Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Firefox Home Page effectively hijacked by Yahoo Search

Status
Not open for further replies.
Sebastian42

Sebastian42

MIS
Aug 20, 2009
112
0
16
AU
It seems that my Firefox has been hijacked by
It causes disablement - maybe because there is a conflict between it and my chosen home page, which is STILL showing as the one I chose. Sometimes my chosen home page wins out for a short while, but then gets replaced by the yahoo search; sometimes my own does not even get a chance. This conflict appears to disable other browsers from accessing the internet as well. I have received notifications like "A program on your computer has suggested a new default search provider for Internet Explorer." and even a dialog box with a choice of whether I really want to change. It is to no avail, YHS remains dominant. I've even replaced 'default search provider' in the Registry with my own choice, but after rebooting Yahoo is back in that key. How can I get rid of YHS and get my own choice back ?
 
Sort by date Sort by votes
If there is nothing in Add or Remove that allows you to remove this Toolbar, see if the Firefox Add-ons has something.

Remove Cooliris and Crawler Search
thread779-1545030

I see lots of recommendations here for programs like -

Malwarebytes' Anti-Malware

SuperAntispyware

Maybe you could System Restore to a day before you inherited this Toolbar?
 
Upvote 0 Downvote
<<If there is nothing in Add or Remove that allows you to remove this Toolbar>>
Why do you suspect a TOOLBAR ?

<<see if the Firefox Add-ons has something.>>
Any hints on how to do that ?

Whatever is wrong with Yahoo, I dont think it fits into malware or spyware category.

System Restore is an option, if I can track down when hijacking started. I did not at first recognise it as such.

 
Upvote 0 Downvote
melmits
<<Malwarebytes' Anti-Malware - Installed it, ran it, and problem gone (at least for us).>>
So did I. It did find 28 infections, and labelled many (all ?) of them as Trojans. Said it could not delete them all, but they would be deleted at reboot. It made no improvement, but did remove ASK from Opera, so not even Opera could access the internet afterwards.

Linney - I did discover the options to remove Firefox addons, but none of that improved the situation.
 
Upvote 0 Downvote
I have run the Malwarebytes' Anti-Malware a second time; this time it found 3 Trojan.Agents and after I clicked on "Remove Selected" it reported success. Firefox now opens in Yahoo - its Home Page; Chrome opens in its Homepage, but I.E. is still disabled - cannot display webpage. So I'd say IMPROVEMENT, without total success.
LATER
Success was shortlived - all the browsers are now disabled.
 
Upvote 0 Downvote
If you check the logs produced by Malwarebytes' Anti-Malware it will give you a detailed list of files and registry keys infected. As some nasty malware is able to regenerate itself, and some is difficult to remove, it may be a valuable exercise to physically check the locations mentioned to see whether the malware was actually removed successfully.

Are you surfing the Internet as an Administrative user rather than a Limited user and possibly reinfecting yourself?

What do you mean by browsers being disabled? Do you still have an Internet connection?

WinXP Connectivity Issues
faq779-4625
 
Upvote 0 Downvote
Linney
I did in fact do what you suggested. I'm in a hurry right now and can't go into all the detail, but to my suprise the actual files listed were able to be deleted. However some Registry 'references' could not be found.

I am a user with administrative credentials/privileges (?)

I do have a lot of trouble with the internet connection as well - it comes and goes mysteriously - Since I wrote that they were disabled, the browsers HAVE accessed the NET. I'm beginning to suspect that the (Virgin) network gets overloaded before and after school times.

Turkbear
Thank you for that link. I'll report on it when I've been able to try it
 
Upvote 0 Downvote
I'd toss in to try running malwarebytes in safe mode - maybe even safe mode without networking and see if it has better luck keeping the stuff cleared out after you reboot.

As others suggested, it's probably not a bad idea to shut off system restore. This will probably delete all your restore points, but stuff likes to live in that area and then reinfect the computer after cleaning. You can always turn it back on after you get the computer cleaned up.

