findamo.com has hijacked my homepage how can I remove it ?
My homepage in Firefox has been hijacked by www.findamo.com. Re-setting the homepage does not work. Avast, CCcleaner, Spybot and DDSKill cannot detect it as malware. It is caused by a plugin called bPortectorForWindows. It puts many java scripts on the system. The executable and dll are found in the C:\Documents And Settings\All Users\Application Data\bProtectorForWindows folder. The exe file can be removed but the dll and .settings file cannot be removed as you are informed that they are being used by another user. An entry is also found in Scheduled tasks which runs every minute called bprotect which executes se.exe from the system32 folder of Windows. The exe file can be removed and the scheduled task can be removed. After re-starting the system everything except the scheduled task has been re-created and the home page remains as www.findamo.com. I have tried stopping each running service and deleting bprotect.dll and bprotect.settings but to no avail. I have even tried to install Recovery Console from the XP CD to allow me to delete these files but I get a blue screen crash saying that either a virus is present on the HDD or it is corrupt. Running CHKDSK /F proves that the HDD is not corrupted. All plugins have been removed but the problem persists. IE8 had the same problem but it has an option to stop software from changing the desired homepage and this solved the problem for IE8 once this option was set.
被采纳的解决方案
Thanks again mha007 from jual99. Unfortunately this did not solve the problem. I had already removed all add-ons as I thought this might be the problem. In the meantime I have found a solution which works. From http://www.neuber.com/taskmanager/ I downloaded "Security Task Manager". It is a free trial. For anyone else with the problem this is how you use it. Once the file is downloaded - run it - it will show all processes on a system and their potential security risk. Look for any entry of bProtectorForWindows and click on it. It is only shown as a low risk. Then click the remove button. It will say that it cannot be removed because it is in use by other users but gives the option of removing it the next time Windows starts - so click this option. Close "Security Task Manager" and re-boot. Once re-booted you will find that the bProtectorFoeWindows folder has actually been removed. Re-set your home page in Firefox in the usual manner and you will find that it now works fine. My thanks to neuber for their trial software
定位到答案原位置 👍 8所有回复 (10)
hello, go to help > troubleshooting information & click on the "show folder" button next to profile directory. a explorer windows should open up. in this folder look out for a file called user.js and delete/rename it & restart firefox to see if the homepage settings are kept afterwards.
you can also use the free version of malwarebytes to run a full scan of your system: http://www.malwarebytes.org/products/malwarebytes_free
You said:
- "The executable and dll are found in the C:\Documents And Settings\All Users\Application Data\bProtectorForWindows folder."
- "An entry is also found in Scheduled tasks which runs every minute called bprotect which executes se.exe from the system32 folder of Windows."
- "I have tried stopping each running service and deleting bprotect.dll and bprotect.settings but to no avail."
Perform the suggestions mentioned below:
1) Restart your Windows in Safe Mode as described in the following article:
- http://support.microsoft.com/kb/315265
- Uninstall suspicious/unknown softwares from Control Panel -> Add/Remove Programs
- Delete ALL the files you pointed-out while using your Windows in Safe Mode
- Also perform the following suggestions while your Windows is in Safe Mode.
2) Is my Firefox problem a result of MALWARE ??
- Popups Not Blocked - http://kb.mozillazine.org/Popups_not_blocked
-> Do a MALWARE check with these Malware Scanning programs. You need to scan with all programs because each program detects different malware. Make sure that you UPDATE each program to get the latest version of their Databases before doing a Scan. Also, Close All other Applications (softwares) before Starting to Run Scans.
- Malwarebytes' Anti-Malware -> http://www.malwarebytes.org/mbam.php
- SuperAntispyware -> http://www.superantispyware.com/
- Spybot Search & Destroy -> http://www.safer-networking.org/en/index.html
- Ad-Aware Free Internet Security -> http://www.lavasoft.com/products/ad_aware_free.php
- Microsoft Safety Scanner -> http://www.microsoft.com/security/scanner/en-us/default.aspx
- Windows Defender -> http://www.microsoft.com/windows/products/winfamily/defender/default.mspx
- Anti-Rootkit Utility - TDSSKiller -> http://support.kaspersky.com/faq/?qid=208283363
-> After performing all the above steps, now Restart your system.
3) Reset your homepage as described in this article -> Restore the default home page
Check and tell if its working.
Thank you all for your assistance from jual99. In safe mode the suspect files cannot be deleted. Malwarebytes' Anti-Malware found nothing. SuperAntispyware was the best as it found 2 entries for bprotect and was able to delete them - however the problem still exists. Spybot found nothing. Ad-Ware found nothing. Microsoft Safety Scanner found nothing. Windows Defender found nothing. TDSSKiller which I have tried previously also found nothing I will keep trying and post a result when and if I am successful.
Start Firefox in -> Diagnose Firefox issues using Troubleshoot Mode to check if your add-ons/extensions are causing the problems.
- Also see this article -> Troubleshoot extensions, themes and hardware acceleration issues to solve common Firefox problems
Check and tell if its working normally while using Firefox in Diagnose Firefox issues using Troubleshoot Mode.
选择的解决方案
Thanks again mha007 from jual99. Unfortunately this did not solve the problem. I had already removed all add-ons as I thought this might be the problem. In the meantime I have found a solution which works. From http://www.neuber.com/taskmanager/ I downloaded "Security Task Manager". It is a free trial. For anyone else with the problem this is how you use it. Once the file is downloaded - run it - it will show all processes on a system and their potential security risk. Look for any entry of bProtectorForWindows and click on it. It is only shown as a low risk. Then click the remove button. It will say that it cannot be removed because it is in use by other users but gives the option of removing it the next time Windows starts - so click this option. Close "Security Task Manager" and re-boot. Once re-booted you will find that the bProtectorFoeWindows folder has actually been removed. Re-set your home page in Firefox in the usual manner and you will find that it now works fine. My thanks to neuber for their trial software
I have done all of the above and still no resolution...including the neuber. I am at a loss:(
hello, aimhigh4once - did any of the tools you've used pick up & remove the bprotector program running on your pc? you can double-check by downloading & installing hijackthis and see if anything referencing to bprotector is remaining in your configuration (if so, select & fix the entry).
if everything is cleared & the findamo homepage is still showing up after each restart of firefox, please go to firefox > help > troubleshooting information & click the "show folder" button next to profile directory. a new explorer window should open up, in there search for a file called user.js and rename it to something like olduser.js.
I updated superspyware this am. It picked up 5 of their adwares. I removed them all. Then I went to my computer and deleted all programs that were from 5/23/2012. I have been able now to change my homepage back to roadrunner. Thank you everyone for your help:) Have a great Memorial Day weekend. I will be staying home since its race weekend here and moving about the city is difficult and Thanks again:D
Hello Owner.....Your suggestion worked like a charm. Many,many thanks !!!....I am very computer iterate and was going to manually edit my registry tonight....now I don't have too !!!
(Findamo actually comes with an uninstaller so its very easy to uninstall it. Just go to control panel and click on the uninstall button.
由karlasillen于