Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Hierdie gesprek is in die argief. Vra asseblief 'n nuwe vraag as jy hulp nodig het.

How do I permanently get rid of snapdo from the pref.js file?

  • 13 antwoorde
  • 1 het hierdie probleem
  • 2 views
  • Laaste antwoord deur the-edmeister

more options

The pref.js file in profile directory contains this line:

user_pref("keyword.url", "hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmwugvkecS8vMTddvQEc6wmyQ2ICdO6D2oVpOB4-8RjijafxhNW8n93-og7NtNom51wKx2rnKbOMMVtwkxytWmNixvkNvGHnMRycAA3fE[...]

I have run several malware removers on this. adwCleaner finds and removes the line. But, after restarting Firefox it appears again. I have directly deleted this line from from pref.js but it reappears as soon as I re-open the file. I have made the file read-only which stops the file from being written again - for a while. A sequential set of files are then created, about 3 every time I start Firefox, with names like prefs-1.js. I let this run several days and eventually the prefs.js was change to RW and snapdo was back in!

Something in my system wants to reset this line. IE and Chrome are not affected.

How do I stop snapdo???

Thanks

The pref.js file in profile directory contains this line: user_pref("keyword.url", "hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmwugvkecS8vMTddvQEc6wmyQ2ICdO6D2oVpOB4-8RjijafxhNW8n93-og7NtNom51wKx2rnKbOMMVtwkxytWmNixvkNvGHnMRycAA3fE[...] I have run several malware removers on this. adwCleaner finds and removes the line. But, after restarting Firefox it appears again. I have directly deleted this line from from pref.js but it reappears as soon as I re-open the file. I have made the file read-only which stops the file from being written again - for a while. A sequential set of files are then created, about 3 every time I start Firefox, with names like prefs-1.js. I let this run several days and eventually the prefs.js was change to RW and snapdo was back in! Something in my system wants to reset this line. IE and Chrome are not affected. How do I stop snapdo??? Thanks

All Replies (13)

more options

Do you have a user.js file in your Profile folder? If so, is that pref in the user.js file? If so, remove that pref or just delete the user.js file which isn't a standard part of Firefox.

Gewysig op deur the-edmeister

more options

Separate Issue; Your System Details shows;

Installed Plug-ins

Shockwave Flash 16.0 r0 Shockwave Flash 12.0 r0

Having more than one version of a program may cause issues.

Grab the uninstaller from here: Uninstall Flash Player | Windows Then reinstall the latest version.

Flash Player v16.0.0.305
https://www.adobe.com/products/flashplayer/distribution3.html

Gewysig op deur James

more options

Thank you for this aside fix.

more options

I have a user.js file in the root not in the profile folder. Will try changes to it to see if this helps.

Thanks

more options

You can try "about:config" in the URL Bar. Then sort by status,so user is on top, the use the search bar "keyword.url", if you find one that matches it, right click and choose reset. Then restart firefox.

more options

Current Firefox versions do not use the keyword.URL pref, so the presence of this pref wouldn't have affect.

You can use this button to go to the currently used Firefox profile folder:

Windows hides some file extensions by default. Among them are .html and .ini and .js and .txt, so you may only see file name without file extension. You can see the real file type (file extension) in the properties of the file via the right-click context menu in Windows Explorer.


You can check for problems with preferences.

Delete possible user.js and numbered prefs-##.js files and rename (or delete) the prefs.js file to reset all prefs to the default value including prefs set via user.js and prefs that are no longer supported in the current Firefox release.

more options

peterdev said

The pref.js file in profile directory contains this line: user_pref("keyword.url", "hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmwugvkecS8vMTddvQEc6wmyQ2ICdO6D2oVpOB4-8RjijafxhNW8n93-og7NtNom51wKx2rnKbOMMVtwkxytWmNixvkNvGHnMRycAA3fE[...] I have run several malware removers on this. adwCleaner finds and removes the line. But, after restarting Firefox it appears again. I have directly deleted this line from from pref.js but it reappears as soon as I re-open the file. I have made the file read-only which stops the file from being written again - for a while. A sequential set of files are then created, about 3 every time I start Firefox, with names like prefs-1.js. I let this run several days and eventually the prefs.js was change to RW and snapdo was back in! Something in my system wants to reset this line. IE and Chrome are not affected. How do I stop snapdo??? Thanks

Thanks. This almost worked. I had to reset in the list as directed. Then edit the pref.js file and remove the snapdo line. If this is not done it come back into the about:config list.

At this point I have restarted Firefox 3 times and looked at the pref.js each time. So far the snapdo has not reinserted itself.

Thanks,

more options

I may have celebrated too quickly.

On rebooting my PC this morning snapdo is back.

There must be some external code that is writing to my prefs.js but I cannot find what it is. There is virtually an instantaneous re-write without even opening Firefox.

(
more options

Further information can be found in the Troubleshoot Firefox issues caused by malware article.

more options

You need to get rid of whatever installed that snapdo garbage to begin with!

I'm willing to bet that user.js file is back in your Profile folder, and that will override any changes you make to prefs.js or in about:config. And if that line is back in user.js - you didn't get the original cause!

more options

Have you tried using windows recovery, to go back to an earlier date?

more options

Hi, I have too many changes since this snapdo appeared or I should say, re-appeared. First siting was about a year ago when I cleared it out. It was only after doing a Firefox update I would say about 2 months ago now, that I saw snapdo come back. I am running Advanced System Care 8 which catches attempts to change my Home page. That was when I saw snapdo was back.

It only attacks Firefox it seems not IE or Chrome.

ASC8 stops the attack but not the mods of my pref.js file. Ad Ware Cleaner found snapdo and deleted it until I rebooted.

I have something buried in my PC that rewrites my pref.js file anytime it is opened. I have changed the location of the profile but it does not seem to matter. I have done a complete refresh of Firefox twice but it still comes back leaving me with a messed up Firefox and snapdo still in place.

Any idea where I should look to find this attacker program?

more options

See this - http://malwaretips.com/blogs/remove-snapdo-virus/

Three separate programs to remove and to verify that it is removed, after clearing it from all three browsers first. You need to "treat" all the browsers that you have installed, regardless of whether you use them or not, so on Windows PC's that means IE as well as Firefox.

When you do an incomplete removal job, that's when it seems to come back to haunt you.