Some Virus in FireFox Please Help

By badb0y
in Smart Home, Network & Security

 Share

Recommended Posts

Grand Master

Nothing Here

Posted
Posted

Ok, let's try this:

Delete everything in the following folders:

C:\Windows\Temp

C:\Windows\SoftwareDistribution\Download

C:\Windows\Prefetch

C:\Users\Froggy\AppData\Local\Mozilla\Firefox\Profiles\"FF default user".default

C:\Users\Froggy\AppData\Local\Temp

Now, re-dl Firefox. Uninstall Firefox. Make sure all Firefox entries are gone, then check:

C:\Users\Froggy\AppData\Roaming

Make sure the Mozilla folder is gone from there also. Run Ccleaner and make sure to use the regclean mode of Ccleaner. Reinstall Firefox and hopefully everything is good to go.

Link to comment
Share on other sites
Grand Master

LaP

Posted
Posted

I might be wrong but imo there's a high probability that the problem is in the registry. Re-installing Firefox or removing any temp files wont change anything.

I don't know where the html/htm files shell open options are for firefox on your OS. But the problem is probably related to this entry in the registry. Follow Budman advice (post #23).

Link to comment
Share on other sites
Grand Master

+BudMan MVC

Posted
  • MVC
Posted

Yeah I am not sure if windows 8 changes that at all - but I would look there to see if something is odd in the string to open html.

I tried changing mine up a bit to see if I could try and duplicate the sort of issue, but as of yet no. I can break it opening ;) But not opening up the different words in the file name as new tabs. It really looks like a parse issue with the file name to me.. What do you have in the key I posted?

Link to comment
Share on other sites
Grand Master

+Gary7 Subscriber²

Posted
  • Subscriber²
Posted

I might be wrong but imo there's a high probability that the problem is in the registry. Re-installing Firefox or removing any temp files wont change anything.

I don't know where the html/htm files shell open options are for firefox on your OS. But the problem is probably related to this entry in the registry. Follow Budman advice (post #23).

He can remove all references to Firefox in the registry.

Link to comment
Share on other sites
Mentor

badb0y

Posted
  • Author
Posted

Ok, let's try this:

Delete everything in the following folders:

C:\Windows\Temp

C:\Windows\SoftwareDistribution\Download

C:\Windows\Prefetch

C:\Users\Froggy\AppData\Local\Mozilla\Firefox\Profiles\"FF default user".default

C:\Users\Froggy\AppData\Local\Temp

Now, re-dl Firefox. Uninstall Firefox. Make sure all Firefox entries are gone, then check:

C:\Users\Froggy\AppData\Roaming

Make sure the Mozilla folder is gone from there also. Run Ccleaner and make sure to use the regclean mode of Ccleaner. Reinstall Firefox and hopefully everything is good to go.

Tried all this... No luck

Link to comment
Share on other sites
Mentor

badb0y

Posted
  • Author
Posted

curious what your HKEY_CLASSES_ROOT\FirefoxHTML\shell\open\command

is?

For example mine is

"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1"

Do you happen to have maybe %2 %3 or something added to yours? Im going to edit mine to see if I can duplicate your issue. This is from a XP box btw.

just checked, mine is : "C:\Program Files (x86)\Nightly\firefox.exe" -osint -url "%1"

Btw i am using Nightly Firefox

Link to comment
Share on other sites
Grand Master

Detection

Posted
Posted

Btw i am using Nightly Firefox

I think you should try using a stable build before anything else

Doesn't Windows 8 have some sort of Refresh that restores everything to normal? Sort of a fix it all button.

It does yep, but it wipes your non metro programs and drivers etc

Link to comment
Share on other sites
Grand Master

+Gary7 Subscriber²

Posted
  • Subscriber²
Posted

I think you should try using a stable build before anything else

It does yep, but it wipes your non metro programs and drivers etc

Thanks I did not know that. Seems like that is all MS cares about is metro apps.

just checked, mine is : "C:\Program Files (x86)\Nightly\firefox.exe" -osint -url "%1"

Btw i am using Nightly Firefox

C:\Program Files (x86)\Nightly\firefox.exe" -osint

Mine only has the above and I am on the Nightly Build.

Link to comment
Share on other sites
Grand Master

Nothing Here

Posted
Posted

just checked, mine is : "C:\Program Files (x86)\Nightly\firefox.exe" -osint -url "%1"

Btw i am using Nightly Firefox

%1 < There is your problem right there. As others have stated, that needs to removed.

Link to comment
Share on other sites
Grand Master

+BudMan MVC

Posted
  • MVC
Posted

I am not having an issue with today's Nightly. There was a respin yesterday.

Did he give what nightly he was using? Just because they are called nightly does not mean he is using todays ;)

edit: I don't think %1 needs to be removed.. How would it pass the url to be opened.. I don't see how the command give that is missing -url and %1 would even work?

Link to comment
Share on other sites
Veteran

KiHu

Posted
Posted

Did he give what nightly he was using? Just because they are called nightly does not mean he is using todays ;)

edit: I don't think %1 needs to be removed.. How would it pass the url to be opened.. I don't see how the command give that is missing -url and %1 would even work?

Try it at least and report what happens.

Link to comment
Share on other sites
Grand Master

Nothing Here

Posted
Posted

Did he give what nightly he was using? Just because they are called nightly does not mean he is using todays ;)

edit: I don't think %1 needs to be removed.. How would it pass the url to be opened.. I don't see how the command give that is missing -url and %1 would even work?

I don't have the %1 after mine and neither does Gary.

Link to comment
Share on other sites
Grand Master

LaP

Posted
Posted

I don't think the %1 is the problem either. Might be wrong though worth a try.

If it doesn't work i still think that the problem probably lies in the registry. I just don't have the time to dig for it.

I had a similar problem many years ago. A malicious program added a line in my registry. Every time i opened an executable IE was opened at the same time showing some adds. No av at the time was able to diag and resolve the issue.

Link to comment
Share on other sites
Grand Master

ViperAFK

Posted
Posted

If its a search redirector you could try going to settings > advanced > network > settings and make sure its set to "no proxy". You'd also want to check that internet options in the windows control panel isn't set to use a proxy. not all malware is that obvious about it though.

Link to comment
Share on other sites
Grand Master

Detection

Posted
Posted

edit: I don't think %1 needs to be removed.. How would it pass the url to be opened.. I don't see how the command give that is missing -url and %1 would even work?

Mine (Win 7)

Capture.PNG

Link to comment
Share on other sites
Mentor

badb0y

Posted
  • Author
Posted

Have you used tdsskiller to check for an MBR rootkit?

http://support.kaspe.../tdsskiller.exe

Also try hitman Pro

http://www.surfright.nl/en

yes tried both.

Malwarebytes has a Anti rootkit as well.

http://www.malwareby.../products/mbar/

Scanned 5 times using latest version with fully updated database..

In Addition to these, i scanned using Comodo Internet Security 2013, Bit Defender, Norton Power Eraser...

I tried changing registry from : "C:\Program Files (x86)\Nightly\firefox.exe" -osint -url "%1" to "C:\Program Files (x86)\Nightly\firefox.exe" that didnt helped at all aswell

please help me guys..

It seems like whenever i open an offline saved page, all those tabs are like pre-opened. and search for words nothing else... Otherwise firefox is working fine. no error or problem.

thank you...

Link to comment
Share on other sites
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.