"clickfeedmanager.com" virus targets Firefox
-
- Guest
Re: "clickfeedmanager.com" virus targets Firefox
thanks to thedeadjester and brian_o and thier excelant discription of how to remove this annoying virus my computer's clean again. THANKYOU
-
- Guest
Re: "clickfeedmanager.com" virus targets Firefox
The problem is that, after you delete the chrome/content/overlay.xul tree, then logout / login, the file and the redirects are back again.
So what's the real answer?
So what's the real answer?
- the-edmeister
- Posts: 32249
- Joined: February 25th, 2003, 12:51 am
- Location: Chicago, IL, USA
Re: "clickfeedmanager.com" virus targets Firefox
Guest wrote:The problem is that, after you delete the chrome/content/overlay.xul tree, then logout / login, the file and the redirects are back again.
So what's the real answer?
Did you try what was posted here?
viewtopic.php?p=5714095#p5714095
.
A mind is a terrible thing to waste. Mine has wandered off and I'm out looking for it.
-
- Guest
Re: "clickfeedmanager.com" virus targets Firefox
Hey the-edmeister
If you're referring to this:
1. Close Firefox
2. Navigate to the Mozilla firefox folder in program files
3. Go into the extensions folder
4. There will be several folders with funny characters (i.e. {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}). Look for the folder with a modified date on or around the date your noticed firefox acting funny and re-directing you to other pages.
5. Delete this folder. (if there is only one folder here I am not sure what this will do but you might want to consider the possibility of losing firefox specific data or having to re-install firefox if you remove this)
6. Re-open firefox.... and enjoy!
then the answer is Yes. I clobbered the folder, rebooted or logged out / in again, and voila the folder is back and so are the luvly redirects.
Thanks for responding
Alan
If you're referring to this:
1. Close Firefox
2. Navigate to the Mozilla firefox folder in program files
3. Go into the extensions folder
4. There will be several folders with funny characters (i.e. {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}). Look for the folder with a modified date on or around the date your noticed firefox acting funny and re-directing you to other pages.
5. Delete this folder. (if there is only one folder here I am not sure what this will do but you might want to consider the possibility of losing firefox specific data or having to re-install firefox if you remove this)
6. Re-open firefox.... and enjoy!
then the answer is Yes. I clobbered the folder, rebooted or logged out / in again, and voila the folder is back and so are the luvly redirects.
Thanks for responding
Alan
-
- Guest
Re: "clickfeedmanager.com" virus targets Firefox
I've been annoyed by this nasty little virus for about a week now, so I'm glad to have found a way to stop it. Finally, when I killed the folder with the overlay.xul file, it stopped redirecting my Google search results in Firefox. I rebooted and checked again, and it hasn't respawned. If it does come back, I'm thinking of closing Firefox and replacing that folder (and the files within) with a dummy version of the overlay.xul file. This has worked on previous viruses. In Windows XP, this is what I'd do:
1. Create a new text file called overlay.xul.
2. Turn on the file extensions so you can delete the .txt extension. Windows will complain; ignore it.
3. You now have a 0 KB file called overlay.xul in the same position as the original, real virus.
4. Hopefully, the virus is stupid enough not to realize a dummy file has taken its place, and it will think it already replicated.
5. No more redirects, in theory.
Will try this if it respawns, and let you know what happens.
1. Create a new text file called overlay.xul.
2. Turn on the file extensions so you can delete the .txt extension. Windows will complain; ignore it.
3. You now have a 0 KB file called overlay.xul in the same position as the original, real virus.
4. Hopefully, the virus is stupid enough not to realize a dummy file has taken its place, and it will think it already replicated.
5. No more redirects, in theory.
Will try this if it respawns, and let you know what happens.
-
- Guest
Re: "clickfeedmanager.com" virus targets Firefox
Nice call KarenLK
"the virus is stupid enough not to realize a dummy file has taken its place"
I gave your suggestion a go and it worked. This will do until the experts have a chance to release something that really deals with it.
Alan
"the virus is stupid enough not to realize a dummy file has taken its place"
I gave your suggestion a go and it worked. This will do until the experts have a chance to release something that really deals with it.
Alan
-
- Guest
Re: "clickfeedmanager.com" virus targets Firefox
heh. that was easy. suck on that puny you little script kiddy.
Thanks so much for your time rookie and dj
Thanks so much for your time rookie and dj
-
- Guest
Re: "clickfeedmanager.com" virus targets Firefox
Hi all,
I have updated the GooredFix removal tool to get this extension:
http://jpshortstuff.247fixes.com/GooredFix.exe
Hopefully that should identify (Option#1) and remove (Option#2) the infection for you.
Cheers,
-jpshortstuff
I have updated the GooredFix removal tool to get this extension:
http://jpshortstuff.247fixes.com/GooredFix.exe
Hopefully that should identify (Option#1) and remove (Option#2) the infection for you.
Cheers,
-jpshortstuff
-
- Guest
Re: "clickfeedmanager.com" virus targets Firefox
Thank you for this fix - works great! The extensions folder that I deleted did not come back after reboot. Presumably my past attempts at removing it removed the worm.
I can stop banging my head against the wall now !
I can stop banging my head against the wall now !
-
- Guest
Re: "clickfeedmanager.com" virus targets Firefox
Yay that worked! How annoying, nothing I used detected it.
How does it install itself? clickfraudmanager.com and virusremover2008 were installed somehow at the same time
How does it install itself? clickfraudmanager.com and virusremover2008 were installed somehow at the same time
-
- Posts: 3
- Joined: February 15th, 2009, 7:25 am
Re: "clickfeedmanager.com" virus targets Firefox
THANK YOU THANK YOU!!!
This is the single most helpful forum I have found after a week of agony!
This worked for me:
1. Navigated to: C:\Program Files\Mozilla Firefox\extensions\{BCB94CDD-5542-403F-9FB3-07D3DB1E9951}\chrome\content\overlay.xul
(Note: I had overlay.xul in 2 folders created within 1 min of each other and followed these steps for both)
2. Encrypted overlay.xul with AxCrypt (I did that so that I can render it useless but still be able to undo it if I am screwing something up)
3. Created a blank version of overlay.xul
Result: NO MORE REDIRECTS - even after restarting a couple times.
YET another problem continues so....
Question:
I contracted Trojan.Vundo.h at the same time these overlay.xul files were created, have any of you had that?
AND can anyone get rid of it? I have been on the spybot forum for a week following the advice of a "Security Warrior" and have run every "fix" under the sun.
After all that I still had redirects and Malwarebytes still finds Trojan.Vundo after I restart.
My spybot advisor concluded by saying "it is just a software problem because your computer is clean".
If I am clean why does Malwarebytes find a trojan?
Any Ideas out there?
Thanks!!!!!!!!!!!!!
This is the single most helpful forum I have found after a week of agony!
This worked for me:
1. Navigated to: C:\Program Files\Mozilla Firefox\extensions\{BCB94CDD-5542-403F-9FB3-07D3DB1E9951}\chrome\content\overlay.xul
(Note: I had overlay.xul in 2 folders created within 1 min of each other and followed these steps for both)
2. Encrypted overlay.xul with AxCrypt (I did that so that I can render it useless but still be able to undo it if I am screwing something up)
3. Created a blank version of overlay.xul
Result: NO MORE REDIRECTS - even after restarting a couple times.
YET another problem continues so....
Question:
I contracted Trojan.Vundo.h at the same time these overlay.xul files were created, have any of you had that?
AND can anyone get rid of it? I have been on the spybot forum for a week following the advice of a "Security Warrior" and have run every "fix" under the sun.
After all that I still had redirects and Malwarebytes still finds Trojan.Vundo after I restart.
My spybot advisor concluded by saying "it is just a software problem because your computer is clean".
