Hello, this is my fist post. AdwCleaner is an amazing tool which saved my skin multiple times, but now I have an issue.

This is from the log:

***** [ Folders ] *****

Folder Found:  C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1

When I don't uncheck it, then AdwCleaner removes my whole Firefox profile folder, so I lose all my seetings, browsing history, etc. I had to take it out from the quarantine.

But it does not tell me what spefically in that directory is wrong.

Re: AdwCleamer wants to delete my whole Firefox profile folder

Hello,

This detection is triggered by the fake firefox profile generic, which is a FP in your case.. Please uncheck it before cleaning.

Can you share the whole logfile too?

Thanks,

Re: AdwCleamer wants to delete my whole Firefox profile folder

You mean this?

http://pastebin.com/i8fdnHka

Thse issuses are in the log every time I do a scan. Either AdwCleaner does not remove them, or I still have some residual malware which puts it back.

Re: AdwCleamer wants to delete my whole Firefox profile folder

Hello,

Sorry I was unclear. You can deselect the element "C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1" from the "Folders", and do a clean.

This element seems to be a FP caused by a generic detection.

Best regards,

Re: AdwCleamer wants to delete my whole Firefox profile folder

This element seems to be a FP caused by a generic detection.  

Sorry, but I don't think so.

There are  - only at the german TB forum - at least 50 topics with this ff profilename "41A66E7E5EE1".

Usually, every ff profilename is almost unique, 41A66E7E5EE1 isn't unique.

It is related to Yondoo browser hijacker, I've seen multiple topics with this variant.

 

my suggestion:

Check profiles.ini contents including FRST scan to be sure.

 

just my 2 cents...

Re: AdwCleamer wants to delete my whole Firefox profile folder

You're right, nice catch! But that really is my main firefox profile. Did malware hacked its name, or what?

I searech for this profile ID and found in int he following places:

c:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41a66e7e5ee1

c:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41a66e7e5ee1

 

I am certain that when I told adwcleaner to delete this folder, my firefox profile got deleted.

But I also noticed, that I  have another folder which looks like my profile (even has my nickname in the folder name - 4ui6vnjc.Simplex) but it was last updated on october 20th.

This is my profiles.ini file:

[General]
StartWithLastProfile=0

[Profile0]
Name=Simplex.OLD
IsRelative=1
Path=Profiles/4ui6vnjc.Simplex

[Profile1]
Name=Firefox Default
IsRelative=1
Path=Profiles/41A66E7E5EE1
Default=1

I hope you can help me get to the bottom of this and remove the malware.

EDIT:

I just checked my original profile, it's very old. It looks like as some point my profile was somehow moved to that "malware" profile? How do I keep my profile data (tabs, history, etc) without the malware?

Re: AdwCleamer wants to delete my whole Firefox profile folder

Hello,

Thanks M-K-D-B, sorry for misunderstanding.

@Simplex: Can you zip me the folder "C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1" and your profile: "4ui6vnjc.Simplex" ? I'll merge the two so that you'll find a clean profile, and you will be able to clean with AdwCleaner the malicious one.

Thanks,

Re: AdwCleamer wants to delete my whole Firefox profile folder

I created new firefox profile using Profile Manager, then I copied all files fromt the old profile to the new one. AdwCleaner did not detect any suspicious files in that new profile folder, so I guess I'm good?