What has hijacked Firefox?
May 18, 2008 5:14 PM Subscribe
My Dell Win XP laptop caught some kind of infection via Limewire which blocks Firefox from loading and produces contast popup ads via IE. I never use IE. I've removed Firefox and redownloaded it. Still doesn't load. I've run Ad-Aware, RegScrub, and every other spyware program I know about.
What happened, and how do I fix it?
Try System Restore. Othewise, you may have to nuke it from orbit (reimage the drive).
posted by Optamystic at 5:44 PM on May 18, 2008
posted by Optamystic at 5:44 PM on May 18, 2008
The first time this happened to me, I made a list of everything I needed to do when I reformatted (which software, drivers, etc to reinstall, preferences to set, etc.), and stored that list on my ftp server.
The subsequent 3 times I've orbitally nuked the laptop, resetting it to my liking took all of 20 or 30 minutes, instead of days of poking around the system prefs and the web, trying to remember they way I had it.
Good luck!
PS also buy a Mac. LOL!
posted by Aquaman at 7:10 PM on May 18, 2008
The subsequent 3 times I've orbitally nuked the laptop, resetting it to my liking took all of 20 or 30 minutes, instead of days of poking around the system prefs and the web, trying to remember they way I had it.
Good luck!
PS also buy a Mac. LOL!
posted by Aquaman at 7:10 PM on May 18, 2008
What about antivirus software? Are you running it? did you scan with that?
If you run Limewire you take this risk. Really, with the cost of cheap laptops, it almost seems to pay to buy a real cheapie dedicated to stealing songs and movies. After you are sure they are legit, move them to your main machine. When they get infected, reformat and start again without disrupting all your other stuff.
posted by caddis at 7:37 PM on May 18, 2008
If you run Limewire you take this risk. Really, with the cost of cheap laptops, it almost seems to pay to buy a real cheapie dedicated to stealing songs and movies. After you are sure they are legit, move them to your main machine. When they get infected, reformat and start again without disrupting all your other stuff.
posted by caddis at 7:37 PM on May 18, 2008
Reformat and stop using crappy LimeWire. If you must pirate something, use a torrent site. Read the comments and scan the files before running anything. Better yet, install on a virtual machine first before potentially infecting your main drive.
posted by T.D. Strange at 8:29 PM on May 18, 2008
posted by T.D. Strange at 8:29 PM on May 18, 2008
Use HijackThis and remove suspicious entries - they're usually really obvious, but be careful as you could remove something you actually need. You can go to CastleCops and post a log there and ask them what you should get rid of.
Some malware which is already running can add the entries back in as soon as you remove them, and you won't be able to delete their file while it's running. Going into Safe Mode will allow you to delete these ones, as Windows will only load the bare minimum stuff needed to run (instead of all the varous dlls and exes generated by the malware). To get into safe mode, you usually repeatedly hit F7 or F8 (I forget, look it up) as (or before) Windows is starting up.
You can also use System Repair Engineer as it's a bit more intuitive than HijackThis.
Safe Mode and HijackThis are usually enough to take care of most malware problems, but you might need to do a couple passes with HijackThis as you won't always catch everything the first time. Good luck.
posted by pravit at 9:15 PM on May 18, 2008 [1 favorite]
Some malware which is already running can add the entries back in as soon as you remove them, and you won't be able to delete their file while it's running. Going into Safe Mode will allow you to delete these ones, as Windows will only load the bare minimum stuff needed to run (instead of all the varous dlls and exes generated by the malware). To get into safe mode, you usually repeatedly hit F7 or F8 (I forget, look it up) as (or before) Windows is starting up.
You can also use System Repair Engineer as it's a bit more intuitive than HijackThis.
Safe Mode and HijackThis are usually enough to take care of most malware problems, but you might need to do a couple passes with HijackThis as you won't always catch everything the first time. Good luck.
posted by pravit at 9:15 PM on May 18, 2008 [1 favorite]
Mod note: comment removed - the next person who decides "get a mac" is a helpful non-wisecrack answer to this question should probably reconsider.
posted by jessamyn (staff) at 9:19 PM on May 18, 2008 [4 favorites]
posted by jessamyn (staff) at 9:19 PM on May 18, 2008 [4 favorites]
Also, I forgot to mention that when you locate a suspicious entry in HijackThis, you should make a note of it (save a text file or whatever) and then go and delete it - most malware likes to hide in C:\Windows\System32, C:\Windows or thereabouts. Again, you will probably need to go into Safe Mode to remove it.
posted by pravit at 9:21 PM on May 18, 2008
posted by pravit at 9:21 PM on May 18, 2008
Get a ... er ...
