browser hijacker only in firefox
Just update to the most current release of Firefox a few days ago. Have found ads popping up throughout tabs, sites, on all sites visited. This does not occur with any other browsers on the same system, just Firefox. I have tried several removal tools from various companies to no avail. The last one tried was malwarebytes which seemed to clean correctly. I fired up firefox which prompted reports from malwarebytes. It appears that the hijack is within firefox.exe. Is this possible? I have also uninstalled and removed firefox from my system twice. How do I get rid of this damned hijack? If it will not be simple, I am prepared to format/reinstall my entire system as well as go to a different browser permanently if necessary. I added an image of one of the blocked stes but others get through, kicking out more tabs and more firefox browser windows.
Isisombululo esikhethiwe
^: your data shows a weird Update Channel: release-cck-mozilla50
Did you install Firefox from the Mozilla server?
Do a clean reinstall and delete the Firefox program folder before (re)installing a fresh copy of the current Firefox release.
- Download the Firefox installer and save the file to the desktop
https://www.mozilla.org/en-US/firefox/all/
If possible uninstall your current Firefox version to cleanup the Windows registry and settings in security software.
- Do NOT remove "personal data" when you uninstall your current Firefox version, because this will remove all profile folders and you lose personal data like bookmarks and passwords including data in profiles created by other Firefox versions.
Remove the Firefox program folder before installing that newly downloaded copy of the Firefox installer.
- (32 bit Windows) "C:\Program Files\Mozilla Firefox\"
- (64 bit Windows) "C:\Program Files (x86)\Mozilla Firefox\"
- It is important to delete the Firefox program folder to remove all the files and make sure that there are no problems with files that were leftover after uninstalling.
- http://kb.mozillazine.org/Uninstalling_Firefox
Your personal data like bookmarks is stored in the Firefox profile folder, so you won't lose personal data when you uninstall and (re)install or update Firefox, but make sure NOT to remove personal data when you uninstall Firefox as that will remove all Firefox profile folders and you lose your personal data.
If you keep having problems then create a new profile.
Funda le mpendulo ngokuhambisana nalesi sihloko 👍 1
All Replies (7)
hello, could you go to the firefox menu ≡ > help ? > troubleshooting information, copy the contents of that page and paste them here into a reply on the forum? this might give us a clue what is going on...
Troubleshooting Information This page contains technical information that might be useful when you're trying to solve a problem. If you are looking for answers to common questions about Firefox, check out our support website. Application Basics Name Firefox Version 41.0.2 Build ID 20151014143721 Update History Update Channel release-cck-mozilla50 User Agent Mozilla/5.0 (Windows NT 6.1; WOW64; rv:41.0) Gecko/20100101 Firefox/41.0 Profile Folder Enabled Plugins about:plugins Build Configuration about:buildconfig Memory Use about:memory Registered Service Workers about:serviceworkers Multiprocess Windows 0/1 (default: false) Crash Reports for the Last 3 Days Report ID Submitted
