Have you completely uninstalled Firefox and reinstalled? And when you uninstall it, go through your computer and make sure every single file has been deleted. That's what I would do. There just aren't that many settings to make that a terrible chore. Then reinstall and if it's still happening it's something on your computer that's doing it and not specifically Firefox. I don't know what is going on with your computer, Clint. In 15+ years I've absolutely never had to do anything to my hosts file. I'm careful but not to the extreme. Seems like you've spent enough time on this that it's just time to rip it out and start over. Is this still happening sometimes in your other browsers? I just googled geoads which I'm sure you've done and some are talking about an extension geoads installs in browsers. You have checked your extensions in Firefox? Ben -----Original Message----- From: pcworks-bounce@xxxxxxxxxxxxx [mailto:pcworks-bounce@xxxxxxxxxxxxx] On Behalf Of Clint Hamilton-PCWorks Admin Sent: Thursday, March 14, 2013 6:36 AM To: PCWorks@xxxxxxxxxxxxx Subject: Re: [PCWorks] FireFox has malware that can't be removed WAS: Why can't this IP/website be blocked in the Hosts file? Well after updating FireFox the issue STILL remains! At first it appeared to fix the problem, but yesterday I was once again redirected and hijacked to one of the parasite Geoads.com sub domains! (So far I've had to add clicks1.geoads.com thru clicks9.geoads.com in my Hosts file, and that's just from that ONE hideous domain). Surely there's got to be a FireFox user out there that can tell me how to check into this problem? -Clint ----- Original Message ----- >Have you run "hijackthis"? "I've run scans with all of my anti-malware programs (~a dozen) and they find NOTHING." Yeah, HJT was one of them, I've been using it since it's been out. It's usually quite good at finding these sorts of things, but not this time. (FTR, I've run 2 versions of AdAware, 2 versions of SpyBot, MalwareBytes, SpyWare Terminator, MSE, Comodo, CWShredder [which they haven't updated it in SEVEN years], SUPERAntiSpyware, 3 products from a-Squared, and SpyWare Blaster is installed). No, I actually haven't tried removing it and installing again because I'll lose all of my settings. (Right? Again, I'm not all that familiar with FF because it's not my main browser). It's an old version (of course due to extensions/plug-ins not working on the newest versions), it's v3.5.17. The last time I tried to update it, it became so unstable (even slower, and sucked up even more memory and resources) that I had to go back, and that was quite a task. Yes I have that extension installed and it's set to remove all Flash, LSO's, etc., when FF is closed. (Oh ****, I just tried to update it and INSTEAD OF it telling me more about the update, it just flat-out updated! The "Details" link just went to some almost blank generic page! https://www.mozilla.org/en-US/firefox/3.6/details/ Now I'm hosed again! And now I remember more: They actually have the gall to say on that page "Works with all your add-ons" and "Faster and more stable browsing" which is BS!) Now I'm going to have to deal with that and try and remember how I fixed that the last time it updated. But, oddly, so far looks ok. I'll have to do some checking to see if that also happened to fix the hijacking issues. I once had a phantom (invisible) Hosts file, but not this time. Thanks Ben, -Clint God Bless, Clint Hamilton, Owner www.OrpheusComputing.com www.ComputersCustomBuilt.com www.OrpheusComputing.com/most_reliable_cheapest_webhosting.html www.OrpheusComputing.com/office/computer_accessories.html ----- Original Message ----- From: "Ben Moore" Hi Clint, Have you completely uninstalled Firefox and reinstalled? (I'm assuming you have) Current version of FF? Have you removed the LSO's or flash cookies. There is an extension for Firefox called "Better Privacy" that will let you manage those. There are others too. Could you have a phantom hosts file running around someplace? Have you run "hijackthis"? http://sourceforge.net/projects/hjt/ This site will analyze the log file for you. http://www.hijackthis.de/en There is also a forum where you can discuss the hijackthis results but I can't seem to find it right now. Weird that it is affecting Firefox all the time, Chrome intermittently and IE not at all. Ben -----Original Message----- I found out more info on this below, but I still have the problem. For quite some time now, FireFox has been UNUSABLE. I've run scans with all of my anti-malware programs (~a dozen) and they find NOTHING. Every time I open it and try to go ANYWHERE, it goes to the correct page for a second or two, but then gets hijacked and redirected 3-4 times to various cyber-terrorist websites. I've had to add so many domains and IP's to my Hosts file that I'm sure it's really bloated now. That IP below is one of them. Just as a thought, I tried to search for that IP, and look what you find. That domain/IP (as I already knew) is one of these cyber-terrorist domains and is associated with browser hijacking/redirect malware. IE is NOT affected. Chrome is occasionally, but FF is the worst. I'm looking at these search results now, but they all appear to be generic BS for newbies (things I already do on a regular basis)! (Still looking for a fix). FF has no Cookies, (and only a few are saved in IE, the rest are automatically dumped, but I can't find out how to do that in Chrome, so I have to manually delete Cookies in it and then lose all of my site data). But I still can't figure out why that IP address below cannot be blocked. Even if it's malware, it should still be blocked by the Hosts file. My Hosts file looks ok, nothing strange about it. I also can't figure out why so many anti-malware programs find nothing wrong. -Clint ----- Original Message ----- Does anyone have a clue as to why this IP/website cannot be blocked in the Hosts file? http://63.209.69.107 It's been in my Hosts file for a long time and my browsers still get hijacked by it and I can still access that URL! How is this possible? I have many other IP's in my Hosts file and they are blocked when I try and access them! What's so "special" about that one? Thanks, -Clint ========================= The list's FAQ's can be seen by sending an email to PCWorks-request@xxxxxxxxxxxxx with FAQ in the subject line. To unsubscribe, subscribe, set Digest or Vacation to on or off, go to //www.freelists.org/list/pcworks . You can also send an email to PCWorks-request@xxxxxxxxxxxxx with Unsubscribe in the subject line. Your member list settings can be found at //www.freelists.org/cgi-bin/lsg2.cgi/l=pcworks . Once logged in, you have access to numerous other email options. The list archives are located at //www.freelists.org/archives/pcworks/ . All email posted to the list will be placed there in the event anyone needs to look for previous posts. -zxdjhu-