Firefox Hijacked?
Devon Sedlydins
but my browser apparently keeps getting hijacked by some sort of
adware/malware. A new window keeps popping up, sending me to some
pages such as "2quickfind", "yellowpages", or just sites with numbers
such as "85.12.43.70" or "38.103.37.243". None of these numbered pages
actually loads, just the attempt is made. I assume something nefarious
is happening in the meanwhile. It even happens before Firefox has been
opened by me, automatically starting the program, that is. I renamed
the firefox.exe application, and am using IE right now, and it has
stopped happening for the moment.
Anyway, has anyone else seen such a phenomenon, and are there any
remedies?
DS
Big_Al
you might want to check your C:\WINDOWS\system32\drivers\etc\hosts file.
Other than comments, it should have just one line 127.0.0.1 .......
(normally).
Fox on the run
Does this happen in safe mode, or under a new profile? Wondering if
an add-on might be responsible. There was a recent post where the
person asked about Mozilla's position on putting ads in add-ons. Does
it happen in another browser suggesting that it's something outside of
your browser that is doing this.
JB
Devon Sedlydins
1. There was a huge hosts file, apparently created by Spybot Search &
Destroy. I deleted it and made a new one with the single line entry.
2. Haven't tried safe mode, but if IE is running, Firefox came up
separately, trying to reach the unwanted pages. Am running Opera now,
with no problems, but no problems since I renamed firefox.exe anywa.
DS
Terry R.
pounded out on the keyboard:
> On 04.12.2008 19:33, CET - what odd quirk of fate caused Devon
> Sedlydins to generate the following:? :
>> I am running AVG anti-virus software, which cannot find any problems,
>> but my browser apparently keeps getting hijacked by some sort of
>> adware/malware. A new window keeps popping up, sending me to some
>> pages such as "2quickfind", "yellowpages", or just sites with numbers
>> such as
>
>> "85.12.43.70"
> look here: http://www.coolwhois.com/d/85.12.43.70
>> or "38.103.37.243".
> look here: http://www.coolwhois.com/d/38.103.37.243
>
>> None of these numbered pages
>> actually loads, just the attempt is made. I assume something nefarious
>> is happening in the meanwhile. It even happens before Firefox has been
>> opened by me, automatically starting the program, that is. I renamed
>> the firefox.exe application, and am using IE right now, and it has
>> stopped happening for the moment.
>>
>> Anyway, has anyone else seen such a phenomenon, and are there any
>> remedies?
>>
>> DS
>>
>
> this wouldn't be an AV problem but rather a Firewall one. The IPs you
> are getting are probably Malware or Adware - and not viruses or trojans
> (you get those via eMail attachments)
>
> Run BOTH AdAware and SpyBot - they will put obtrusive IPs into the HOSTS
> file so that they can't be contacted via FF, but to STOP them getting
> onto your system, you will have to edit the IPs in your Firewall manager
>
> reg
Actually AdAware has fallen of the recommended list (don't know what
that list IS exactly, but I hardly see it recommended by anyone). Now
it's Malwarebytes:
http://www.malwarebytes.org/
That and SB do an excellent job of removing almost anything.
--
Terry R.
Anti-spam measures are included in my email address.
Delete NOSPAM from the email address after clicking Reply.
Terry R.
> On Dec 4, 2:17 pm, Fox on the run <jjrbouc...@gmail.com> wrote:
Hi Devon,
The entries by Spybot isn't a bad thing. It's blocking certain sites by
those entries. But you can have SB enter them any time by Immunizing.
John Doue
Regarding Adaware, may be it's because it has a *huge* memory leak. I
will have to try Malwarebytes.
--
John Doue
EE
It sounds as if you have malware installed. Have you tried scanning
with Superantispyware? It is very thorough. If you did a full scan
with that, it might find something.
EE
cookie exceptions, popup exceptions, image settings, and permission to
install add-ons. This makes it very difficult to read your own settings
in those areas because you have to wade through hundreds of "block"
entries. It also makes it take a long time for Firefox to even list
those settings. I found that so frustrating that I restored the
permissions file from a backup and unchecked all 4 Firefox immunization
settings in Spybot.
I default to blocking cookies and blocking popups, the permission to
install add-ons was left as the default, and I am not too concerned
about images, since I have Proxomitron to block the ads and other
annoyances.
Terry R.
on the keyboard:
While there is always an exception to a suggestion, for most people,
they are better off using SB and Immunize than doing nothing at all.
For those that have their own hosts entries and other blocking add-ons,
it probably isn't necessary.
NightStalker
Terry...@NOSPAMgmail.com says...
> > I default to blocking cookies and blocking popups, the permission to
> > install add-ons was left as the default, and I am not too concerned
> > about images, since I have Proxomitron to block the ads and other
> > annoyances.
>
> While there is always an exception to a suggestion, for most people,
> they are better off using SB and Immunize than doing nothing at all.
> For those that have their own hosts entries and other blocking add-ons,
> it probably isn't necessary.
>
>
>
Good grief - somebody still using Proxomitron? Sheesh - I gave that
away years ago. I guess if it still works though... I just found that
Firefox, with Adblock Plus just doesn't need it.
Also, the best Hosts file is the one from:
http://www.mvps.org/winhelp2002/hosts.htm
It gets updated regularly, and you simply download it and copy it into
the appropriate folder - for WinXP that is C:\Windows\system32\Drivers
\etc\
Any customized entries added by yourself can be placed right at the top
of the file, which makes it easy to copy and paste in a text editor into
the new hosts file each time you update it. I tend to update mine every
few months - I don't see much point in doing it every update.
And I haven't had any malware or unwanted popups with that combination
for years (fingers tightly crossed...)
--
NightStalker
Brian Kochera
writings:
automated scans with Zone Alarm. If my system acts hinkey, I then run
Spybot. I have had no conflicts with either, nor any false positives.
--
________
Brian M. Kochera
mailto:bria...@earthlink.net
eman ruoy
of these replies I must say that I am shocked that an open source web
browser would allow any malware/spyware to invade. Is it the fault of
the underlying operating system or the Firefox development team or even
the nut between the keyboard and the monitor that refuses to update the
system? I have been using Firefox in Ubuntu-Linux since October 2005 and
have not had nor will not have any of the problems mentioned here. This
is simply because viruses and malware cannot execute or run themselves
within a Linux OS. So tell me people, is it time that the Firefox team
developed a lightweight Linux OS/browser Virtual Machine to run in the
windows environment? If they already have done this then well... never mind
Ron Hunter
install itself, then it CAN do things you don't want it to do. If you
allow a program to install, and run, then it CAN act in ways you didn't
expect, or intend. Those who don't understand this are subjecting
themselves to risks they don't expect.
--
Ron Hunter rphu...@charter.net
goodwin
>
> I beg to interrupt here - I have yet to find (let alone *see*) such a
> Linux version.
> "User friendly" ?? huh!
>
look at linux mint.
f/u not needed
Ron Hunter
> On Sat, 06 Dec 2008 12:42:04 -0500, Brian Kochera <bria...@earthlink.net>
> wrote:
>
>>> Also, the best Hosts file is the one from:
>>>
>>> http://www.mvps.org/winhelp2002/hosts.htm
>>>
>>> It gets updated regularly, and you simply download it and copy it into
>>> the appropriate folder - for WinXP that is C:\Windows\system32\Drivers
>>> \etc\
>
> cornered. You still may need to scan the file for errors or links that you
> DON'T want blocked. I went round & round with a website that I had a link to
> from my web site suddenly went offline. It was the HOSTS file single line entry
> screwing things up.
>
> Anyone can add to that hosts file. Not all [if any] of the links are actually
> verified as anything more than an annoyance to one person.
>
> IOW: if you run a web site, it could disappear in an instant with no answer to
> why.
Attempts to change my hosts file are monitored by my firewall/spyware
program. I don't think there is anything there at the moment.
Just checked. Nothing in there.
--
Ron Hunter rphu...@charter.net
EE
of entries into the permissions in addition to that is beyond me. It
seems like overkill to me.
Terry R.
kee...@yahoo.com.invalid pounded out on the keyboard:
> On Sat, 06 Dec 2008 12:42:04 -0500, Brian Kochera <bria...@earthlink.net>
> wrote:
>
>>> Also, the best Hosts file is the one from:
>>>
>>> http://www.mvps.org/winhelp2002/hosts.htm
>>>
>>> It gets updated regularly, and you simply download it and copy it into
>>> the appropriate folder - for WinXP that is C:\Windows\system32\Drivers
>>> \etc\
>
> Although I agree to some degree, since it probably has the hosts file monopoly
> cornered. You still may need to scan the file for errors or links that you
> DON'T want blocked. I went round & round with a website that I had a link to
> from my web site suddenly went offline. It was the HOSTS file single line entry
> screwing things up.
>
> Anyone can add to that hosts file. Not all [if any] of the links are actually
> verified as anything more than an annoyance to one person.
>
Set it to RO.