Did you create a new profile for Firefox, or did you try to just use your old one? It's entirely possible that whatever it tried to do to Firefox borked your profile rather than the software itself. Run firefox -profilemanager in your Firefox program folder and see if you can make a new working profile. Also try running Firefox (Safe Mode) from the start menu. This will run a basic setup of Firefox with no Add-ons.
posted by dhartung at 9:37 PM on May 18, 2008
Did you create a new profile for Firefox, or did you try to just use your old one? It's entirely possible that whatever it tried to do to Firefox borked your profile rather than the software itself. Run firefox -profilemanager in your Firefox program folder and see if you can make a new working profile. Also try running Firefox (Safe Mode) from the start menu. This will run a basic setup of Firefox with no Add-ons.
posted by dhartung at 9:37 PM on May 18, 2008
If you ever use the machine for ecommerce, PayPal, online banking, even email, then don't bother trying to clean it up. Just wipe everything, reinstall, and try not to make the same mistake again.
posted by malevolent at 12:21 AM on May 19, 2008
posted by malevolent at 12:21 AM on May 19, 2008
To save yourself a lot of trouble in the future:
1. To make future re-installs easier: Make an XP SP3 CD if you have the original install disk (some OEM disks will work, others may not). I use nLite to make the disk, just download the service pack and let the program slipstream it, don't worry about any of the other options unless you really want to. Use this disk to reinstall your OS. Back up everything that is an important file, then wipe the drive and start over.
2. To keep your current install from getting messed up again: Download Microsoft VirtualPC 2007. It's free. Set up a virtual install of Windows (you can use any pre-Vista Windows OS you want, basically - 2000 or XP work well, but go nuts with older versions if you can find the software you need). Enable the "backup disks" option and install the Virtual Machine Tools. Don't install anything else.
When you want to do something risky online, use the VirtualPC install. Run your risky programs (LimeWire, etc) inside the virtual system. It will be a bit slow, but if anything goes wrong, all you have to do is kill it and don't save changes to the machine. It makes a "sandbox" for you, a safe place to run risky things. Be aware that it isn't perfect; with the Virtual Machine Tools installed, you get drag-and-drop between the systems, but this also means that any network-aware viruses can sneak between the virtual and actual OS, so keep your AV up to date.
posted by caution live frogs at 5:55 AM on May 19, 2008 [1 favorite]
1. To make future re-installs easier: Make an XP SP3 CD if you have the original install disk (some OEM disks will work, others may not). I use nLite to make the disk, just download the service pack and let the program slipstream it, don't worry about any of the other options unless you really want to. Use this disk to reinstall your OS. Back up everything that is an important file, then wipe the drive and start over.
2. To keep your current install from getting messed up again: Download Microsoft VirtualPC 2007. It's free. Set up a virtual install of Windows (you can use any pre-Vista Windows OS you want, basically - 2000 or XP work well, but go nuts with older versions if you can find the software you need). Enable the "backup disks" option and install the Virtual Machine Tools. Don't install anything else.
When you want to do something risky online, use the VirtualPC install. Run your risky programs (LimeWire, etc) inside the virtual system. It will be a bit slow, but if anything goes wrong, all you have to do is kill it and don't save changes to the machine. It makes a "sandbox" for you, a safe place to run risky things. Be aware that it isn't perfect; with the Virtual Machine Tools installed, you get drag-and-drop between the systems, but this also means that any network-aware viruses can sneak between the virtual and actual OS, so keep your AV up to date.
posted by caution live frogs at 5:55 AM on May 19, 2008 [1 favorite]
What caution live frogs said, plus if you're going to do anything risky on your machine (like use Limewire), I've found it's a good idea to make a drive image (like with Ghost or similar software) of a clean system install plus drivers and must-have software (like your fave office suite, antivirus, Adobe Reader, Firefox w/ no plugins). Then, if your system does get infected, you just back up documents/images and restore from your drive image. You're back up and running in a tiny fraction of the time it takes to install Windows, drivers, and basic software, maybe 20 minutes, tops.
posted by notashroom at 11:52 AM on May 19, 2008
posted by notashroom at 11:52 AM on May 19, 2008
This thread is closed to new comments.
But you could have and MBR virus, a rootkit, or indeed, several problems, concurrently. Trusting some other software to run on a system that is known to be compromised can't be guaranteed to get at all the problems, as once a machine is booted with a virus or rootkit in memory, the virus or rootkit can prevent other processes gaining the privileges needed to eliminate them.
posted by paulsc at 5:43 PM on May 18, 2008