Re: [PCWorks] FireFox has malware that can't be removed WAS: Why can't this IP/website be blocked in the Hosts file?
- From: "Clint Hamilton-PCWorks Admin" <PCWorks@xxxxxxxxxxxxxxxxxxxxxxxx>
- To: "PCWorks@xxxxxxxxxxxxx" <pcworks@xxxxxxxxxxxxx>
- Date: Thu, 14 Mar 2013 05:36:13 -0500
Well after updating FireFox the issue STILL remains! At first
it appeared to fix the problem, but yesterday I was once again
redirected and hijacked to one of the parasite Geoads.com sub
domains! (So far I've had to add clicks1.geoads.com thru
clicks9.geoads.com in my Hosts file, and that's just from that
ONE hideous domain).
Surely there's got to be a FireFox user out there that can tell
me how to check into this problem?
-Clint
----- Original Message -----
>Have you run "hijackthis"?
"I've run scans with all of my anti-malware programs (~a dozen)
and they find NOTHING." Yeah, HJT was one of them, I've
been using it since it's been out. It's usually quite good at
finding these sorts of things, but not this time. (FTR, I've
run 2 versions of AdAware, 2 versions of SpyBot, MalwareBytes,
SpyWare Terminator, MSE, Comodo, CWShredder [which they
haven't updated it in SEVEN years], SUPERAntiSpyware,
3 products from a-Squared, and SpyWare Blaster is installed).
No, I actually haven't tried removing it and installing again
because I'll lose all of my settings. (Right? Again, I'm not
all that familiar with FF because it's not my main browser).
It's an old version (of course due to extensions/plug-ins not
working on the newest versions), it's v3.5.17. The last time I
tried to update it, it became so unstable (even slower, and
sucked up even more memory and resources) that I had to go
back, and that was quite a task. Yes I have that extension
installed and it's set to remove all Flash, LSO's, etc., when
FF is closed. (Oh ****, I just tried to update it and INSTEAD
OF it telling me more about the update, it just flat-out
updated! The "Details" link just went to some almost blank
generic page!
https://www.mozilla.org/en-US/firefox/3.6/details/ Now I'm
hosed again! And now I remember more: They actually have the
gall to say on that page "Works with all your add-ons" and
"Faster and more stable browsing" which is BS!)
Now I'm going to have to deal with that and try and remember
how I fixed that the last time it updated. But, oddly, so far
looks ok. I'll have to do some checking to see if that also
happened to fix the hijacking issues.
I once had a phantom (invisible) Hosts file, but not this time.
Thanks Ben,
-Clint
God Bless,
Clint Hamilton, Owner
www.OrpheusComputing.com
www.ComputersCustomBuilt.com
www.OrpheusComputing.com/most_reliable_cheapest_webhosting.html
www.OrpheusComputing.com/office/computer_accessories.html
----- Original Message -----
From: "Ben Moore"
Hi Clint,
Have you completely uninstalled Firefox and reinstalled? (I'm
assuming you
have) Current version of FF? Have you removed the LSO's or
flash cookies.
There is an extension for Firefox called "Better Privacy" that
will let you
manage those. There are others too.
Could you have a phantom hosts file running around someplace?
Have you run "hijackthis"?
http://sourceforge.net/projects/hjt/
This site will analyze the log file for you.
http://www.hijackthis.de/en
There is also a forum where you can discuss the hijackthis
results but I
can't seem to find it right now.
Weird that it is affecting Firefox all the time, Chrome
intermittently and
IE not at all.
Ben
-----Original Message-----
I found out more info on this below, but I still have the
problem. For quite some time now, FireFox has been UNUSABLE.
I've run scans with all of my anti-malware programs (~a dozen)
and they find NOTHING. Every time I open it and try to go
ANYWHERE, it goes to the correct page for a second or two, but
then gets hijacked and redirected 3-4 times to various
cyber-terrorist websites. I've had to add so many domains and
IP's to my Hosts file that I'm sure it's really bloated now.
That IP below is one of them. Just as a thought, I tried to
search for that IP, and look what you find. That domain/IP (as
I already knew) is one of these cyber-terrorist domains and is
associated with browser hijacking/redirect malware.
IE is NOT affected. Chrome is occasionally, but FF is the
worst. I'm looking at these search results now, but they all
appear to be generic BS for newbies (things I already do on a
regular basis)! (Still looking for a fix).
FF has no Cookies, (and only a few are saved in IE, the rest
are automatically dumped, but I can't find out how to do that
in Chrome, so I have to manually delete Cookies in it and then
lose all of my site data).
But I still can't figure out why that IP address below cannot
be blocked. Even if it's malware, it should still be blocked
by the Hosts file. My Hosts file looks ok, nothing strange
about it.
I also can't figure out why so many anti-malware programs find
nothing wrong.
-Clint
----- Original Message -----
Does anyone have a clue as to why this IP/website cannot be
blocked in the Hosts file?
http://63.209.69.107
It's been in my Hosts file for a long time and my browsers
still get hijacked by it and I can still access that URL! How
is this possible? I have many other IP's in my Hosts file and
they are blocked when I try and access them! What's so
"special" about that one?
Thanks,
-Clint
=========================
The list's FAQ's can be seen by sending an email to
PCWorks-request@xxxxxxxxxxxxx with FAQ in the subject line.
To unsubscribe, subscribe, set Digest or Vacation to on or off, go to
//www.freelists.org/list/pcworks . You can also send an email to
PCWorks-request@xxxxxxxxxxxxx with Unsubscribe in the subject line. Your
member list settings can be found at
//www.freelists.org/cgi-bin/lsg2.cgi/l=pcworks . Once logged in, you have
access to numerous other email options.
The list archives are located at //www.freelists.org/archives/pcworks/ .
All email posted to the list will be placed there in the event anyone needs to
look for previous posts.
-zxdjhu-
Other related posts:
