Solved Redirect on Firefox
- Thread starter RLK107
- Start date
- Status
Broni
Posts: 56,041 +516
Both logs are clean.
Uninstall Combofix:
Go Start > Run [Vista users, go Start>"Start search"]
Type in:
Combofix /Uninstall
Note the space between the "Combofix" and the "/Uninstall"
Click OK (Vista users - press Enter).
Restart computer.
Are you saying, that IE is not redirecting anymore?
Close Firefox. Go Start>All Programs>Mozilla Firefox, click on Mozilla Firefox (safe mode). Same problem?
Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
Uninstall Combofix:
Go Start > Run [Vista users, go Start>"Start search"]
Type in:
Combofix /Uninstall
Note the space between the "Combofix" and the "/Uninstall"
Click OK (Vista users - press Enter).
Restart computer.
Are you saying, that IE is not redirecting anymore?
Close Firefox. Go Start>All Programs>Mozilla Firefox, click on Mozilla Firefox (safe mode). Same problem?
Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
- Ensure all Firefox windows are closed.
- To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
- When prompted to run the scan, click Yes.
- GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).
ComboFix uninstalled w/no problems.
Re-booted.
IE:
I used IE to submit the last post with no problem.
I think it was after the above re-boot when I tried IE again.
Rats. IE back to redirecting.
Firefox safe mode start made no difference. Still redirecting.
GooredFix log attached.
Re-booted.
IE:
I used IE to submit the last post with no problem.
I think it was after the above re-boot when I tried IE again.
Rats. IE back to redirecting.
Firefox safe mode start made no difference. Still redirecting.
GooredFix log attached.
Broni
Posts: 56,041 +516
Turn the computer off.
Disconnect modem and router from the power source. Disconnect ethernet cable.
Wait 1 minute.
Power everything back on.
Go Start>Run (Start search in Vista), type in:
cmd
Click OK (in Vista, while holding CTRL, and SHIFT, press Enter).
In Command Prompt window, type in following commands, and hit Enter after each one:
ipconfig /flushdns
ipconfig /registerdns
ipconfig /release
ipconfig /renew
net stop "dns client"
net start "dns client"
Restart computer.
Disconnect modem and router from the power source. Disconnect ethernet cable.
Wait 1 minute.
Power everything back on.
Go Start>Run (Start search in Vista), type in:
cmd
Click OK (in Vista, while holding CTRL, and SHIFT, press Enter).
In Command Prompt window, type in following commands, and hit Enter after each one:
ipconfig /flushdns
ipconfig /registerdns
ipconfig /release
ipconfig /renew
net stop "dns client"
net start "dns client"
Restart computer.
Have attached the cmd display.
Note that the first 'renew' did not complete.
Taking a risk by not asking for advice, I re-entered the renew command and it completed.
The next sequence of events hopefully will tell you something.
After re-booting, I opened my mail s/w (Thunderbird) and clicked on the link in your last message to return to the last post of the thread.
IE opened and sucessfully displayed the thread (no redirect)!
I then exited IE and restarted IE from my desktop shortcut.
IE went back into redirect mode.
I returned to the email and clicked on the link as above.
IE opened with no redirect.
I was suspicious of the desktop shortcut for IE.
I did a right click-properties on the shortcut expecting to get the standard path display. Instead, the display was a "Windows looking" window box. Assume that this was nothing out of the ordinary.
I also tried executing IE from Start/Programs.
Went into redirect mode.
Note that the first 'renew' did not complete.
Taking a risk by not asking for advice, I re-entered the renew command and it completed.
The next sequence of events hopefully will tell you something.
After re-booting, I opened my mail s/w (Thunderbird) and clicked on the link in your last message to return to the last post of the thread.
IE opened and sucessfully displayed the thread (no redirect)!
I then exited IE and restarted IE from my desktop shortcut.
IE went back into redirect mode.
I returned to the email and clicked on the link as above.
IE opened with no redirect.
I was suspicious of the desktop shortcut for IE.
I did a right click-properties on the shortcut expecting to get the standard path display. Instead, the display was a "Windows looking" window box. Assume that this was nothing out of the ordinary.
I also tried executing IE from Start/Programs.
Went into redirect mode.
Attachments
Broni
Posts: 56,041 +516
Empty Java cache as described here: http://support.f-secure.com/enu/home/virusproblem/howtoclean/cleanjavacache.shtml
Restart computer.
