Browser Hijackers

[TaoPhoenix]

Bleh.

My copies of Firefox just got hijacked by something. But it's weird because I don't use them that often. Meanwhile Palemoon is my "heavy duty" browser and it's fine.

I could do some snooping and maybe figure it out, but that takes work.   

[MilesAhead]

By hijacked you mean the start page was changed?  If so WinPatrol Free version may pick that up just after it happens.  I know it has notified me about start page changes(I use FF mostly) and new stuff in AutoStart.  It's pretty convenient.  And the free version does just about all you would want.


A new developer took over the program with the blessing of Bill P so it will be interesting to see what he comes up with for new features.

[Curt]

usually the bugger is the last entry in add/remove programs...

[TaoPhoenix]

Good stuff guys, tagged with one of my note programs for one of those days I feel like dealing with that stuff. Meanwhile Miles yes, the start page was changed, but it also tried to install an add-on, which first catches your eye even before your page opens. At least it's good FF put in that thing a while back about "approving add-ons", so that was one step blocked!

[Steven Avery]

Another possibility in culprit-hunting is to look for the date of the install of the browser hijacker and see what was installed that day.  The last time I ran into that type of situation, I used Everything and sorted the files on disk by creation date, a flat-view.

[MilesAhead]

Good stuff guys, tagged with one of my note programs for one of those days I feel like dealing with that stuff. Meanwhile Miles yes, the start page was changed, but it also tried to install an add-on, which first catches your eye even before your page opens. At least it's good FF put in that thing a while back about "approving add-ons", so that was one step blocked!

-TaoPhoenix (February 04, 2015, 01:27 AM)

WinPatrol checks for BHOs added to IE but I don't think it checks FF AddOns.

[TaoPhoenix]

Another possibility in culprit-hunting is to look for the date of the install of the browser hijacker and see what was installed that day.  The last time I ran into that type of situation, I used Everything and sorted the files on disk by creation date, a flat-view.

-Steven Avery (February 04, 2015, 05:27 AM)

I'll use this note to reply to.

I poked at this today. But I can't find it in Add/Remove Programs. "Date Last Used" doesn't seem to help and nothing labeled "start" seems to be there by name per se, though I began reading a couple articles on this and it seems to be one of the nastier hijackers with a few re-install tricks.

I'll just have to chip away at this, though I'm more inclined again just to keep using FF-spinoffs since my PaleMoon is still clean. (For now! I still haven't upgraded.)

[MilesAhead]

I

I'll just have to chip away at this,

-TaoPhoenix (February 05, 2015, 02:57 PM)

btw what OS version and bitness are you running?

[TaoPhoenix]

I

I'll just have to chip away at this,

-TaoPhoenix (February 05, 2015, 02:57 PM)

btw what OS version and bitness are you running?

-MilesAhead (February 06, 2015, 01:40 PM)

32 Bit XP ... slightly weakened over time by age and stuff. : )

But a clue is that these attacked my "main Firefox" series of browsers, that for a long while I used for almost nothing, and just that day I went to look at something and "poof - attacked". All my heavy duty is on Pale Moon, and it's just fine.

I see conflicting reports on the web about it. One thought it could even collect user data like logins and passwords to sites. So I have currently just dumped the links in a folder marked "beware".

I tried downloading one "tool to remove it" but I stopped it before it was finished, after I wasn't sure if it was hung up.

The steps I saw varied, with one of the more complex involving downloading something like five anti-malware programs.

[MilesAhead]

One thing you may try to get more details is to use MozBackup or some other means of backing up a Firefox, then approve the AddOn install.  That should at least give some kind of name to search on.  I'm not sure how much damage a malicious FF AddOn can do so take suggestion with a grain of salt. 

[TaoPhoenix]

One thing you may try to get more details is to use MozBackup or some other means of backing up a Firefox, then approve the AddOn install.  That should at least give some kind of name to search on.  I'm not sure how much damage a malicious FF AddOn can do so take suggestion with a grain of salt. 

-MilesAhead (February 09, 2015, 07:32 AM)

Well I blocked the addon, some of that comes native to new FF's, so just the start page was left, which I put back, and several articles mention you have to fix the shortcuts. But I couldn't easily find what might be hiding as a real program that some people hint can re-install itself, so I just threw it all into a "cupboard marked beware of the leopard".