have 4 add-ons, but they were disabled & did not appear on the upper toolbar when I started FF in Safe Mode.
Which connection settings should I be checking?
FredMcD said
Okay, let's try this; On the system/profile with the problem: Type about:support in the address bar and press Enter. Under the main banner, press the button; Copy Text To Clipboard.. Now in the Reply Box on the forum page, do a right-click in the box and select Paste. This will show us your system details. No Personal Information Is Collected.
I copied the about:support to my word processor & it has 15 pages of information. There is info about video, audio, & a big section just filled with characters. Do you want all of this or just certain sections?
You can check the connection settings here:
- Options/Preferences -> General -> Network: Connection -> Settings
If you do not need to use a proxy to connect to internet then try to select "No Proxy" if "Use the system proxy settings" or one of the others do not work properly.
See "Firefox connection settings":
The setting was set for "Use system proxy settings". But it's the same for the profile that works.
I changed the problematic profile to "No proxy" but it made no difference. I still got the spam messages. Again, it's just one specific forum that has a problem when using my main profile. Everything else seems to work normally including other forums I visit.
When the problem first started a few days ago, Firefox would display a Red screen with a warning & it blocked the spam message. But after about 2 days Firefox no longer displayed the Red warning screen, and what I got was the spam screen. I have no idea why this changed, but apparently something triggered FF in the early stages.
There are quite a few folders & files in the Profile folder. Is there any particular one(s) that might be causing the problem? If so, I could swap in the matching ones from the good profile & see if that makes a difference. Or temporarily rename some folders or files & see if they're recreated with new ones that work. I might end up with some missing data or information, but that would at least narrow down where the problem is.
Any thoughts about doing this?
I'm still looking at all the links to get rid of this spam.
Just thinking I should post the full address that's shows up in the FF address bar. Maybe something in it will help figure out the problem.
http://happy.luckyparkclub.com/bonus/com-us-cc-s10-iph11-cdn/lp1.php?c=4fz6swxaz4vz0&k=0ada4d0e0e1b1b9ac8b35501cbfb2253&country_code=US&carrier=AT&T&country_name=United%20States®ion=Illinois&city=Glenwood&isp=AT&T%20Services,%20Inc.&lang=en&os=Windows%207&osv=&browser=Firefox&browserv=69&brand=Desktop&model=Desktop&marketing_name=Desktop&tablet=4&rheight=768&rwidth=768
The first part between "bonus" and "country_code" is different depending on which spam message is displayed.
Chris Ilias moo ko soppali ci
Mike109 said
I copied the about:support to my word processor
Open a text/word program and load the file. Left-click once. Now <Control> A to highlight everything, then <Control> C to copy it.
Next, have your web browser go to; https://pastebin.com/
Paste <Control> P the content of the file in the window. Note: On the bottom, fill out the boxes as best you can.
Now press Create A New Paste. The page will reload. Copy the new web address, and post it here.
FredMcD said
Mike109 saidI copied the about:support to my word processorOpen a text/word program and load the file. Left-click once. Now <Control> A to highlight everything, then <Control> C to copy it.
Next, have your web browser go to; https://pastebin.com/
Paste <Control> P the content of the file in the window. Note: On the bottom, fill out the boxes as best you can.
Now press Create A New Paste. The page will reload. Copy the new web address, and post it here.
Any luck finding a problem in the data?
I didn't see anything, but called for more help
As mentioned sometimes it takes a few minutes of reading the threads before the spam message appears. It's possible it might show up when using the second FF profile or Private Window if I looked at the forum threads for an even longer period of time. Anything's possible.
OTOH no one else on the forum has mentioned a problem.
I did edit the Hosts file using 127.0.0.1. It did block the spam message but gave me a full page error message instead. IOW nothing gained.
A few messages above, cor-el posted a link & it appears quite a few people are having the same issue.
The first day or two that a I had the problem Firefox blocked the spam message. But then it stopped blocking it. It must have initially detected something, if that means anything. Since the whole forum webpage is replaced with a full page spam message along with a different address, would this be considered a redirect vs. a popup?
try clearing your all history and remove cache and all data , after that you wont get any pop ups or spam messages IM experince