Adware hidden in Firefox Account
I recently observed that when I visit a certain page (not a website, but a certain page in the website), it seems to be attempting to load flashing the "X" repeatedly. After a few seconds it stops and within 10 seconds I am then redirected to a scam survey website asking me how satisfied I am with my internet provider. I immediately assumed the worst and ran McAfee scans, cleared cache, Malwarebytes free trial scans and no joy.
Then I logged into another computer and loaded up the same page. Please note instead of logging into Firefox and clicking on my bookmark, I simply went to the website, logged in and went to the page. It is the same link in the end. Nothing happened. I thought it was something wrong with my PC at this stage.
I then decided to log into Firefox to see if that would yield different results. I logged in on the other computer that had not presented the spam yet. I clicked the bookmark and it did it. The spam page loaded. From this I understand whatever is causing the problem is in my Firefox Account data.
I then immediately logged out of Firefox on the second computer, uninstalled it and then redownloaded it. Without logging in, the spam still comes up. I am lost. Neither McAfee, Malwarebytes or AdwCleaner find it.
The link for the spam is different every time, usually ending in ".xyz".
Before the spam was present, the page always had a normal padlock beside the URL. Now,sometimes not always, when the spam is going to come up it has an orange warning symbol and say some elements are not secure, and it says something about images.
The page it occurs on is on eBay, and I have used this site no problem for years. It only occurs on my regional message page specific to my country, not on the message page on "ebay.com".
Any help greatly appreciated.
All Replies (6)
I just came here to say that I have the exact same problem, I tried everything, every anti malware program I can think of and couldn't solve this. I had to uninstall Firefox from my computer because I wasn't sure if it can infect the rest of my computer and other explorers.
Remove History For One Site
Open the History Manager <Control><Shift> H. In the search bar, enter the name of the site. Right-click on one of the listings and select Forget About This Site. This should remove all information, including any settings.
Hi FredMcD,
I really don't think this is the problem here, I have the exact same problem as the OP and even a clean uninstall and reinstall didn't solve this problem.
Ti ṣàtúnṣe
If you Sync add-ons, and I guess even if you don't, one possible culprit would be an extension. You can view, disable, and often remove unwanted or unknown extensions on the Add-ons page. Either:
- Ctrl+Shift+a (Mac: Command+Shift+a)
- "3-bar" menu button (or Tools menu) > Add-ons
- type or paste about:addons in the address bar and press Enter/Return
In the left column of the Add-ons page, click Extensions.
Then cast a critical eye over the list on the right side. Any extensions Firefox installs for built-in features are hidden from this page, so everything listed here is your choice (and your responsibility) to manage. Anything suspicious or that you just do not remember installing or why? If in doubt, ruthlessly disable (or remove) anything you don't totally trust, even if it doesn't look search-related. You also can disable any extensions you can live without for 4 hours to see whether that helps.
Any improvement?
Hi jscher2000,
I have completely uninstalled Firefox, then deleted the mozilla folder from my program files and then deleted my mozilla folder from %appdata% then reinstalled again. The redirecd/hijack was still happening. I do not have any firefox sync on. Are these extentions saved somewhere else aside from the folders I deleted? I think its something else thats taking over firefox.
Ti ṣàtúnṣe
Hi TripleA, it sounds as though you have a different situation from the person who started this thread. They reported a problem with a single URL that spread to a second PC based on something copied over by Sync. Sync data is profile-specific, so if you blew away your old profile, did not connect to a Firefox Account in the new one, and you still have the problem, that sounds like an external hijack.
If you're not sure you got a clean new profile:
New Profile Test
This takes about 3 minutes, plus the time to test your problem site(s).
Inside Firefox, type or paste about:profiles in the address bar and press Enter/Return to load it.
Click the "Create a New Profile" button, then click Next. Assign a name like May2020, ignore the option to relocate the profile folder, and click the Finish button.
After creating the profile, scroll down to it and click the Launch profile in new browser button.
Firefox should open a new window that looks like a brand new, uncustomized installation. (Your existing Firefox window(s) should not be affected.) Please ignore any tabs enticing you to connect to a Sync account or to activate extensions found on your system so we can get a clean test.
Do the problem site(s) work any better in the new profile?
When you are done with the experiment, you can close the extra window without affecting your regular Firefox profile. (May2020 will remain available for future testing.)
Note: if this test changed your default profile and you want to keep using that one, use the Set as Default Profile button for your regular profile to set it back to normal.