======================================================================
1. Print out these instructions as we will need to close every window that is open later in the fix.
2. Download SmitfraudFix.exe from here and save it to your desktop:
http://www.bleepingcomputer.com/files/smitfraudfix.php
3. Next, please reboot your computer into Safe Mode by doing the following:
a. Restart your computer
b. Start tapping F8 key
c. A menu will appear
d. Select the first option, to run Windows in Safe Mode.
4. Close all open Windows.
5. Now, double-click on the SmitFraudfix icon.
6. When the tool first starts you will see a credits screen. Simply press any key on your keyboard to get to the next screen.
7. You will now see a menu. Press the number 2 on your keyboard and the press the Enter key to choose the option Clean.
8. The program will start cleaning your computer and go through a series of cleanup processes. When it is done, it will automatically start the Disk Cleanup program.
This program will remove all Temp, Temporary Internet Files, and other files that may be leftover files from this infection. This process can take up a long time depending on your computer, so please be patient. When it is complete, it will close automatically and you should continue with next step.
9. When Disk Cleanup is finished, you will be presented with an option asking Do you want to clean the registry ? (y/n). At this screen you should press the Y button on your keyboard and then press the Enter key.
10. When this last routine is finished, you will be presented with a red screen stating Computer will reboot now. Close all applications. You should now press the spacebar on your computer. A counter will appear stating that the computer will reboot in 15 seconds. Do not cancel this countdown and allow your computer to reboot.
11. Once the computer has rebooted, you will be presented with a Notepad screen containing a log of all the files removed from your computer.
Save that log to your desktop, and attach it to your next reply.
Restart computer.
======================================================================
1. Print out these instructions as we will need to close every window that is open later in the fix.
2. Download SmitfraudFix.exe from here and save it to your desktop:
http://www.bleepingcomputer.com/files/smitfraudfix.php
3. Next, please reboot your computer into Safe Mode by doing the following:
a. Restart your computer
b. Start tapping F8 key
c. A menu will appear
d. Select the first option, to run Windows in Safe Mode.
4. Close all open Windows.
5. Now, double-click on the SmitFraudfix icon.
6. When the tool first starts you will see a credits screen. Simply press any key on your keyboard to get to the next screen.
7. You will now see a menu. Press the number 2 on your keyboard and the press the Enter key to choose the option Clean.
8. The program will start cleaning your computer and go through a series of cleanup processes. When it is done, it will automatically start the Disk Cleanup program.
This program will remove all Temp, Temporary Internet Files, and other files that may be leftover files from this infection. This process can take up a long time depending on your computer, so please be patient. When it is complete, it will close automatically and you should continue with next step.
9. When Disk Cleanup is finished, you will be presented with an option asking Do you want to clean the registry ? (y/n). At this screen you should press the Y button on your keyboard and then press the Enter key.
10. When this last routine is finished, you will be presented with a red screen stating Computer will reboot now. Close all applications. You should now press the spacebar on your computer. A counter will appear stating that the computer will reboot in 15 seconds. Do not cancel this countdown and allow your computer to reboot.
11. Once the computer has rebooted, you will be presented with a Notepad screen containing a log of all the files removed from your computer.
Save that log to your desktop, and attach it to your next reply.
Another step to total cleanup!
SmitfraudFix log (rapport) attached.
I screwed up in running this current procedure.
I missed doing the Java cache clear as the first step.
After doing the other steps, I noticed that I had missed doing the clear.
I checked the directory and the 'cache' folder was empty.
Observed status of my three browsers:
As far as I can tell, IE seems to be normal.
Chrome, as has been the case all along, is OK.
Firefox has some problems remaining.
An initial open from desktop icon opens with desired page for a few seconds and then redirects (to a new, not seen before, URL, limonsearch.???)
Additional page opens from this point (either new tab or overwrite of redirect page) seem to be stable (as is subsequent desktop icon open after closing the above FF run).
Virus is no longer overwriting the FF Tools/Options/Home page value (but as mentioned above, redirect overrides theis value).
SmitfraudFix log (rapport) attached.
I screwed up in running this current procedure.
I missed doing the Java cache clear as the first step.
After doing the other steps, I noticed that I had missed doing the clear.
I checked the directory and the 'cache' folder was empty.
Observed status of my three browsers:
As far as I can tell, IE seems to be normal.
Chrome, as has been the case all along, is OK.
Firefox has some problems remaining.
An initial open from desktop icon opens with desired page for a few seconds and then redirects (to a new, not seen before, URL, limonsearch.???)
Additional page opens from this point (either new tab or overwrite of redirect page) seem to be stable (as is subsequent desktop icon open after closing the above FF run).
