Re: area51buy.com hijack

Thanks! What files from firefox profile should I upload? Logs:

MalwareBytes: https://pastebin.com/8Cr1dNMP

AdwCleaner: https://pastebin.com/NatkW1J6

Addons: https://pastebin.com/4ZgCDJsT

 

EDIT: I just checked gearbest.com and now the page loads. I don't know what happened, but it's fixed.

Re: area51buy.com hijack

Hello,

I can send files from my firefox profile if that helps (I did a full text search on all files in my profile for text string "area51buy.com" but nothing relevant was found)

Simplex, 2017-11-09 12:10:12 (UTC)

Yes, please do. I'm sure we'll find a solution.

Also,

Can you give me the list of your installed addons - in Firefox?

Also, please share the AdwCleaner/Malwarebytes logfiles.

...

Re: area51buy.com hijack

Thanks for replying. I tested it with all addons disabled and the problem is still there. Both AdwCleaner and MalwareBytes tell me that "no threates were found".

I created a new clean Firefox profile and that problem disappeared, but I would like to be able to remove it from my current profile (to preserve history, open tabs, etc.)

I can send files from my firefox profile if that helps (I did...

Re: area51buy.com hijack

Greetings,

Can you give me the list of your installed addons - in Firefox?

Also, please share the AdwCleaner/Malwarebytes logfiles.

Thanks!

Re: AdwCleaner 7.0.4.0 not a valid application

dans AdwCleaner par dschulze

The version of DownThemAll at the link you gave is 3.0.2, which is more than a year old. The version I have installed is 3.0.8, which is at https://addons.mozilla.org/en-US/firefox/addon/downthemall/. (You can only install that version from within Firefox.) However, it looks like it is only a little more recent.

Version 7 FPs (262 elements)

dans AdwCleaner par Psajko

Version 6.047 finds nothing while version 7 finds 262 elements, mostly IE registry keys + one Firefox add-on.

Cookie Manager Button

https://addons.mozilla.org/en-US/firefox/addon/cookie-manager-button/?src=ss

Only new thing I installed recently is Adguard and it is set to work only with IE11. It is not running right now.

***** [ Registry ] *****

PUP.Optional.GameVance, [Key] - HKLM\SOFTWA...

Gismeteo add-on Firefox FP

dans AdwCleaner par Psajko
Firefox pref Found: [C:\Users\xxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\xxxxxxxx.default\prefs.js] - "gismeteobar.GismeteoNewsData" - "{\"buildData\":1494700954445,\"newsData\":[{\"title\":\"%0A%09%09%09%09%0A%09%09 It is just News option for Russian speaking users. Since I use English in the GUI, that option is greyed out. Even if I delete that pref, it is back when I restart Firefox...

Faux positif dans les préférences Firefox !?

dans AdwCleaner par HiSpeed

Bonjour,

Outre le faux positif sur un lien (déjà rapporté dans un autre endroit), il semblerait exister aussi 2 faux positifs dans les préférences de Firefox, ici:

# AdwCleaner v6.021 - Rapport créé le 09/10/2016 à 10:37:25
# Mis à jour le 06/10/2016 par ToolsLib
# Base de données : 2016-10-07.1 [Serveur]
# Système d'exploitation : Windows 7 Home Premium Service Pack 1 (X64)
# Nom d'utilisat...

False Positive (Firefox add-on)

dans AdwCleaner par Psajko

Firefox pref Found:  [C:\Users\xxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\xxxxxxxx.default\prefs.js] - "extensions.jid1-BoFifL9Vbdl2zQ@jetpack.amountInjected" -  164 Firefox pref Found:  [C:\Users\xxxxx\AppData\Roaming\8pecxstudios\Cyberfox\Profiles\xxxxxxxx.default\prefs.js] - "extensions.jid1-BoFifL9Vbdl2zQ@jetpack.amountInjected" -  229

Decentraleyes

https://addons.mozilla.org/en-US/fi...