All Crash Reports Extensions Name Version Enabled ID Graphics Adapter Description NVIDIA GeForce GTX 260 Adapter Drivers nvd3dumx,nvwgf2umx,nvwgf2umx nvd3dum,nvwgf2um,nvwgf2um Adapter RAM 896 Asynchronous Pan/Zoom none Device ID 0x05e2 Direct2D Enabled true DirectWrite Enabled true (6.2.9200.17461) Driver Date 2-3-2015 Driver Version 9.18.13.4144 GPU #2 Active false GPU Accelerated Windows 1/1 Direct3D 11 (OMTC) Subsys ID 00000000 Supports Hardware H264 Decoding true Vendor ID 0x10de WebGL Renderer Google Inc. -- ANGLE (NVIDIA GeForce GTX 260 Direct3D11 vs_4_0 ps_4_0) windowLayerManagerRemote true AzureCanvasBackend direct2d 1.1 AzureContentBackend direct2d 1.1 AzureFallbackCanvasBackend cairo AzureSkiaAccelerated 0 Important Modified Preferences Name Value accessibility.blockautorefresh true accessibility.browsewithcaret true accessibility.typeaheadfind true accessibility.typeaheadfind.flashBar 0 browser.cache.disk.capacity 358400 browser.cache.disk.filesystem_reported 1 browser.cache.disk.hashstats_reported 1 browser.cache.disk.smart_size_cached_value 358400 browser.cache.disk.smart_size.first_run false browser.cache.disk.smart_size.use_old_max false browser.cache.frecency_experiment 2 browser.download.importedFromSqlite true browser.download.manager.alertOnEXEOpen true browser.places.smartBookmarksVersion 7 browser.search.suggest.enabled false browser.search.update false browser.search.useDBForOrder true browser.sessionstore.upgradeBackup.latestBuildID 20151014143721 browser.startup.homepage about:home browser.startup.homepage_override.buildID 20151014143721 browser.startup.homepage_override.mstone 41.0.2 dom.apps.reset-permissions true dom.mozApps.used true extensions.lastAppVersion 41.0.2 gfx.direct3d.last_used_feature_level_idx 1 gfx.driver-init.appVersion 41.0.2 gfx.driver-init.deviceID 0x05e2 gfx.driver-init.driverVersion 9.18.13.4144 gfx.driver-init.feature-d2d true gfx.driver-init.feature-d3d11 true gfx.driver-init.status 2 media.gmp-eme-adobe.lastUpdate 1444087184 media.gmp-eme-adobe.version 13 media.gmp-gmpopenh264.lastUpdate 1438376166 media.gmp-gmpopenh264.version 1.4 media.gmp-manager.buildID 20151014143721 media.gmp-manager.lastCheck 1445634756 media.hardware-video-decoding.failed false network.cookie.prefsMigrated true network.predictor.cleaned-up true places.database.lastMaintenance 1445126356 places.history.expiration.transient_current_max_pages 104858 plugin.disable_full_page_plugin_for_types application/pdf plugin.importedState true privacy.donottrackheader.enabled true privacy.sanitize.migrateFx3Prefs true security.disable_button.openCertManager false security.disable_button.openDeviceManager false security.warn_viewing_mixed false storage.vacuum.last.index 1 storage.vacuum.last.places.sqlite 1443740374 Important Locked Preferences Name Value JavaScript Incremental GC true Accessibility Activated false Prevent Accessibility 0 Library Versions Expected minimum version Version in use NSPR 4.10.8 4.10.8 NSS 3.19.2 Basic ECC 3.19.2 Basic ECC NSSSMIME 3.19.2 Basic ECC 3.19.2 Basic ECC NSSSSL 3.19.2 Basic ECC 3.19.2 Basic ECC NSSUTIL 3.19.2 3.19.2 Experimental Features
Here is the raw data as well :
{
"application": { "name": "Firefox", "version": "41.0.2", "buildID": "20151014143721", "userAgent": "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:41.0) Gecko/20100101 Firefox/41.0", "updateChannel": "release-cck-mozilla50", "supportURL": "https://support.mozilla.org/1/firefox/41.0.2/WINNT/en-US/", "numTotalWindows": 1, "numRemoteWindows": 0, "remoteAutoStart": false }, "modifiedPreferences": { "accessibility.typeaheadfind.flashBar": 0, "accessibility.browsewithcaret": true, "accessibility.typeaheadfind": true, "accessibility.blockautorefresh": true, "browser.cache.disk.smart_size.first_run": false, "browser.cache.disk.smart_size.use_old_max": false, "browser.cache.disk.capacity": 358400, "browser.cache.disk.hashstats_reported": 1, "browser.cache.disk.filesystem_reported": 