Virus is no longer overwriting the FF Tools/Options/Home page value (but as mentioned above, redirect overrides theis value).
Broni
Posts: 56,041 +516
I suggest, you perform CLEAN Firefox reinstall, as described here: http://kb.mozillazine.org/Uninstalling_Firefox
Performed the uninstall procedure as shown on the Mozilla page.
After re-installing, situation was exactly as before:
Chrome OK, IE OK.
Firefox redirects and, as before, starting page URL parameter (Tools,Options,General,Home page) is not overwritten as ocurred earlier.
I did not go into the registry during the install as mentioned.
Should this be done?
(If so, I normally use Revo for un-installing as it does do cleanup work in the registry as well as starting the normal software's un-install.)
If you think that registry cleanup should be done in the course of the uninstall, would it be OK for me to use Revo for the un-install?
After re-installing, situation was exactly as before:
Chrome OK, IE OK.
Firefox redirects and, as before, starting page URL parameter (Tools,Options,General,Home page) is not overwritten as ocurred earlier.
I did not go into the registry during the install as mentioned.
Should this be done?
(If so, I normally use Revo for un-installing as it does do cleanup work in the registry as well as starting the normal software's un-install.)
If you think that registry cleanup should be done in the course of the uninstall, would it be OK for me to use Revo for the un-install?
Here's the cut-and-paste from the Mozilla page:
(Its the second sentence above the header Removing user profile data.
(start)
The Firefox uninstall will leave behind some Windows registry entries, which can be cleaned up using Windows regedit or a 3rd party registry cleaner. Normally, these extra entries are harmless, and it is not necessary to remove them. Note: registry editing is a potentially hazardous undertaking!.
(end)
Actually, I did a second un-install earlier after I missed the step to delete C/Windows/Prefetch/Firefox files.
On that second un-install, again all steps were followed (other than the registry reference above and, as I mentioned, I took the option of saving a copy of the plugins folder).
(Its the second sentence above the header Removing user profile data.
(start)
The Firefox uninstall will leave behind some Windows registry entries, which can be cleaned up using Windows regedit or a 3rd party registry cleaner. Normally, these extra entries are harmless, and it is not necessary to remove them. Note: registry editing is a potentially hazardous undertaking!.
(end)
Actually, I did a second un-install earlier after I missed the step to delete C/Windows/Prefetch/Firefox files.
On that second un-install, again all steps were followed (other than the registry reference above and, as I mentioned, I took the option of saving a copy of the plugins folder).
Broni
Posts: 56,041 +516
Please, re-run GooredFix.
Also....
Download FoxScan from HERE, or HERE
Double click on FoxScan.exe to start the scan.
DOS-like window will pop-up.
Press 2 for English. Press Enter.
Be patient. It'll take few minutes.
When the tool is done, it'll display:
Search completed.
Press any key to coninue...
Press any key.
Notepad window titled Rapport-FS.txt will open.
Save the file to known location, and attach it to your next reply.
Also....
Download FoxScan from HERE, or HERE
Double click on FoxScan.exe to start the scan.
DOS-like window will pop-up.
Press 2 for English. Press Enter.
Be patient. It'll take few minutes.
When the tool is done, it'll display:
Search completed.
Press any key to coninue...
Press any key.
Notepad window titled Rapport-FS.txt will open.
Save the file to known location, and attach it to your next reply.
Broni
Posts: 56,041 +516
You forgot GooredFix.
You still should have it on your desktop, but just in case...
Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
You still should have it on your desktop, but just in case...
Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
- Ensure all Firefox windows are closed.
- To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
- When prompted to run the scan, click Yes.
- GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).
Broni
Posts: 56,041 +516
I don't understand something.
If you performed clean reinstall, how come you still have all those add-ons and plugins listed.
Some plugins will come with new installation, but not add-ons.
Did you install some add-ons right away?
In any case, I believe you problem comes from this:
keyword.URL : "http://www.veerboo.com/results.php?q="
Let's try something....
Open Firefox.
In address bar type in:
about:config
New tab will open.
In filter field paste this:
keyword.URL
One listing will appear.
Right click on keyword.URL listing, click "Modify".
Pop-up window will open with this text:
Clear that text and paste this instead:
Click OK.
Restart Firefox and check for redirection.
If you performed clean reinstall, how come you still have all those add-ons and plugins listed.
Some plugins will come with new installation, but not add-ons.
Did you install some add-ons right away?
