"clickfeedmanager.com" virus targets Firefox
-
- Guest
Re: "clickfeedmanager.com" virus targets Firefox
we have got porn and casino sites popping uip in Firefox randomly (but not IE). This is happening on both PC's on our network, and we have both found a file called ipvvmp.exe in several folders all over our computers. We have removed this file, but can't seem to detect any adware, virus or anything else. We have tried everything but cannot seem to get rid of the pop ups. Is this the same thing that is happening here?
-
- Guest
Re: "clickfeedmanager.com" virus targets Firefox
It took a DAY for you guys to identify, isolate, and provide a fix. I am soooo out geeked here.
-
- Guest
Re: "clickfeedmanager.com" virus targets Firefox
Thedeadjester wrote:I HAD the exact same problem
I tried all the malware removal tools... nothing worked. I went through all the forums (bleepingcomputer...etc) and downloaded all the malware/spyware tools out there (over 10 different ones). None of them found anything!
I refuse to download a plugin just to take back my browser and I am not one to wait around till someone else figures it out so I went in on my own and looked around. I believe I have a workaround that doesn't involve a complete re-install... however it is close to a re-install and it is a little messy so use at your own risk! It worked for me so there is hope it can work for you.
1. Close Firefox
2. Navigate to the Mozilla firefox folder in program files
3. Go into the extensions folder
4. There will be several folders with funny characters (i.e. {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}). Look for the folder with a modified date on or around the date your noticed firefox acting funny and re-directing you to other pages.
5. Delete this folder. (if there is only one folder here I am not sure what this will do but you might want to consider the possibility of losing firefox specific data or having to re-install firefox if you remove this)
6. Re-open firefox.... and enjoy!
Note: individual results may vary and I am NOT responsible for any porn links you may lose in the process
This worked perfectly! Thank you!
In addition: if you know any programming you could probably see that main.js is doing something funny as it starts with listing different search engines.
Just for the Google-hits: webrelevantsearch.com, webrelevantsearch.com, webrelevantsearch.com, webrelevantsearch.com, webrelevantsearch.com, webrelevantsearch.com, webrelevantsearch.com, webrelevantsearch.com, webrelevantsearch.com, webrelevantsearch.com, webrelevantsearch.com (yea, that's the one that popped up first in my list, the second one looked OK but was redirected)
Again; thank you!
-
- Guest
Re: "clickfeedmanager.com" virus targets Firefox
You guys rock. I thought I was going to have to start using IE again! Thanks!
-
- Posts: 4
- Joined: March 7th, 2005, 11:35 am
- Contact:
Re: "clickfeedmanager.com" virus targets Firefox
I had just cleared up this problem using GooredFix on my work PC after searching 2 days for a solution. Last night my personal PC got hit but GooredFix can't find anything wrong. The symptom is slightly different in that the redirects are all using "http://www.google.com/url" to get passed along. Turning off Javascript kills the redirect but isn't a permanent solution.
Suggestions?
Suggestions?
- LoudNoise
- New Member
- Posts: 39900
- Joined: October 18th, 2007, 1:45 pm
- Location: Next door to the west
Re: "clickfeedmanager.com" virus targets Firefox
Daifne's list of Malware removers/suggestions
Daifne wrote:
Install and run these programs.
Malwarebytes' Anti-Malware
SuperAntispyware
AdAware
Spybot Search & Destroy
If these don't find it or can't clear it, post in one of these forums for specialized malware removal help:
http://www.spywarewarrior.com/index.php
http://forum.aumha.org/
http://www.spywareinfoforum.com/
Post wrangler
"Choose between the Food Select Feature or other Functions. If no food or function is chosen, Toast is the default."
"Choose between the Food Select Feature or other Functions. If no food or function is chosen, Toast is the default."
-
- Posts: 4
- Joined: March 7th, 2005, 11:35 am
- Contact:
Re: "clickfeedmanager.com" virus targets Firefox
Thanks.LoudNoise wrote:Daifne's list of Malware removers/suggestionsDaifne wrote:
Install and run these programs.
Malwarebytes' Anti-Malware
SuperAntispyware
AdAware
Spybot Search & Destroy
If these don't find it or can't clear it, post in one of these forums for specialized malware removal help:
http://www.spywarewarrior.com/index.php
http://forum.aumha.org/
http://www.spywareinfoforum.com/
I'd already done some of those and the remaining came up empty. I also manually poked around all the extension folders I could find and came away with nothing useful so I backed up my bookmarks and did a total uninstall of FF. The reinstall went cleanly and the problem is gone - for now.
-
- Posts: 1
- Joined: July 9th, 2009, 12:10 pm
Re: "clickfeedmanager.com" virus targets Firefox
I tried a search and nothing came up with overlay.xul. I have several files starting with {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}. I have deleted the two most recent dates. However I still get redirected to Coupon Mountain. I downloaded GooredFix, tried following the prompts but it would not let me slect 1 or 2. It did identify these CARREFAC folders. Should I delete all these files, which goes back to 2007? Any suggestions?
-
- Guest
Re: "clickfeedmanager.com" virus targets Firefox
I couldnt find it in your posted directory but i found the file here
C:\Program Files\Java\jre6\lib\deploy\jqs\ff\chrome\content
C:\Program Files\Java\jre6\lib\deploy\jqs\ff\chrome\content
-
- Guest
Re: "clickfeedmanager.com" virus targets Firefox
TT13TP wrote:I couldnt find it in your posted directory but i found the file here
C:\Program Files\Java\jre6\lib\deploy\jqs\ff\chrome\content
I found overlay.xul in that same directory.
The content of that file may be valid, no idea:
Code: Select all
<?xml version="1.0"?>
<overlay id="jqs-overlay"
xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul">
<script src="overlay.js"/>
</overlay>
I also found two chrome {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} files in my plugins folder, with ffjcext.xul in them. I deleted them both. Tested Google and this seems to work. Perhaps a name change?
-
- Guest
Re: "clickfeedmanager.com" virus targets Firefox
where in the hell do i find program files! HELP!!!!
-
- Guest
Re: "clickfeedmanager.com" virus targets Firefox
Hello, I believe the same problem has been popping up again. If anyone has suggestions how to solve it, thank you so much!
it seems to be different from before.. the GooRedFix does not work, and there's only one extention file for me. Anyone suggestions?
it seems to be different from before.. the GooRedFix does not work, and there's only one extention file for me. Anyone suggestions?
-
- Guest
Re: "clickfeedmanager.com" virus targets Firefox
the Scour redirect seems to return after a while after using comobofix and gooredfix... this is driving my NUTS NUTS NUTS
-
- Guest
Re: "clickfeedmanager.com" virus targets Firefox
In my case, the problem really stopped after having also deleted all the ffjcext.zip files - I found 3 times in the java folders - ie located in: C:\Program Files\Java\jdk1.6.0_20\jre\lib\deploy.
All gone now - hooray!
All gone now - hooray!
-
- Guest
Re: "clickfeedmanager.com" virus targets Firefox
Thedeadjester wrote:I HAD the exact same problem
I tried all the malware removal tools... nothing worked. I went through all the forums (bleepingcomputer...etc) and downloaded all the malware/spyware tools out there (over 10 different ones). None of them found anything!
I refuse to download a plugin just to take back my browser and I am not one to wait around till someone else figures it out so I went in on my own and looked around. I believe I have a workaround that doesn't involve a complete re-install... however it is close to a re-install and it is a little messy so use at your own risk! It worked for me so there is hope it can work for you.
1. Close Firefox
2. Navigate to the Mozilla firefox folder in program files
3. Go into the extensions folder
4. There will be several folders with funny characters (i.e. {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}). Look for the folder with a modified date on or around the date your noticed firefox acting funny and re-directing you to other pages.
5. Delete this folder. (if there is only one folder here I am not sure what this will do but you might want to consider the possibility of losing firefox specific data or having to re-install firefox if you remove this)
6. Re-open firefox.... and enjoy!
Note: individual results may vary and I am NOT responsible for any porn links you may lose in the process
Wow this works great. I can't believe all the crap I went through with hijack/malawarebytes etc etc and this cured it. THANKS