Your best bet would be a forum specializing in malware removal. For some suggestions, see: http://kb.mozillazine.org/Standard_diagnostic_-_Firefox#Check_for_malware

I was infected by the VideoCop bug, and it took me long time to figure out how to get rid of it. I’m really impressed by the ingenuity of its developers. It’s unlike any Malware I’ve ever dealt with before.

First off, let me go over the symptoms. You will frequently see advertisements for VideoCop on legitimate, well respected web sites that would never allow malicious web sites to advertise on their web pages. Mostly these ads show up on Google ad space.Firefox frequently hangs as it’s trying to contact Google analytics.

After doing a Google search, and clicking on a result, you will be taken you to an unrelated, malicious web site, but if you “back arrow” to the results and click the link again, you will go to the correct web site.

The root of the problem is not on your computer, it’s on your router. Somehow, and I’m not quite sure how, the DNS entries on your router have been changed. I have a Linksys WRT54G v6.0 with the latest firmware, and the default password was changed the day I turned it on. My Wi-Fi security is enabled, even with MAC filtering. For the record, the DNS servers were 213.109.68.7, 213.109.73.245, 1.1.1.1.

I can only think of two ways this happened. Most likely, the Malware used my router’s password that was cached in my browser, or there is a vulnerability in the router that is being exploited. If the VideoCop hackers are using a vulnerability, there’s nothing we can do to prevent this from happening again except wait for Linksys to release a new firmware that fixes the vulnerability. But if it’s using a cached password, the solution is to never cache your router’s password.

To resolve this problem, first log into your router and change your password, and log back in with the new password. If IE or Firefox asks you if it should remember your password say “No”. Now clear the DNS servers (all 3) by putting 0’s in the boxes. 0.0.0.0 will tell your router to use your IPS’s DNS settings which are obtained as part of the DHCP protocol. Now fully scan your computer with MalWareBytes, Spybot Search and Destroy, and any other Spyware remover. Also, do a full scan with your resident antivirus since you’ve possibly picked up a few spywares with all of the VideoCop forwards you’ve been experiencing.

I hope this helps.

...edited by moderator to reduce page width to normal. aw