1, "browser.cache.disk.smart_size_cached_value": 358400, "browser.cache.frecency_experiment": 2, "browser.download.importedFromSqlite": true, "browser.download.manager.alertOnEXEOpen": true, "browser.places.smartBookmarksVersion": 7, "browser.search.suggest.enabled": false, "browser.search.update": false, "browser.search.useDBForOrder": true, "browser.sessionstore.upgradeBackup.latestBuildID": "20151014143721", "browser.startup.homepage_override.mstone": "41.0.2", "browser.startup.homepage": "about:home", "browser.startup.homepage_override.buildID": "20151014143721", "dom.apps.reset-permissions": true, "dom.mozApps.used": true, "extensions.lastAppVersion": "41.0.2", "gfx.direct3d.last_used_feature_level_idx": 1, "gfx.driver-init.feature-d3d11": true, "gfx.driver-init.driverVersion": "9.18.13.4144", "gfx.driver-init.status": 2, "gfx.driver-init.deviceID": "0x05e2", "gfx.driver-init.appVersion": "41.0.2", "gfx.driver-init.feature-d2d": true, "media.gmp-eme-adobe.lastUpdate": 1444087184, "media.gmp-manager.buildID": "20151014143721", "media.gmp-gmpopenh264.lastUpdate": 1438376166, "media.gmp-gmpopenh264.version": "1.4", "media.hardware-video-decoding.failed": false, "media.gmp-eme-adobe.version": "13", "media.gmp-manager.lastCheck": 1445634756, "network.cookie.prefsMigrated": true, "network.predictor.cleaned-up": true, "places.history.expiration.transient_current_max_pages": 104858, "places.database.lastMaintenance": 1445126356, "plugin.importedState": true, "plugin.disable_full_page_plugin_for_types": "application/pdf", "privacy.sanitize.migrateFx3Prefs": true, "privacy.donottrackheader.enabled": true, "security.warn_viewing_mixed": false, "security.disable_button.openDeviceManager": false, "security.disable_button.openCertManager": false, "storage.vacuum.last.index": 1, "storage.vacuum.last.places.sqlite": 1443740374 }, "lockedPreferences": {}, "graphics": { "numTotalWindows": 1, "numAcceleratedWindows": 1, "windowLayerManagerType": "Direct3D 11", "windowLayerManagerRemote": true, "supportsHardwareH264": true, "adapterDescription": "NVIDIA GeForce GTX 260", "adapterVendorID": "0x10de", "adapterDeviceID": "0x05e2", "adapterSubsysID": "00000000", "adapterRAM": "896", "adapterDrivers": "nvd3dumx,nvwgf2umx,nvwgf2umx nvd3dum,nvwgf2um,nvwgf2um", "driverVersion": "9.18.13.4144", "driverDate": "2-3-2015", "adapterDescription2": "", "adapterVendorID2": "", "adapterDeviceID2": "", "adapterSubsysID2": "", "adapterRAM2": "", "adapterDrivers2": "", "driverVersion2": "", "driverDate2": "", "isGPU2Active": false, "direct2DEnabled": true, "directWriteEnabled": true, "directWriteVersion": "6.2.9200.17461", "webglRenderer": "Google Inc. -- ANGLE (NVIDIA GeForce GTX 260 Direct3D11 vs_4_0 ps_4_0)", "info": { "AzureCanvasBackend": "direct2d 1.1", "AzureSkiaAccelerated": 0, "AzureFallbackCanvasBackend": "cairo", "AzureContentBackend": "direct2d 1.1" } }, "javaScript": { "incrementalGCEnabled": true }, "accessibility": { "isActive": false, "forceDisabled": 0 }, "libraryVersions": { "NSPR": { "minVersion": "4.10.8", "version": "4.10.8" }, "NSS": { "minVersion": "3.19.2 Basic ECC", "version": "3.19.2 Basic ECC" }, "NSSUTIL": { "minVersion": "3.19.2", "version": "3.19.2" }, "NSSSSL": { "minVersion": "3.19.2 Basic ECC", "version": "3.19.2 Basic ECC" }, "NSSSMIME": { "minVersion": "3.19.2 Basic ECC", "version": "3.19.2 Basic ECC" } }, "userJS": { "exists": false }, "crashes": { "submitted": [], "pending": 0 }, "extensions": [], "experiments": []
}
I notice that you have enabled two accessibility settings:
- "accessibility.browsewithcaret": true,
- "accessibility.blockautorefresh": true,
Do a malware check with several malware scanning programs on the Windows computer.
