PDA

View Full Version : firefox hijacks home page



mark c
14-12-2011, 04:46 PM
Hi, Windows 7 Prof. with AVG, windows firewall and CCleaner. I've set the homepage with Firefox 8 to Yahoo email but periodically Mozilla butts in advertising itself. I'm a fan and never had this before. Only every so often and haven't been able to find out why, what circumstances, history etc., and can't find anything in a Google search. Plenty of fixes for Firefox being hijacked to something else but not to Firefox itself. Anyone got any ideas or experiences of this? It's only an annoyance. I can easly reset the homepage back to Yahoo. More puzzled than anything else. Could it be to do with whether or not you opt in to send feedback? Under Help/About Firefox it says I'm currently on the release update channel but no idea what this is.

mark c
14-12-2011, 05:25 PM
I should have added that this has only started in the last 3-4 days with no changes to the comp. No programs added/removed/altered. In Firefox I did 'stop images loading automatically' under Tools and through about:config changed 'image animation' to 'none'. Had this comp brand new since Oct 15. and no other problems.

Speedy Gonzales
14-12-2011, 06:17 PM
Do a full scan with malwarebytes

mark c
14-12-2011, 07:59 PM
OK thanks very much. Haven't got malwarebytes on this comp though have had it before. Bit odd that something intrusive should produce a Mozilla page. Will try it and get back. - M

mark c
14-12-2011, 08:26 PM
Tried downloading malwarebytes but comp seemed to get jammed so cleared everything using CCleaner and ran AVG (2012.0.1890) and found "Trojan Horse Generic26.YRW" and removed. See how it goes. Still seems very odd to me that any infection should flip into a Mozilla page. Of course it could be a dummy but it looked legitimate to me as had various (convincing)pages. See if I can find the URL next time.
Many thanks - M

EDIT Just had a look around and found from Malwarebytes forum that a lot of malware will block the install by the name. I mean 'Malwarebytes'. And the solution was simply to rename.
http://forums.malwarebytes.org/index.php?showtopic=5654

Speedy Gonzales
14-12-2011, 08:33 PM
Wonder if its Java if you use it. If this is installed, what version is installed?? You should only have 1 version of Java installed. (the latest). If there's more than one version installed, uninstall ALL previous versions. They'll have vulnerabilities

mark c
15-12-2011, 05:52 AM
Hmmm I think I noticed something about multiple Java. In a hurry rushing out the door right now but will check. Thanks

mark c
15-12-2011, 07:13 PM
I can only find one version of Java, jre6 -does that make sense?

I installed Malwarebytes and ran a full scan in safe mode, three infected files which didn't look like what AVG found but couldn't eliminate. AVG says - TrojanHorseGeneric26.YRW and .ZOU and also C:/Windows/Temp/pwjciv/setup.exe and also, instead of the pwjciv, tuotoe Malwarebytes says they're removed but the same symptons are here.

Bit of a worry, there is an option (in AVG) to sort of 'lock them down' instead of get rid of them. Maybe that's the next option. I realise I have brought this on myself by straying off the straight and narrow, pure and wholesome, path of the internet into the dark and profitable underbelly so very much appreciate your help.

It does seem to be mostly a nuisance, but anything with 'trojan horse' in it is a worry too.

Thanks very much for your help.

Speedy Gonzales
15-12-2011, 07:29 PM
Close browsers. Install ccleaner then run it. Then click on run cleaner. That should remove whats in the temp folder. What version of Java is installed?? I think the latest is either 6 update 29. Or 7 update 2

mark c
16-12-2011, 09:20 AM
Hi, from putting in Java -version in the Command Prompt I get "1.6.0_29" From Java/properties in program files it all says jre6.

I've run CCleaner several times and rebooted, and done it in Safe Mode and still get the Mozilla page taking over homepage. I notice in CCleaner it's got 'Temporary Internet Files' to be deleted for Internet Explorer (which I don't use) so presumably under 'System' where it's got 'Temporary Files' to be deleted that means the temp files accumulated by Firefox?

In Windows/Temp I've got....

MPTelemetry Submit
sqpoqf
avginfo.id
MpCmdRun

...that won't go away. Is there a way to delete these files while I've got Windows/Temp open without activating them?

Speedy Gonzales
16-12-2011, 09:37 AM
I think the 1st and 4th file you posted, belong to Microsoft Sec essentials. Is Picassa installed that sqpoqf may belong to that. Run ccleaner again then go to options / advanced. Untick the 2nd option. Then click on run cleaner again. Temp files can mean / be files that install files have extracted (when you go to install whatever program). They go into the temp folder, before whatever program gets installed

Pancake
16-12-2011, 10:47 AM
MPTelemetry Submit,sqpoqf,avginfo.id,MpCmdRun These belong to Window Defender an VirSCAN.Leave them,they are fine to stay.

mark c
16-12-2011, 02:01 PM
No Picassa.
I ran CCleaner then unticked the option suggested under options/advanced, ran CCleaner again, rebooted twice and everything seems to be OK. Yahoo-email stays as the homepage, no alerts from AVG, all files previously in Temp gone. I guess the Windows Defender and VirSCAN files are truly temporary.
So...looks Good! Thanks very much to you both for your help, very very much appreciate it. mark c