How do I permanently get rid of snapdo from the pref.js file?
The pref.js file in profile directory contains this line:
user_pref("keyword.url", "hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmwugvkecS8vMTddvQEc6wmyQ2ICdO6D2oVpOB4-8RjijafxhNW8n93-og7NtNom51wKx2rnKbOMMVtwkxytWmNixvkNvGHnMRycAA3fE[...]
I have run several malware removers on this. adwCleaner finds and removes the line. But, after restarting Firefox it appears again. I have directly deleted this line from from pref.js but it reappears as soon as I re-open the file. I have made the file read-only which stops the file from being written again - for a while. A sequential set of files are then created, about 3 every time I start Firefox, with names like prefs-1.js. I let this run several days and eventually the prefs.js was change to RW and snapdo was back in!
Something in my system wants to reset this line. IE and Chrome are not affected.
How do I stop snapdo???
Thanks
All Replies (13)
Do you have a user.js file in your Profile folder? If so, is that pref in the user.js file? If so, remove that pref or just delete the user.js file which isn't a standard part of Firefox.
Gewysig op
Separate Issue; Your System Details shows;
Installed Plug-ins
Shockwave Flash 16.0 r0 Shockwave Flash 12.0 r0
Having more than one version of a program may cause issues.
Grab the uninstaller from here: Uninstall Flash Player | Windows Then reinstall the latest version.
Flash Player v16.0.0.305
https://www.adobe.com/products/flashplayer/distribution3.html
Gewysig op
Thank you for this aside fix.
I have a user.js file in the root not in the profile folder. Will try changes to it to see if this helps.
Thanks
You can try "about:config" in the URL Bar. Then sort by status,so user is on top, the use the search bar "keyword.url", if you find one that matches it, right click and choose reset. Then restart firefox.
Current Firefox versions do not use the keyword.URL pref, so the presence of this pref wouldn't have affect.
You can use this button to go to the currently used Firefox profile folder:
- Help > Troubleshooting Information > Profile Directory: Show Folder (Linux: Open Directory; Mac: Show in Finder)
- http://kb.mozillazine.org/Profile_folder_-_Firefox
Windows hides some file extensions by default. Among them are .html and .ini and .js and .txt, so you may only see file name without file extension. You can see the real file type (file extension) in the properties of the file via the right-click context menu in Windows Explorer.
You can check for problems with preferences.
Delete possible user.js and numbered prefs-##.js files and rename (or delete) the prefs.js file to reset all prefs to the default value including prefs set via user.js and prefs that are no longer supported in the current Firefox release.
peterdev said
The pref.js file in profile directory contains this line: user_pref("keyword.url", "hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmwugvkecS8vMTddvQEc6wmyQ2ICdO6D2oVpOB4-8RjijafxhNW8n93-og7NtNom51wKx2rnKbOMMVtwkxytWmNixvkNvGHnMRycAA3fE[...] I have run several malware removers on this. adwCleaner finds and removes the line. But, after restarting Firefox it appears again. I have directly deleted this line from from pref.js but it reappears as soon as I re-open the file. I have made the file read-only which stops the file from being written again - for a while. A sequential set of files are then created, about 3 every time I start Firefox, with names like prefs-1.js. I let this run several days and eventually the prefs.js was change to RW and snapdo was back in! Something in my system wants to reset this line. IE and Chrome are not affected. How do I stop snapdo??? Thanks
Thanks. This almost worked. I had to reset in the list as directed. Then edit the pref.js file and remove the snapdo line. If this is not done it come back into the about:config list.
At this point I have restarted Firefox 3 times and looked at the pref.js each time. So far the snapdo has not reinserted itself.
Thanks,
I may have celebrated too quickly.
On rebooting my PC this morning snapdo is back.
There must be some external code that is writing to my prefs.js but I cannot find what it is. There is virtually an instantaneous re-write without even opening Firefox.
- (
Further information can be found in the Troubleshoot Firefox issues caused by malware article.
You need to get rid of whatever installed that snapdo garbage to begin with!
I'm willing to bet that user.js file is back in your Profile folder, and that will override any changes you make to prefs.js or in about:config. And if that line is back in user.js - you didn't get the original cause!
Have you tried using windows recovery, to go back to an earlier date?
Hi, I have too many changes since this snapdo appeared or I should say, re-appeared. First siting was about a year ago when I cleared it out. It was only after doing a Firefox update I would say about 2 months ago now, that I saw snapdo come back. I am running Advanced System Care 8 which catches attempts to change my Home page. That was when I saw snapdo was back.
It only attacks Firefox it seems not IE or Chrome.
ASC8 stops the attack but not the mods of my pref.js file. Ad Ware Cleaner found snapdo and deleted it until I rebooted.
I have something buried in my PC that rewrites my pref.js file anytime it is opened. I have changed the location of the profile but it does not seem to matter. I have done a complete refresh of Firefox twice but it still comes back leaving me with a messed up Firefox and snapdo still in place.
Any idea where I should look to find this attacker program?
See this - http://malwaretips.com/blogs/remove-snapdo-virus/
Three separate programs to remove and to verify that it is removed, after clearing it from all three browsers first. You need to "treat" all the browsers that you have installed, regardless of whether you use them or not, so on Windows PC's that means IE as well as Firefox.
When you do an incomplete removal job, that's when it seems to come back to haunt you.