Purging funmoods crapware, persistent about:config entries
Hi there, long time Firefox user (since 1.5) who run into an unusual problem.
To cut a long story short I accidentally installed one of the various toolbar+browser infecting applications which are alarmingly close to being classified as a virus yet claim social connectivity perks, Funmoods. As soon as I noticed it I began removing it from both my main (Firefox) and my secondary browser (Chrome).
No reason to get into the spesifics of Chrome removing so here's what I did for just Firefox (mostly in chronological order):
1. Removed the program via Revo Uninstaller
2. Restored the search engine to my preferable and removed the one associated with Funmoods
3. Restored Firefox's home page to default.
4. Removed the addon/extension from Firefox, then restarted.
5. Confirmed that the funmoods toolbar which I had previously hidden was not available.
6. Full scan with Malwarebytes Anti-Malware, found some relavant infections and removed them.
7. Deleted any file/folder containing the name funmoods from my hard drive.
After doing that I confirmed that the functionality of the browser was back to normal. New tabs didn't redirect to funmoods and searches worked as they were intended to.
However given that I've done some under the hood cleaning before I checked about:config and searched for "funmoods" where I found the following entries:
user_pref("extensions.funmoods.aflt", "download"); user_pref("extensions.funmoods.autoRvrt", false); user_pref("extensions.funmoods.dfltLng", ""); user_pref("extensions.funmoods.dfltSrch", true); user_pref("extensions.funmoods.dnsErr", true); user_pref("extensions.funmoods.envrmnt", "production"); user_pref("extensions.funmoods.excTlbr", false); user_pref("extensions.funmoods.hmpg", true); user_pref("extensions.funmoods.hmpgUrl", "http://searchfunmoods.com/?f=1&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzuyBzzzytBzy0CzytAtB0CzztAyEzytDtDtN0D0Tzu0CtAtBtDtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1867182460"); user_pref("extensions.funmoods.id", "78929C932C834900"); user_pref("extensions.funmoods.instlDay", "15659"); user_pref("extensions.funmoods.instlRef", "download"); user_pref("extensions.funmoods.isdcmntcmplt", true); user_pref("extensions.funmoods.mntrvrsn", "1.3.0"); user_pref("extensions.funmoods.newTabUrl", "http://searchfunmoods.com/?f=2&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzuyBzzzytBzy0CzytAtB0CzztAyEzytDtDtN0D0Tzu0CtAtBtDtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1867182460"); user_pref("extensions.funmoods.prdct", "funmoods"); user_pref("extensions.funmoods.prtnrId", "funmoods"); user_pref("extensions.funmoods.srchPrvdr", "Search"); user_pref("extensions.funmoods.tlbrId", "base"); user_pref("extensions.funmoods.tlbrSrchUrl", "http://searchfunmoods.com/?f=3&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzuyBzzzytBzy0CzytAtB0CzztAyEzytDtDtN0D0Tzu0CtAtBtDtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1867182460&q="); user_pref("extensions.funmoods.vrsn", "1.5.23.22"); user_pref("extensions.funmoods.vrsni", "1.5.23.22"); user_pref("extensions.funmoods_i.newTab", true); user_pref("extensions.funmoods_i.smplGrp", "none"); user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2218:40:57");
(Apologies for the dump but I figured they may be of use to experts)
I obviously have no idea what those do but given that my approach to computer security is better safe than sorry I tried the following to remove them without success:
1. Right-click ->Reset all of them; Restarted FF, they were still there
2. Google-fu suggested editing the prefs.js file tied to my profile, I found the same entries and deleted them; Restarted FF, they were still there
3. Tried setting the prefs.js file to Read-only after confirming that I had deleted them. The file is now clean but the entries do appear when I do the usual search in about:config
4. Manually searched through my registry and deleted every value that included "funmoods" in it. Restarted FF, they were still there.