If I am clean why does Malwarebytes find a trojan?
Any Ideas out there?
Thanks!!!!!!!!!!!!!
-
- Guest
Re: "clickfeedmanager.com" virus targets Firefox
Awesome! Like others I turned to the web after several days of frustration, and finally found my answer here. A gigantic THANKS to the posters here, especially thedeadjester, whose solution matched my problem.
My story: I was getting all sorts of web-related problems: my google searches in firefox were getting redirected, and IE kept popping up by itself with random websites. After doing lots of web searches, here's what I ended up doing:
1. Downloaded malwarebytes and ran it (http://www.malwarebytes.org/). I first did a quick scan and a complete scan. It found a bunch of viruses and killed them.
My IE problems disappeared, but I kept getting the Firefox google redirection (IE was fine, but I almost never use IE).
2. Turned off javascript in Firefox as a temporary workaround (redirections were suppressed).
3. Downloaded superantispyware and ran it (http://www.superantispyware.com/). It found a bunch more viruses and killed them, but this didn't fix my firefox problems.
4. Downloaded spybot (http://www.safer-networking.org/en/index.html). It found more viruses and killed them, but this didn't fix my firefox problems.
Presumably I could have kept downloading more antivirus software and finding more viruses, but at this point I think the problem was not a resident virus but just traces left by a previous virus.
5. Followed the steps in this forum (deleted the offending folder in C:\Program Files\Mozilla Firefox\extensions\). Turned firefox back on, turned javascript back on, and it seems to be back to normal! After several restarts, the offending folder hasn't reappeared.
To those who deleted the folders only to have them reappear, perhaps you need to clean your computer of viruses first.
Again, thanks so much!
My story: I was getting all sorts of web-related problems: my google searches in firefox were getting redirected, and IE kept popping up by itself with random websites. After doing lots of web searches, here's what I ended up doing:
1. Downloaded malwarebytes and ran it (http://www.malwarebytes.org/). I first did a quick scan and a complete scan. It found a bunch of viruses and killed them.
My IE problems disappeared, but I kept getting the Firefox google redirection (IE was fine, but I almost never use IE).
2. Turned off javascript in Firefox as a temporary workaround (redirections were suppressed).
3. Downloaded superantispyware and ran it (http://www.superantispyware.com/). It found a bunch more viruses and killed them, but this didn't fix my firefox problems.
4. Downloaded spybot (http://www.safer-networking.org/en/index.html). It found more viruses and killed them, but this didn't fix my firefox problems.
Presumably I could have kept downloading more antivirus software and finding more viruses, but at this point I think the problem was not a resident virus but just traces left by a previous virus.
5. Followed the steps in this forum (deleted the offending folder in C:\Program Files\Mozilla Firefox\extensions\). Turned firefox back on, turned javascript back on, and it seems to be back to normal! After several restarts, the offending folder hasn't reappeared.
To those who deleted the folders only to have them reappear, perhaps you need to clean your computer of viruses first.
Again, thanks so much!
- acemackenzi
- Posts: 15
- Joined: January 31st, 2009, 11:10 am
- Location: 49.0802 by -94.9576
Re: "clickfeedmanager.com" virus targets Firefox
I also have this same problem. Except I have no overlay xul file in firefox. So what is my solution.
A smart man thinks long and hard first, then speaks careful words second
-
- Posts: 3
- Joined: February 15th, 2009, 7:25 am
Re: "clickfeedmanager.com" virus targets Firefox
Ace,acemackenzi wrote:I also have this same problem. Except I have no overlay xul file in firefox. So what is my solution.
First try disabling Java in your browser, does the problem go away? If no then you have something different.
If yes, then If I were you I would look for the same or similar script in the same basic places, but perhaps under a different name.
If you know roughly when you contracted the problem, look for a folder in C:\Program Files\Mozilla Firefox\extensions which was created about that time.
Good Luck.
-
- Posts: 3
- Joined: February 15th, 2009, 7:25 am