Re: [PCWorks] Firefox has malware that can't be removed WAS: Why can't this IP/website be blocked in the Hosts file?
- From: "Clint-OrpheusComputing.com" <orpheuscomputing@xxxxxxxxx>
- To: "PCWorks@xxxxxxxxxxxxx" <pcworks@xxxxxxxxxxxxx>
- Date: Fri, 15 Mar 2013 04:20:34 -0500
I believe the reason it looked like it was fixed at first after
updating was due to an extension I re-enabled again,
"NoScripts". It seems to help, but it didn't fix the entire
problem.
No I haven't COMPLETELY removed it and reinstalled it:
"No, I actually haven't tried removing it and installing again
because I'll lose all of my settings. (Right? Again, I'm not
all that familiar with FF because it's not my main browser)."
Is there any way to save FF settings?
I was using Kaspersky for years but after them forcing users to
upgrade to new versions and with each newer version being more
screwed up than before, I had enough of that. It had an
anti-banner feature on it where you could simply right click
any annoying image ad and "block" it. So without that feature,
I'm forced to block these annoyances with the Hosts file,
therefore I got rather familiar with it. I have no other
choice than to block these parasite websites that way,
otherwise the redirects and pop-ups & pop-unders would go
on in an infinite loop crashing the PC. Now when it redirects
to a blocked domain or IP in the Hosts file, the redirect loops
at least stop for that session.
I have most of the EXTENSIONS disabled, and the ones that still
enabled I've had for years and they have not been changed. I
saw this: https://support.mozilla.org/en-US/questions/890097
which is my problem, but I of course don't have the GeoAds
extension or add-on. (It isn't just GeoAds, it's countless
other domains and IP's). I then checked the "PLUGINS" area (a
different area) and I'm not very familiar with that area. Most
of those I didn't install myself so I don't know anything about
those, however most of them I AM familiar with the names. I
see a "Google update" and I have no idea what that is. I can't
imagine that doing it, unless it happens to be from somewhere
else other than G. There's no info about it listed (nor is
there any info about any of them in that area). I see that
person affected at that URL also had that G update installed,
but there's no comments about that. It would help if that area
had something like "Date installed" which could narrow it down,
but it does not. I disabled the G update, I'll see what
happens. I'll have to do a lot of testing (bookmarks, and in
IE right click and "Open in Firefox").
This person still has it after reinstalling both XP and
FireFox!
http://forums.techguy.org/web-email/1019275-problem-geoads-advert-windows.html
What extension did you see that did this?
I tried searching for:
geoads firefox redirect OR hijacked OR redirected OR redirects
...and there's oddly very little info. (No surprise most of
the results are irrelevant).
No I haven't noticed it happening anymore in IE and Chrome,
just FF.
-Clint
God Bless,
Clint Hamilton, Owner
www.OrpheusComputing.com
www.ComputersCustomBuilt.com
www.OrpheusComputing.com/most_reliable_cheapest_webhosting.html
www.OrpheusComputing.com/office/computer_accessories.html
----- Original Message -----
From: "Ben Moore"
Have you completely uninstalled Firefox and reinstalled? And
when you
uninstall it, go through your computer and make sure every
single file has
been deleted. That's what I would do. There just aren't that
many settings
to make that a terrible chore. Then reinstall and if it's
still happening
it's something on your computer that's doing it and not
specifically
Firefox.
I don't know what is going on with your computer, Clint. In
15+ years I've
absolutely never had to do anything to my hosts file. I'm
careful but not
to the extreme. Seems like you've spent enough time on this
that it's just
time to rip it out and start over.
Is this still happening sometimes in your other browsers? I
just googled
geoads which I'm sure you've done and some are talking about an
extension
geoads installs in browsers. You have checked your extensions
in Firefox?
Ben
-----Original Message-----
Well after updating FireFox the issue STILL remains! At first
it appeared to fix the problem, but yesterday I was once again
redirected and hijacked to one of the parasite Geoads.com sub
domains! (So far I've had to add clicks1.geoads.com thru
clicks9.geoads.com in my Hosts file, and that's just from that
ONE hideous domain).
Surely there's got to be a FireFox user out there that can tell
me how to check into this problem?
-Clint
----- Original Message -----
>Have you run "hijackthis"?
"I've run scans with all of my anti-malware programs (~a dozen)
and they find NOTHING." Yeah, HJT was one of them, I've
been using it since it's been out. It's usually quite good at
finding these sorts of things, but not this time. (FTR, I've
run 2 versions of AdAware, 2 versions of SpyBot, MalwareBytes,
SpyWare Terminator, MSE, Comodo, CWShredder [which they
haven't updated it in SEVEN years], SUPERAntiSpyware,
3 products from a-Squared, and SpyWare Blaster is installed).