Even mostly paranoid measures which could and may latter create problems like setting what I suppose to be a significant file to readonly and manually deleting registry entries didn't help. It seems these about:config entries are in some way persistent so I came to your help to manage to purge them.
Oh, just wanted to add that completely reinstalling Firefox isn't a option. I've had this profile for the last 3 years and I've migrated it through 2 computers.
ჩასწორების თარიღი:
გადაწყვეტა შერჩეულია
Try reading http://kb.mozillazine.org/Resetting_preferences#Resetting_certain_preferences_when_a_user.js_file_exists and delete or rename both user.js and prefs.js. Just to note, those left over prefs are harmless and don't do anything since you removed the extensions that put them there (those products just do a bad job of cleaning up after themselves)
პასუხის ნახვა სრულად 👍 3ყველა პასუხი (5)
შერჩეული გადაწყვეტა
Try reading http://kb.mozillazine.org/Resetting_preferences#Resetting_certain_preferences_when_a_user.js_file_exists and delete or rename both user.js and prefs.js. Just to note, those left over prefs are harmless and don't do anything since you removed the extensions that put them there (those products just do a bad job of cleaning up after themselves)
Thanks for replying so promptly. I found the quite a few "funmoods" entries in my user.js. Removing them and saving the file did the trick! Double checked everything after firing up Firefox and everything is clean and functioning. Thanks a bunch
ჩასწორების თარიღი:
The nice thing about how you showed the list you got from about:config. is that I noticed some strings that is attached to it. To fix this the easy way, I'll got into detail for others, is to type about:config in the address bar and hit enter. In the search bar type funmoods, this will show all the mischievous annoyances that was put into the browser. Now on each line right click your mouse and select reset. This will clear up your browser once again. Sorry I can not help with Chrome.
ჩასწორების თარიღი:
The issue is solved now but I did mention that I tried resetting them under 1.
Hi Kostaz,
This is Nan from Community&Support @Funmoods and would like to offer you a set of instructions in order to uninstall Funmoods in case you haven't followed them before.
In Firefox:
To removetoolbar/New Tab
Open Firefox, go to Add-ons Manager (Ctrl+Shift+A) > Select "Funmoods" and click on Remove
To remove from Home page:
Open FireFox, go to Tools > Options > on "startup" section click on "Restore to Default" button Then click on "OK"
To remove from search engine:
Search button--- Manage Search Engines---- select "Funmoods"---- Remove For a step by step uninstall guide, please watch our tutorial: http://www.youtube.com/watch?v=dT5PWzLDptc
To remove from Internet Explorer Win7/Vista from toolbar:
Go to Start > Control Panel > Uninstall a program OR Programs and Features > Select "Funmoods" and click on Uninstall
To remove from Home page:
go to Tools > Internet Options > on "Home page" section click on "Use Default" Then click on "OK"
To remove from search engine: go to Tools > Internet Options > on "Search" section click on "Settings" > select "Live Search" or "Google" or "Bing" and click on "Set Default" > select "Search" and click on "Remove" > OK > OK
New tab (Internet Explorer 8-9)
go to Tools > Internet Options > on "Tabs" section click on "Settings" > on "When a new tab is opened, open:" select "The new tab page" > OK > OK
In Chrome, to remove toolbar: Open Chrome, go to Options menu > Tools > Extensions > Click on the "bin" to remove
To remove as homepage:
Open Chrome, go to Options menu > Settings > on the "Appearance" section, check the "Show Home button" > Change > select "Use the New Tab page"
To remove as search engine:
Go to your browser----Click on the tools icon---- options------Change search defaults ----- settings ----- click the name of your preferred search engine---- set as default---- (to remove Funmoods search)----select Funmoods ----remove---- okay
-Or-
Open Chrome, go to Options menu > Settings > on the "Search" section choose Google on the drop down menu For a step by step uninstall and reset homepage guide, please watch our tutorial: http://www.youtube.com/watch?v=dT5PWzLDptc
Nan