Please scan with all programs because each program detects different malware. All these programs have free versions.
Make sure that you update each program to get the latest version of their databases before doing a scan.
- Malwarebytes' Anti-Malware:
http://www.malwarebytes.org/mbam.php - AdwCleaner:
http://www.bleepingcomputer.com/download/adwcleaner/
http://www.softpedia.com/get/Antivirus/Removal-Tools/AdwCleaner.shtml - SuperAntispyware:
http://www.superantispyware.com/ - Microsoft Safety Scanner:
http://www.microsoft.com/security/scanner/en-us/default.aspx - Windows Defender:
http://windows.microsoft.com/en-us/windows/using-defender - Spybot Search & Destroy:
http://www.safer-networking.org/en/index.html - Kasperky Free Security Scan:
http://www.kaspersky.com/security-scan
You can also do a check for a rootkit infection with TDSSKiller.
- Anti-rootkit utility TDSSKiller:
http://support.kaspersky.com/5350?el=88446
See also:
- "Spyware on Windows": http://kb.mozillazine.org/Popups_not_blocked
thank you, that looks very clean. could you open windows explorer and navigate go to your firefox installation folder which is usually located at C:\Program Files (x86)\Mozilla Firefox. then, in the explorer search filed on the top right, enter "*.js" and see if there are any results showing up (except channel-prefs.js which is a legitimate firefox file). if so, please right-click to edit them to see what the file's contents are. if it does look something like the following, please take note of the filename and delete the .js file afterwards:
pref("general.config.filename", "cfg");
then go back to the firefox installation folder and look for the filename you've remembered in the step before. if you find the file please open it as well and paste its content here into a reply in the forum.
thanks!
Isisombululo Esikhethiwe
^: your data shows a weird Update Channel: release-cck-mozilla50
Did you install Firefox from the Mozilla server?
Do a clean reinstall and delete the Firefox program folder before (re)installing a fresh copy of the current Firefox release.
- Download the Firefox installer and save the file to the desktop
https://www.mozilla.org/en-US/firefox/all/
If possible uninstall your current Firefox version to cleanup the Windows registry and settings in security software.
- Do NOT remove "personal data" when you uninstall your current Firefox version, because this will remove all profile folders and you lose personal data like bookmarks and passwords including data in profiles created by other Firefox versions.
Remove the Firefox program folder before installing that newly downloaded copy of the Firefox installer.
- (32 bit Windows) "C:\Program Files\Mozilla Firefox\"
- (64 bit Windows) "C:\Program Files (x86)\Mozilla Firefox\"
- It is important to delete the Firefox program folder to remove all the files and make sure that there are no problems with files that were leftover after uninstalling.
- http://kb.mozillazine.org/Uninstalling_Firefox
Your personal data like bookmarks is stored in the Firefox profile folder, so you won't lose personal data when you uninstall and (re)install or update Firefox, but make sure NOT to remove personal data when you uninstall Firefox as that will remove all Firefox profile folders and you lose your personal data.
If you keep having problems then create a new profile.
Okulungisiwe
Answering your question, an update was offered through notification within the last week and I presumed if was from the Mozilla server, after I uninstalled, the last software I acquired directly from the Mozilla server. I think it must have been the offered update but in honesty, it appeared as all previous updates do within the browser which then requires a restart to complete, nothing seemed out of the ordinary until the hijacking started to occur. I thank you for the assist and am more than happy that I can once again use Firefox. BTW, I have used most of the browsers out there but this was always my go to, Thank you!