How am I supposed to get help with a browser hijacker when I cannot contact no one and every single option in the knowlege base concerning this doesn't work?
I have some spyware on my system that neither my malaware bytes, comodo antivirus, spybot search and destroy, and a few others I've tried, can detect. The piece of spyware is a browser hijacker that keeps hijacking my firefox homepage and nothing I can do will get rid of it.
the problem only happens in firefox and no other browser is affected. basically my homepage gets changed to the following:
http://www.ggle.org.uk/index.php?hp=1&OVKWID=firefox
Yes there are numerous options about this in the support section but none of them work. I have tried everything and I do mean everything and each time I restart firefox the bloody thing comes back. I've reset the pc - works until you close down the browser and restart it. I've gone into my profiles, i.e. user/AppData/Mozilla/firefox and deleted the .js files, parent.lock files - comes back on firefox restart. I've searched the registry the best I can. I have even put an entry into the Hosts file in syst32 and that has afforded me partial success in that I now get a 404 instead of the pesky and irritating jaamla search page. I have even gone into the About:config settings and wiped the url but no matter what I do it always comes back on restart and it's only with firefox.
This is something that firefox needs to look into and not assume that just because there are a few answers in the support section that they all work, because all of the options appear to work until firefox is restarted.
It even comes back after a complete uninstall and wipe - I am at a loss at what to do and where to go next. Please help!
تمام جوابات (8)
hello, you could try to run a scan of your system with adwcleaner which is a tool specialised on browser hijackers.
Since you have Advanced SystemCare, I want to make sure that its settings rollback features is not the source of the torture. I see you have disabled the Surfing Protection extension, but can you also confirm that within the external Advanced SystemCare software itself, you have turned off Surfing Protection?
Next, based on an earlier thread (home page can't be changed always is automatically setting back to : http://www.ggle.org.uk/index.php?hp=1&OVKWID=firefox How to fix this problem?), I just want to confirm that you cleanly removed Firefox's program folder when you uninstalled/reinstalled because in that thread, the culprit was in the program folder.
Here's what I suggest at this point:
(1) If needed, download a fresh installer for Firefox 30 from https://www.mozilla.org/firefox/all/ to a convenient location. (Scroll down to your preferred language.)
(2) Exit out of Firefox.
(3) Rename the folder
C:\Program Files (x86)\Mozilla Firefox
to
C:\Program Files (x86)\OldFirefox
(4) Run the installer you downloaded in #1. It should automatically connect to your existing settings.
Can you reset your home page and have it stick?
Note: Some plugins may exist only in that OldFirefox folder. If something essential is missing, look in these folders:
- C:\Program Files (x86)\OldFirefox\Plugins
- C:\Program Files (x86)\OldFirefox\browser\plugins
A simple thing to try - disable your Ads Removal 1.0.0 extension shown in your System Details. I don't know it but it doesn't look too good on Google.
Run most or all of the listed malware scanners. Each works differently. If one program misses something, another may pick it up.
Sometimes a problem with Firefox may be a result of malware installed on your computer, that you may not be aware of.
You can try these free programs to scan for malware, which work with your existing antivirus software:
- Microsoft Safety Scanner
- MalwareBytes' Anti-Malware
- TDSSKiller - AntiRootkit Utility
- Hitman Pro
- ESET Online Scanner
Microsoft Security Essentials is a good permanent antivirus for Windows 7/Vista/XP if you don't already have one.
Further information can be found in the Troubleshoot Firefox issues caused by malware article.
Did this fix your problems? Please report back to us!
Hi philipp
Already done it and it doesn't detect anything I'm afraid. Sorry.
Hi jscher2000
Thanks for your time and your suggestions. Well spotted...I did actually disable that myself as I only downloaded the Advanced System Care utility as a result of this problem driving me to the point of despair, and I didn't really want another utility starting up and using system resources as I didn't plan on keeping it, especially since it didn't detect anything.
Yes I did turn on browser guard, and it didn't even detect that my browser homepage was hijacked from 127.0.0.1/index.html (which is what I manually set it to) to that pesky Jaamla search page.
Anyway, just to let you know that I have already done the stuff you have suggested and I actually went as so far as to just delete the folder completely. I made sure I had all my bookmarks backed up, which is the only thing I wanted to keep and I deleted the whole profile before destroying any remaining folders both in program and in profile folders.
This is definitely a firefox issue regardless of the original cause of infection. The fact that firefox is defenseless against this hijacker is worrying to say the least. Even more worrying is the fact that NO Security tool that I have tried so far is able to even detect it. Whatever 'it' is.
I have Malware Bytes premium , spybot search and destroy, Spyware blaster, Comodo Antivirus these are my default programs.
Additional programs I have tried include:
Hijack This Malaware Bytes Anti Exploit (may keep this one) TDSS Killer IOBit Malaware fighter Advanced System Care AVG (Bad Move) Will continue to look for programs...but no luck so far!
I think the next step is to use Windows 7's auditing feature to figure out what processes are touching the file other than firefox.exe.
This is somewhat arduous to set up, but here's what I did. I have Win 7 Pro and I don't know whether this works on other versions.
(1) Open the Event Viewer to the Security log
Start menu > Control Panel > System and Security category > Administrative Tools
This should launch a folder of shortcuts. Double-click Event Viewer. If Windows objects, you may need to right-click> Run as Administrator.
In the left pane of the Event Viewer, click Security.
(2) Enable object auditing
In the Administrative Tools folder, double-click Local Security Policy (or right-click > Run as Administrator).
In the left pane, expand Local Policies and click Audit Policy.
In the right pane, double-click Audit object access and turn on both success and failure and OK the change. (screen shot attached)
(3) Enable auditing on prefs.js
Right-click your prefs.js file > Properties, click the Security tab, then the Advanced button. In the Advanced Security Settings dialog, click the Audit tab, then the Continue button. (screen shot attached)
Click the Add button and type Everyone, then click Check Names. After you click OK, you should get a dialog with numerous checkboxes. Clicking the Full Control box for each column should select everything. Then OK that. (screen shot attached)
(4) Test
Change a preference in Firefox that updates prefs.js (for example, you can change your home page). Then when you switch over to the Event Viewer, you can click Refresh on the right side (or choose a different category such as Application and then Security again to refresh the list), and you should find a listing in the File System task category for "a handle to the object was requested" for prefs.js, showing firefox.exe to be the active process. (screen shot attached)
(5) Assuming the test works, exit Firefox and watch for any other process touching the file.
When you're through, you probably want to turn this all off again, since it does use cycles in the background.
Hi jscher2000
Thank you for your input which is very much appreciated. I will try that this weekend and get back to you. Sadly, I don't have the time I would like to sit down and do it this evening...I think it's probably better to wait for the weekend when I don't have to worry about time constraints or being disturbed.
I'll keep you posted.