Re: area51buy.com hijack

Thanks! What files from firefox profile should I upload? Logs:

MalwareBytes: https://pastebin.com/8Cr1dNMP

AdwCleaner: https://pastebin.com/NatkW1J6

Addons: https://pastebin.com/4ZgCDJsT

 

EDIT: I just checked gearbest.com and now the page loads. I don't know what happened, but it's fixed.

Re: area51buy.com hijack

Hello,

I can send files from my firefox profile if that helps (I did a full text search on all files in my profile for text string "area51buy.com" but nothing relevant was found)

Simplex, 2017-11-09 12:10:12 (UTC)

Yes, please do. I'm sure we'll find a solution.

Also,

Can you give me the list of your installed addons - in Firefox?

Also, please share the AdwCleaner/Malwarebytes logfiles.

...

Re: area51buy.com hijack

Thanks for replying. I tested it with all addons disabled and the problem is still there. Both AdwCleaner and MalwareBytes tell me that "no threates were found".

I created a new clean Firefox profile and that problem disappeared, but I would like to be able to remove it from my current profile (to preserve history, open tabs, etc.)

I can send files from my firefox profile if that helps (I did...

Re: area51buy.com hijack

Greetings,

Can you give me the list of your installed addons - in Firefox?

Also, please share the AdwCleaner/Malwarebytes logfiles.

Thanks!

Re: AdwCleaner 7.0.4.0 not a valid application

The version of DownThemAll at the link you gave is 3.0.2, which is more than a year old. The version I have installed is 3.0.8, which is at https://addons.mozilla.org/en-US/firefox/addon/downthemall/. (You can only install that version from within Firefox.) However, it looks like it is only a little more recent.

Version 7 FPs (262 elements)

Version 6.047 finds nothing while version 7 finds 262 elements, mostly IE registry keys + one Firefox add-on.

Cookie Manager Button

https://addons.mozilla.org/en-US/firefox/addon/cookie-manager-button/?src=ss

Only new thing I installed recently is Adguard and it is set to work only with IE11. It is not running right now.

***** [ Registry ] *****

PUP.Optional.GameVance, [Key] - HKLM\SOFTWA...

Gismeteo add-on Firefox FP

Firefox pref Found: [C:\Users\xxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\xxxxxxxx.default\prefs.js] - "gismeteobar.GismeteoNewsData" - "{\"buildData\":1494700954445,\"newsData\":[{\"title\":\"%0A%09%09%09%09%0A%09%09 It is just News option for Russian speaking users. Since I use English in the GUI, that option is greyed out. Even if I delete that pref, it is back when I restart Firefox...

Faux positif dans les préférences Firefox !?

Bonjour,

Outre le faux positif sur un lien (déjà rapporté dans un autre endroit), il semblerait exister aussi 2 faux positifs dans les préférences de Firefox, ici:

# AdwCleaner v6.021 - Rapport créé le 09/10/2016 à 10:37:25
# Mis à jour le 06/10/2016 par ToolsLib
# Base de données : 2016-10-07.1 [Serveur]
# Système d'exploitation : Windows 7 Home Premium Service Pack 1 (X64)
# Nom d'utilisat...

False Positive (Firefox add-on)

Firefox pref Found:  [C:\Users\xxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\xxxxxxxx.default\prefs.js] - "extensions.jid1-BoFifL9Vbdl2zQ@jetpack.amountInjected" -  164 Firefox pref Found:  [C:\Users\xxxxx\AppData\Roaming\8pecxstudios\Cyberfox\Profiles\xxxxxxxx.default\prefs.js] - "extensions.jid1-BoFifL9Vbdl2zQ@jetpack.amountInjected" -  229

Decentraleyes

https://addons.mozilla.org/en-US/fi...