 
Upvote 0 Downvote
I wouldn't just rely on one tool, either.

I'd also try at least these:
SuperAntiSpyware
DrWeb CureIt

And a clean-up with the following 3 might be good as well:
CCleaner
IObit Advanced System Care
Glary Utilities

What AV software are you using? You may seriously need to look into another.

AVG is still pretty good, though I'm gradually moving systems away from that to Avira Antivir. If you want a paid solution, I'd suggestion putting Nod32 on there.

Also, what sort of firewall protection do you have? Is this a personal PC, or a school-owned PC? If personal, I'd make sure to have my own firewalled router. If not, then you may want to at least let the IT person/dept know at your school to be checking their firewall logs, and making sure the network isn't infected as well.

For your comptuer itself, I'd suggest putting either Online Armor (what I use) or Comodo Security on your PC as a software firewall.

Also, you'll need to turn off system restore, and once you've finished cleaning the system for sure, reboot at least once, and then re-enable system restore. This will make sure none of the junk also snuck into your system restore points.

And then it wouldn't hurt to also have these as back-ups on system protection:
Windows Defender (installed by default if you have Vista) and
SpywareBlaster

Advanced System Care also checks system settings for security.

SuperAntiSpyware also has some active protection besides scanning as well.

--

"If to err is human, then I must be some kind of human!" -Me
 
Upvote 0 Downvote
it's probably not a bad idea to shut off system restore"

I should have mentioned that - for the nasty stuff, it's a great idea as long as the PC is stable and booting fine (no blue screens or freezing). Some of that stuff really tries to come back.

Now try GMER and the other one I mentioned for mop up duty and/or superantispyware
and/or

and/or combofix (as suggested)
 
Upvote 0 Downvote
kjv1611
I'm using AVG
I also have Windows Defender; Spybot Search & Destroy and AdAware

I don't have the Windows firewall on because it is incompatible with one of the four above.

The PC is my private one.

My 'black-box' is a unit that receives signals wirelessy, and to the PC of interest, sends them wirelessly. There is also an ethernet connection to THIS WinMe system from which
I'm doing communicating. So is it a modem, a router, is it firewalled - who knows ?

<<....checks system settings for security>>
I have recently done a SECUNIA scan; it listed numerous 'security' updates that were supposed to be lacking; but in the list were just ordinary updates (Skype) AND a Java update THAT HAD ALREADY BEEN INSTALLED ! Moreover, it did not allow me to save the scan, so all that information and the links disapeared when I HAD to close the PC down. It would be handy to know how such a document could be saved.

goombawaho
When I get my life back, I'll try your suggestiom. I HAVE downloaded GMER already.

 
Upvote 0 Downvote
I'm using AVG
I also have Windows Defender; Spybot Search & Destroy and AdAware

I don't have the Windows firewall on because it is incompatible with one of the four above.
Click to expand...
First, I'd not even mess with Spybot or AdAware anymore, myself. Spybot got to where all I got was complaints due to slowness from people I recommended it to at home, and I personally got fed up with it as well. AdAware just doesn't seem to do much anymore, unless they've changed in the past year or so.

AVG is fine, but since you did have these infections, you may want to consider trying Avira Antivir instead. I haven't switched on EVERY machine at home just yet, but I think it's just a matter of time for me. I already switched my laptop. I really do like AVG's interface better, but that's not why you have security software - protection should be #1 priority, and everything else after.

If you have any program that is not compatible with a firewall as basic as the Windows firewall, then I suggest you dump the program. Either that, or something else is wrong. I've used all the products you listed, and never had a firewall issue with any. If anything, you might have to create an exception in the firewall, but don't just totally turn it off without having another in its place.

For your firewall, I'd suggest Online Armor personally, but many people like Comodo Security as well.

My 'black-box' is a unit that receives signals wirelessy, and to the PC of interest, sends them wirelessly. There is also an ethernet connection to THIS WinMe system from which
I'm doing communicating. So is it a modem, a router, is it firewalled - who knows ?
Click to expand...

Are you telling us that the box which acts as the router/firewall is a computer running Windows ME? If so, is there any way around that at all? That just does NOT seem like a good idea at all. Windows ME was the red-headed step child in relation to other Windows OS offerings, bar none! Security-wise, driver-wise, user headache-wise. If the machine is just a firewall, I'd say they'd be best off with a currently supported distro of Linux, and most of them are free. But for your own sake, I'd see if there were a way round using that connection at all.

--

"If to err is human, then I must be some kind of human!" -Me
 
Upvote 0 Downvote
<<Are you telling us that the box which acts as the router/firewall is a computer running Windows ME? >>
NO, what I am telling you is that the modem/router is connected wirelessly to the WinXP with which I am having the issues, but also to a WinMe PC by ethernet cable.

<<That just does NOT seem like a good idea at all.>>
I am VERY aware of the revulsion most geeks have to WinMe.
But is has - and continues - to serve me well for 'basic' computing, and I have found it more reliable than MY WinXP.
Of course there are things that it can't do [which is NOT at issue], and that is what I have WinXP for.
AS AN ASIDE - my ISP told me they would not 'support' WinMe, but I was very proud to get it connected AND working despite their refusal to help. But it was a big effort.

I will take on board your recommendations about security software. I AM familiar with Avir and COULD change to it.

I have JUST finished the fourth scan with Malwarebytes' Anti-Malware, this time with System Restore off and in Safe Mode and not connectred on-line. It again found the two resistant Registry infections, and again told me it had removed them. I will do one more scan to see if this time they disappeared.
 
Upvote 0 Downvote
Yeah, it sounds like you've ended up with a mess on your hands. Glad to hear it at least seems to be getting cleared up.

Okay, Windows ME as a personal desktop PC is not necessarily TERRIBLE. [wink] I just thought from your original mention, it sounded like it could have been for a firewall/server.

Regardless, if it works for you, that's fine, and up to you of course. If you're just doing web browsing and documents on it, though, you could install Ubuntu Linux on it instead of ME, and then keep XP on your main machine. If you wanted to see what it's like you can download the free ISO image, burn to CD, and run without actually installing to the hard drive. I do like Ubuntu, though my personal favorite desktop Linux that I have tried was Mandriva - it just seems to work better, drivers and such. Then again, the latest Ubuntu seems to work really well, just tried again the other day.

Anyhow, my ultimate recommendation at this point is that if you have the disk, and you have the time, this'd be a good time to do a fresh install of XP on your main machine. If you wanted to make absolute certain all the malware and such is gone, I'd say do this:
[ol][li]Download Darik's Boot 'n' Nuke, DBAN, and burn to a CD - or use another similar utility such as Active KillDisk[/li]
[li]If your system has a restore partition, it'd be good to back that up using a partition program - Acronis TrueImage, Norton Ghost, or one of the free ones... DriveXML comes to mind... I think that's the name.[/li]
[li]If you have the plain Windows XP CD, I'd go with that, but it'd be adviseable to download your network driver(s) first, and put them on another hard drive, CD, thumb drive, whatever.[/li]
[li]Backup any personal data you want to keep[/li]
[li]Start the DBAN wipe before going to bed, or before you are going to be gone somewhere for a good long while - at least an hour or two.[/li]
[li]After it's finished, pop the DBAN disk out - actually, you can always pop it out once the process has started..[/li]
[li]Pop in your Windows XP CD[/li]
[li]Install Windows[/li]
[li]If Windows didn't install your network driver(s) already, then load them from the backup.[/li]
[li]Make sure Windows is updated at least to SP2[/li]
[li]Install Avira Antivir - or whatever else you choose; AVG, Avast!, a paid one perhaps - NOD32, whatever.[/li]
[li]Make sure you've got all the rest of your Windows updates[/li]
[li]Make sure all drivers are installed/up to date as best you can, by checking in Device Manager, and verifying with Windows Update. For some drivers, your best leaving Windows Update alone, however.[/li]
[li]Install a good software firewall (Online Armor and Comodo Security are the best), and a couple anti-malware apps (SuperAntiSpyware and MalwareBytes are good... plus I prefer to always include Windows Defender and SpywareBlaster)[/li]
[li]After all that's done, then install whatever other software you wanted/needed - Office, games, whatever.[/li]
[li]If you need a certain app for something, there are a few good spots to look at. I prefer download.com, filehippo.com, and sometimes softpedia.com or soft32.com, but I think you have to be more careful with the latter 2. Also download.com can trip some people up with all the ads surrounding your search results. FileHippo is nice, in that it's a clean interface, and it limits what it keeps available for download, or so it seems.[/li]
[/ol]

