topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Tuesday October 8, 2024, 8:03 am
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: Browser Hijackers  (Read 6705 times)

TaoPhoenix

  • Supporting Member
  • Joined in 2011
  • **
  • Posts: 4,642
    • View Profile
    • Donate to Member
Browser Hijackers
« on: February 03, 2015, 11:05 AM »

Bleh.

My copies of Firefox just got hijacked by something. But it's weird because I don't use them that often. Meanwhile Palemoon is my "heavy duty" browser and it's fine.

I could do some snooping and maybe figure it out, but that takes work.   :mad:


MilesAhead

  • Supporting Member
  • Joined in 2009
  • **
  • Posts: 7,736
    • View Profile
    • Donate to Member
Re: Browser Hijackers
« Reply #1 on: February 03, 2015, 03:57 PM »
By hijacked you mean the start page was changed?  If so WinPatrol Free version may pick that up just after it happens.  I know it has notified me about start page changes(I use FF mostly) and new stuff in AutoStart.  It's pretty convenient.  And the free version does just about all you would want.


A new developer took over the program with the blessing of Bill P so it will be interesting to see what he comes up with for new features.


Curt

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 7,566
    • View Profile
    • Donate to Member
Re: Browser Hijackers
« Reply #2 on: February 03, 2015, 04:15 PM »
usually the bugger is the last entry in add/remove programs...

TaoPhoenix

  • Supporting Member
  • Joined in 2011
  • **
  • Posts: 4,642
    • View Profile
    • Donate to Member
Re: Browser Hijackers
« Reply #3 on: February 04, 2015, 01:27 AM »

Good stuff guys, tagged with one of my note programs for one of those days I feel like dealing with that stuff. Meanwhile Miles yes, the start page was changed, but it also tried to install an add-on, which first catches your eye even before your page opens. At least it's good FF put in that thing a while back about "approving add-ons", so that was one step blocked!


Steven Avery

  • Supporting Member
  • Joined in 2006
  • **
  • default avatar
  • Posts: 1,038
    • View Profile
    • Donate to Member
Re: Browser Hijackers
« Reply #4 on: February 04, 2015, 05:27 AM »
Another possibility in culprit-hunting is to look for the date of the install of the browser hijacker and see what was installed that day.  The last time I ran into that type of situation, I used Everything and sorted the files on disk by creation date, a flat-view.


MilesAhead

  • Supporting Member
  • Joined in 2009
  • **
  • Posts: 7,736
    • View Profile
    • Donate to Member
Re: Browser Hijackers
« Reply #5 on: February 04, 2015, 05:29 AM »

Good stuff guys, tagged with one of my note programs for one of those days I feel like dealing with that stuff. Meanwhile Miles yes, the start page was changed, but it also tried to install an add-on, which first catches your eye even before your page opens. At least it's good FF put in that thing a while back about "approving add-ons", so that was one step blocked!



WinPatrol checks for BHOs added to IE but I don't think it checks FF AddOns.

TaoPhoenix

  • Supporting Member
  • Joined in 2011
  • **
  • Posts: 4,642
    • View Profile
    • Donate to Member
Re: Browser Hijackers
« Reply #6 on: February 05, 2015, 02:57 PM »
Another possibility in culprit-hunting is to look for the date of the install of the browser hijacker and see what was installed that day.  The last time I ran into that type of situation, I used Everything and sorted the files on disk by creation date, a flat-view.

I'll use this note to reply to.

I poked at this today. But I can't find it in Add/Remove Programs. "Date Last Used" doesn't seem to help and nothing labeled "start" seems to be there by name per se, though I began reading a couple articles on this and it seems to be one of the nastier hijackers with a few re-install tricks.

I'll just have to chip away at this, though I'm more inclined again just to keep using FF-spinoffs since my PaleMoon is still clean. (For now! I still haven't upgraded.)


MilesAhead

  • Supporting Member
  • Joined in 2009
  • **
  • Posts: 7,736
    • View Profile
    • Donate to Member
Re: Browser Hijackers
« Reply #7 on: February 06, 2015, 01:40 PM »
I

I'll just have to chip away at this,

btw what OS version and bitness are you running?

TaoPhoenix

  • Supporting Member
  • Joined in 2011
  • **
  • Posts: 4,642
    • View Profile
    • Donate to Member
Re: Browser Hijackers
« Reply #8 on: February 06, 2015, 04:24 PM »
I

I'll just have to chip away at this,

btw what OS version and bitness are you running?

32 Bit XP ... slightly weakened over time by age and stuff. : )

But a clue is that these attacked my "main Firefox" series of browsers, that for a long while I used for almost nothing, and just that day I went to look at something and "poof - attacked". All my heavy duty is on Pale Moon, and it's just fine.

I see conflicting reports on the web about it. One thought it could even collect user data like logins and passwords to sites. So I have currently just dumped the links in a folder marked "beware".

I tried downloading one "tool to remove it" but I stopped it before it was finished, after I wasn't sure if it was hung up.

The steps I saw varied, with one of the more complex involving downloading something like five anti-malware programs.


MilesAhead

  • Supporting Member
  • Joined in 2009
  • **
  • Posts: 7,736
    • View Profile
    • Donate to Member
Re: Browser Hijackers
« Reply #9 on: February 09, 2015, 07:32 AM »
One thing you may try to get more details is to use MozBackup or some other means of backing up a Firefox, then approve the AddOn install.  That should at least give some kind of name to search on.  I'm not sure how much damage a malicious FF AddOn can do so take suggestion with a grain of salt.  :)

TaoPhoenix

  • Supporting Member
  • Joined in 2011
  • **
  • Posts: 4,642
    • View Profile
    • Donate to Member
Re: Browser Hijackers
« Reply #10 on: February 09, 2015, 07:55 AM »
One thing you may try to get more details is to use MozBackup or some other means of backing up a Firefox, then approve the AddOn install.  That should at least give some kind of name to search on.  I'm not sure how much damage a malicious FF AddOn can do so take suggestion with a grain of salt.  :)

Well I blocked the addon, some of that comes native to new FF's, so just the start page was left, which I put back, and several articles mention you have to fix the shortcuts. But I couldn't easily find what might be hiding as a real program that some people hint can re-install itself, so I just threw it all into a "cupboard marked beware of the leopard".