No, I actually haven't tried removing it and installing again
because I'll lose all of my settings. (Right? Again, I'm not
all that familiar with FF because it's not my main browser).
It's an old version (of course due to extensions/plug-ins not
working on the newest versions), it's v3.5.17. The last time I
tried to update it, it became so unstable (even slower, and
sucked up even more memory and resources) that I had to go
back, and that was quite a task. Yes I have that extension
installed and it's set to remove all Flash, LSO's, etc., when
FF is closed. (Oh ****, I just tried to update it and INSTEAD
OF it telling me more about the update, it just flat-out
updated! The "Details" link just went to some almost blank
generic page!
https://www.mozilla.org/en-US/firefox/3.6/details/ Now I'm
hosed again! And now I remember more: They actually have the
gall to say on that page "Works with all your add-ons" and
"Faster and more stable browsing" which is BS!)
Now I'm going to have to deal with that and try and remember
how I fixed that the last time it updated. But, oddly, so far
looks ok. I'll have to do some checking to see if that also
happened to fix the hijacking issues.
I once had a phantom (invisible) Hosts file, but not this time.
Thanks Ben,
-Clint
God Bless,
Clint Hamilton, Owner
www.OrpheusComputing.com
www.ComputersCustomBuilt.com
www.OrpheusComputing.com/most_reliable_cheapest_webhosting.html
www.OrpheusComputing.com/office/computer_accessories.html
----- Original Message -----
From: "Ben Moore"
Hi Clint,
Have you completely uninstalled Firefox and reinstalled? (I'm
assuming you
have) Current version of FF? Have you removed the LSO's or
flash cookies.
There is an extension for Firefox called "Better Privacy" that
will let you
manage those. There are others too.
Could you have a phantom hosts file running around someplace?
Have you run "hijackthis"?
http://sourceforge.net/projects/hjt/
This site will analyze the log file for you.
http://www.hijackthis.de/en
There is also a forum where you can discuss the hijackthis
results but I
can't seem to find it right now.
Weird that it is affecting Firefox all the time, Chrome
intermittently and
IE not at all.
Ben
-----Original Message-----
I found out more info on this below, but I still have the
problem. For quite some time now, FireFox has been UNUSABLE.
I've run scans with all of my anti-malware programs (~a dozen)
and they find NOTHING. Every time I open it and try to go
ANYWHERE, it goes to the correct page for a second or two, but
then gets hijacked and redirected 3-4 times to various
cyber-terrorist websites. I've had to add so many domains and
IP's to my Hosts file that I'm sure it's really bloated now.
That IP below is one of them. Just as a thought, I tried to
search for that IP, and look what you find. That domain/IP (as
I already knew) is one of these cyber-terrorist domains and is
associated with browser hijacking/redirect malware.
IE is NOT affected. Chrome is occasionally, but FF is the
worst. I'm looking at these search results now, but they all
appear to be generic BS for newbies (things I already do on a
regular basis)! (Still looking for a fix).
FF has no Cookies, (and only a few are saved in IE, the rest
are automatically dumped, but I can't find out how to do that
in Chrome, so I have to manually delete Cookies in it and then
lose all of my site data).
But I still can't figure out why that IP address below cannot
be blocked. Even if it's malware, it should still be blocked
by the Hosts file. My Hosts file looks ok, nothing strange
about it.
I also can't figure out why so many anti-malware programs find
nothing wrong.
-Clint
----- Original Message -----
Does anyone have a clue as to why this IP/website cannot be
blocked in the Hosts file?
http://63.209.69.107
It's been in my Hosts file for a long time and my browsers
still get hijacked by it and I can still access that URL! How
is this possible? I have many other IP's in my Hosts file and
they are blocked when I try and access them! What's so
"special" about that one?
Thanks,
-Clint
=========================
The list's FAQ's can be seen by sending an email to
PCWorks-request@xxxxxxxxxxxxx with FAQ in the subject line.
To unsubscribe, subscribe, set Digest or Vacation to on or off, go to
//www.freelists.org/list/pcworks . You can also send an email to
PCWorks-request@xxxxxxxxxxxxx with Unsubscribe in the subject line. Your
member list settings can be found at
//www.freelists.org/cgi-bin/lsg2.cgi/l=pcworks . Once logged in, you have
access to numerous other email options.
The list archives are located at //www.freelists.org/archives/pcworks/ .
All email posted to the list will be placed there in the event anyone needs to
look for previous posts.
-zxdjhu-
Other related posts:
