Each time I start Firefox, an Avast pop-up tells me an infection has been blocked in C:\Program Files (x86)\Mozilla Firefox\firefox.exe.
Each time Avast has stopped a redirect to a different website. I have reinstalled Firefox twice, and the same message pops up as soon as I open it the newly installed Firefox.
For example, the following popped up while I typed this message:
Infection Details: URL: http://unitional.info/sync/?q=C6qUojwFqdU9rjaFrdC6qdrEqjwHqHU8tMZPhd9FqTU8qdaEpjU5qHY7qjs5rTU7rShGheDUojw8rdnFrjw9qdkGrGhEAen0rTwEpjkMDMlGojUMgNr0rihPBNq9ojsHtMl5Dd8UBMJEtMqLDe49CNU0llrMB6qPhd97rdrMAe4UojYGrHrGrHr6rHsGqHk8qTCFpjaMWy4ZBek0my06BMFLgenYA7lVCylGtNmZh80Phd9E&err=1&errurl=http%3A%2F%2Fsetfreespypros.info%2Fsync%2F%3Fq%3DC6qUojwFqdU9rjaFrdC6qdrEqjwHqHU8tMZPhd9FqTU8qdaEpjU5qHY7qjs5rTU7rShGheDUojw8rdnFrjw9qdkGrGhEAen0rTwEpjkMDMlGojUMgNr0rihPBNq9ojsHtMl5Dd8UBMJEtMqLDe49CNU0llrMB6qPhd97rdrMAe4UojYGrHrGrHr6rHsGqHk8qTCFpjaMWy4ZBek0my06BMFLgenYA7lVCylGtNmZh80Phd9E&atmp=3 Infection: URL:Mal Process: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
All Replies (3)
Could be a bad add-on. Here's my suggested procedure for tracking down and cleaning them up. I know it seems long, but it's not that bad.
(1) Open the Windows Control Panel, Uninstall a Program. After the list loads, click the "Installed on" column heading to group the infections, I mean, additions, by date. This can help in smoking out undisclosed bundle items that snuck in with some software you agreed to install. Don't be fooled by seemingly innocent or important names if you do not remember choosing to install them. Take out as much trash as possible here.
(2) Open Firefox's Add-ons page using either:
- Ctrl+Shift+a
- "3-bar" menu button (or Tools menu) > Add-ons
- in the Windows "Run" dialog, type or paste
firefox.exe "about:addons"
In the left column, click Plugins. Set nonessential and unrecognized plugins to "Never Activate".
In the left column, click Extensions. Then, if in doubt, disable (or Remove, if possible) unrecognized and unwanted extensions. (Note: you might not be able to manually Disable extensions in Safe Mode because they are disabled automatically.)
Often a link will appear above at least one disabled extension to restart Firefox. You can complete your work on the tab and click one of the links as the last step.
Any improvement?
(3) You can search for remaining issues with the scanning/cleaning tools listed in our support article: Troubleshoot Firefox issues caused by malware. These on-demand scanners are free and take considerable time to run. If they finish quickly and especially if they require payment, you may have a serious infection. I suggest the specialized forums listed in the article in that case.
Success?
If you can't get to the Add-ons page in "normal" mode, try Firefox's Safe Mode. That's a standard diagnostic tool to deactivate extensions and some advanced features of Firefox. More info: Diagnose Firefox issues using Troubleshoot Mode.
If Firefox is not running: Hold down the Shift key when starting Firefox.
If Firefox is running: You can restart Firefox in Safe Mode using either:
- "3-bar" menu button > "?" button > Restart with Add-ons Disabled
- Help menu > Restart with Add-ons Disabled
and OK the restart.
Both scenarios: A small dialog should appear. Click "Start in Safe Mode" (not Refresh).
Note: The Disable button might not be useful in Safe Mode but Remove should still work.
Any improvement?
UPDATE: I spoke too soon, just had another Avast pop up. Will continue through the recommended list of anti-malware programs.
><><><><><><><><>< Thanks for your advice jscher2000. It appears that SUPERAntiSpyware did the trick. Haven't seen the message since it ran.
I had previously tried many of these procedures, but was more aggressive in 1) Uninstalling programs and 2) shutting down plug-ins and extensions. I had run Malwarebytes before posting my question. It usually runs for about 30 minutes. None of these procedures made a difference.
SUPERAntiSpyware actually found several hundred more items that Malwarebytes.
Athraithe ag nitsujnosnaws ar