On your ME machine, I'd just be careful. If my memory serves me correct - it's possible it doesn't - Me is just wide-open, security-wise, compared to XP, Vista, Linux. 98 and ME are likely just more vulnerable, b/c they are just so far out of date. I actually had ME once before. So my disgust with ME is specifically based on user experience. When I first tried XP, I thought I had died and gone to heaven... in a computer geekiness sorta way, I suppose. ;p

--

"If to err is human, then I must be some kind of human!" -Me
 
Upvote 0 Downvote
BTW, sorry if that last post was just too long. It's probably more than you're asking for, but I personally believe you'd be best served going this route. If you do that, just be SURE - EXTRA SURE - that you have anything you want to keep backed up.

Also, if you have MS Office installed, or any Adobe software (paid), or any other such "professional" software, make absolutely sure you back up any license data. And if you don't know your Windows XP key, which with a Dell reinstall disk, you shouldn't need anyway, you can get that off your PC using the MagicJellyBean program. It'll find your Windows and Office keys for you, so you can save to a text file, just in case.

--

"If to err is human, then I must be some kind of human!" -Me
 
Upvote 0 Downvote
Firstly
The scan done in Safe Mode as Administrator after System Restore and Internet Connection had been disabled, finally resulted in NO remnant infections, but Firefox STILL had its
addressbar hijacked by the ASK/AVG/YAHOO/SEARCH URL !
So it seems the infections were irrlevant to my problem.

I was interested to see if I could fix that problem - and so far I have not succeeded - but in repayment for the very extensive instructions listed above, I want to tell you the following, [and you can't stop me from telling you] :

I have long ago learned how to avoid 'going back to square one'.
Whenever I want to do something where I am not sure of the outcome, I do it to a CLONE of my system, so that if it is unsatisfactory, I can discard it and go back to a system NOT contaminated by that experience.
This hijacking was unexpected, rather than an experiment going wrong.
By routine cloning after [satisfactory] changes to the system, I rotate my system through 6 HDDs, so at any one time I have HDDs with working system going back 6 modifications - so if something unwanted and irremovable slips in, I can go back to a system BEFORE that happened.
[I have graduated to 40Gb HDDs.]
Amongst other DISadvantages are the fact that the connectors, both power and signal, are not designed for frequent removal and re-attachment, so that gives me troubles - but I achieve a high confidence in getting back to 'clean' system without having to start over.


 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Flinx
  • Locked
  • Question
Windows 10 Strange problems recently appear caused by microsoft ransomeware protection
Replies
3
Views
143
Andrzejek
Andrzejek
krabban
  • Locked
  • Question
Win 10 + FireFox + XMarks (former Foxmarks) 3
Replies
10
Views
55
krabban
krabban
javierdlm001
  • Locked
  • Question
Installing Win10 from a USB Drive given by the PC maker...
Replies
11
Views
115
strongm
strongm
javierdlm001
  • Locked
  • Question
Can I make a LAN with my ISP's home modem? 1
Replies
2
Views
49
javierdlm001
javierdlm001
JerryR
  • Locked
  • Question
Windows 7 - Windows Search 1
Replies
10
Views
89
xwb
xwb

Part and Inventory Search

Sponsor

Back
Top