In any case, I believe you problem comes from this:
keyword.URL : "http://www.veerboo.com/results.php?q="
Let's try something....
Open Firefox.
In address bar type in:
about:config
New tab will open.
In filter field paste this:
keyword.URL
One listing will appear.
Right click on keyword.URL listing, click "Modify".
Pop-up window will open with this text:
Code:
http://www.veerboo.com/results.php?q=
Code:
http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=Restart Firefox and check for redirection.
After I reinstalled FF, I copied the plug-ins that I had saved for the uninstall.
I'm puzzled, too, that the add-ons would show up after the re-install.
(I noticed that the Google toolbar that I had installed a long time ago
was also in place after the reinstall.)
I went back to the Mozilla uninstall page at http://kb.mozillazine.org/Uninstalling_Firefox
I did not run the section entitled "Removing user profile data" (in either of the uninstall runs that I made).
I ran the "about:config" and replaced the veerboo URL.
I did not see an OK icon to click after the replacement.
To insure that the change was made, I went in and confirmrd that the google.com URl was still there.
After restarting FF, the redirect re-ocurred. (with the "limon" URL).
As a side note, I just opened a second FF to confirm the "limon" redirect URL..
It opened normally with no direct.
I'm puzzled, too, that the add-ons would show up after the re-install.
(I noticed that the Google toolbar that I had installed a long time ago
was also in place after the reinstall.)
I went back to the Mozilla uninstall page at http://kb.mozillazine.org/Uninstalling_Firefox
I did not run the section entitled "Removing user profile data" (in either of the uninstall runs that I made).
I ran the "about:config" and replaced the veerboo URL.
I did not see an OK icon to click after the replacement.
To insure that the change was made, I went in and confirmrd that the google.com URl was still there.
After restarting FF, the redirect re-ocurred. (with the "limon" URL).
As a side note, I just opened a second FF to confirm the "limon" redirect URL..
It opened normally with no direct.
Hi Broni,
I've been busy lately and wanted to check in with a status report.
After doing a complete uninstall, I re-installed Firefox and everything seems to be working OK.
To satisfy my own curiosity, do you happen to know of any name assigned to the particular virus I had?
Again, thank you for your help. Techspot is one of those gems on the internet.
I've been busy lately and wanted to check in with a status report.
After doing a complete uninstall, I re-installed Firefox and everything seems to be working OK.
To satisfy my own curiosity, do you happen to know of any name assigned to the particular virus I had?
Again, thank you for your help. Techspot is one of those gems on the internet.
Broni
Posts: 56,041 +516
I'm glad to hear it 
Said that....
Your computer is clean
1. Turn off System Restore:
- Windows XP:
1. Click Start.
2. Right-click the My Computer icon, and then click Properties.
3. Click the System Restore tab.
4. Check "Turn off System Restore".
5. Click Apply.
6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
7. Click OK.
- Windows Vista and 7:
1. Click Start.
2. Right-click the Computer icon, and then click Properties.
3. Click on System Protection under the Tasks column on the left side
4. Click on Continue on the "User Account Control" window that pops up
5. Under the System Protection tab, find Available Disks
6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C:")
7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
8. Click OK
2. Restart computer.
3. Turn System Restore on.
4. Make sure, Windows Updates are current.
5. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!
6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.
7. Run defrag at your convenience.
8. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
9. Please, let me know, how is your computer doing.
This would be a difficult and time consuming process.
Said that....
Your computer is clean
1. Turn off System Restore:
- Windows XP:
1. Click Start.
2. Right-click the My Computer icon, and then click Properties.
3. Click the System Restore tab.
4. Check "Turn off System Restore".
5. Click Apply.
6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
7. Click OK.
- Windows Vista and 7:
1. Click Start.
2. Right-click the Computer icon, and then click Properties.
3. Click on System Protection under the Tasks column on the left side
4. Click on Continue on the "User Account Control" window that pops up
5. Under the System Protection tab, find Available Disks
6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C:")
7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
8. Click OK
2. Restart computer.
3. Turn System Restore on.
4. Make sure, Windows Updates are current.
5. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!
6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.
7. Run defrag at your convenience.
8. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
9. Please, let me know, how is your computer doing.
- Status
Similar threads
Latest posts
-
Generative AI could soon decimate the call center industry, says CEO- wiyosaya replied
-
Microsoft Xbox Series X/S sales downturn continued last quarter
- midian182 replied
-
Nintendo DMCA lawyers shut down everything Mario on Garry's Mod- stewi0001 replied
