Results 1 to 7 of 7

Thread: firefox hijack

  1. #1
    Senior Member
    Join Date
    Oct 2004
    Posts
    172

    firefox hijack

    i was using firefox 1.5 to do some pron browsing yesterday when firefox hung on a particular page. then i closed the window, but the firefox process didn't die and i had to kill it with the task manager. after killing it, i noticed a fun "kill and clean"(spyware/trojan that masqurades as anti-spyware) icon on my desktop and a bunch of spammy ie favorites created at 1:19am, the time of the crash. i took care of the spyware and everything, but i'm really surprised that firefox got hijacked like that and i'm trying to figure out how it happened and how to fix it. i think it may have involved my flash plugin because the site that crashed me had what looked like some buggy flash content and i'm currently getting a firefox warnings about my flash plugin performing illegal operations every time i load flash content. it also seemed wierd that a firefox hijack would create ie favorites, almost like its flash hole that happens to work with firefox and the page was really targeting ie users.

    if anybody can help me figure out what the hole is and how i can close it, i'd really appreciate it.

  2. #2
    Dissident 4dm1n brokencrow's Avatar
    Join Date
    Feb 2004
    Location
    Shawnee country
    Posts
    1,243
    Have you tried uninstalling the Flash plug-in, and then re-installing it?

    ...also seemed wierd that a firefox hijack would create ie favorites, almost like its flash hole that happens to work with firefox and the page was really targeting ie users.
    Do you have the ActiveX plug-in for Firefox installed?

    I've saw Firefox go wild on someone's PC recently, and my first thought was "Firefox is getting hacked now". But I was in a hurry and didn't have time to really check it out. Post a link to the site if you would (or PM it to me), I'd love to have a look at it.

    edit -- interesting post on "Kill and Clean" over at Lavasoft's forum. Seems one of the poster's rogue .dll's was winflash.dll (found in system32 folder). Could be you're not entirely cleaned up, or there's some screwy registry entry(s).
    “Everybody is ignorant, only on different subjects.” — Will Rogers

  3. #3
    Senior Member
    Join Date
    Oct 2004
    Posts
    172
    well, i don't have an activex plugin(i don't like activex) and i'm having difficulty finding the page again, i'll look for it tho. all the evidence seems to be pointing to flash right now. i'm using flashplayer 8, but i've been reading about a vulnerability like this in flash 7. i'm looking into a utility called flashblock which disables flash in gecko-based browsers until you click on a flash object, but in my case i'd probably just have clicked on it to get at the pron and infected myself

  4. #4
    Senior Member treanglin's Avatar
    Join Date
    Dec 2003
    Posts
    111
    What version of FLash are you using becase I remember myspace asking ppl to update flash player to the newest version. After looking on the Adobe website I saw this....


    Critical vulnerabilities have been identified in Flash Player that could allow an attacker who successfully exploits these vulnerabilities to take control of the affected system. A malicious SWF must be loaded in Flash Player by the user for an attacker to exploit these vulnerabilities. Users are recommended to update to the most current version of Flash Player available for their platform.....Adobe recommends all Flash Player 8.0.22.0 and earlier users upgrade to the new version 8.0.24.0, which can be downloaded from the Player Download Center. For customers that cannot upgrade to Flash Player 8, please refer to the Flash Player 7 update TechNote.


    Here's the website.

    http://www.adobe.com/devnet/security...apsb06-03.html
    "Do you know why the system is slow?" they ask

    "It's probably something to do with..." I look up today's excuse ".. clock speed"
    -BOFH

  5. #5
    Senior Member
    Join Date
    Oct 2004
    Posts
    172
    i know i'm using flash 8, i dunno how to find the exact version. i usually just rely on firefox to tell when i need to download a new flash version.

    for now i'm trying to remove the offending plugin and install a new one, but i can't remove it. i've tried deleting everything in my firefox/plugins directory, but firefox still loads flash content(and gives me that illegal operation message) so i dunno where the flash plugin is installed.

  6. #6
    The ******* Shadow dalek's Avatar
    Join Date
    Sep 2005
    Posts
    1,564
    Try uninstalling Firefox and manually removing the folders (Mozilla\Firefox), save your bookmarks and then, do a fresh install of Firefox and import your bookmarks...sometimes the Firefox profiles become corrupt, and the only way to rid the problem is to completely uninstall Firefox.

    After you have reinstalled your Firefox, set up your plugins/extensions and test them out...


    luck
    PC Registered user # 2,336,789,457...

    "When the water reaches the upper level, follow the rats."
    Claude Swanson

  7. #7
    Senior Member
    Join Date
    Aug 2006
    Location
    India
    Posts
    289
    Which version of firefox are you exactly using??? Firefox 1.5 was said to be more vulnerable. The later versions were fixed by mozilla and were a bit more secure. Flash is also a way to infect your browser /system. Download the latest flash plugin and install it on your browser.

    Now as far as creation of favourites etc. is concerned, I think its not a regular thing...its must be depending on which spyware you were infected with! And at last all I could say is that if people get unable to solve your problems or it gets too technical for you...head towards Mozilla forums to ask this questions...
    "Everything should be made as simple as possible, but not simpler."

    - Albert Einstein

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •