Page 1 of 2

Firefox Virus

Posted: Tue Jan 29, 2019 4:48 pm
by M8WHRR
Evening. Been using mint for a few years now, great so far. I tried downloading a couple games the other day and ever since I've had q_search jumping in on my Firefox. I search through the address bar, which is set for yahoo and it jumps to an address which is oll3.xyz

I've installed ClamAv and ClamTk, but I have no idea where to start. I've searched usr/bin and usr/bin/Firefox. Any help would be much appreciated.

Re: Firefox Virus

Posted: Tue Jan 29, 2019 5:20 pm
by sleeper12
Go to Firefox settings, Add-ons, Extensions & remove any suspicious extensions. Others can advise if you need to do more.

Re: Firefox Virus

Posted: Tue Jan 29, 2019 5:46 pm
by MrGrimm
first i'd uninstall those games. sounds like one either had something it shouldn't hidden in it,or you missed a box to uncheck to not add it's 3rd party crapware. then i would fix my firefox.

Re: Firefox Virus

Posted: Tue Jan 29, 2019 5:53 pm
by Pjotr
Delete your current .mozilla profile and start with a new, clean profile. You'll lose all of your bookmarks and all of your stored website passwords, though.

Code: Select all

rm -r -v ~/.mozilla && rm -r -v ~/.cache/mozilla

Re: Firefox Virus

Posted: Tue Jan 29, 2019 6:07 pm
by MrGrimm
Pjotr wrote:
Tue Jan 29, 2019 5:53 pm
Delete your current .mozilla profile and start with a new, clean profile. You'll lose all of your bookmarks and all of your stored website passwords, though.

Code: Select all

rm -r -v ~/.mozilla && rm -r -v ~/.cache/mozilla
simply NO! really no need to lope off one's own head to simply remove a zit.

Re: Firefox Virus

Posted: Tue Jan 29, 2019 6:16 pm
by Pjotr
MrGrimm wrote:
Tue Jan 29, 2019 6:07 pm
Pjotr wrote:
Tue Jan 29, 2019 5:53 pm
Delete your current .mozilla profile and start with a new, clean profile. You'll lose all of your bookmarks and all of your stored website passwords, though.

Code: Select all

rm -r -v ~/.mozilla && rm -r -v ~/.cache/mozilla
simply NO! really no need to lope off one's own head to simply remove a zit.
I had no idea that your head was in your .mozilla profile. :lol:

Look, when there's clearly a contamination by malware in the .mozilla profile, there's no telling how deeply it has infiltrated into it and how widely it has spread in it. Better safe than sorry.

Losing the bookmarks is not too difficult to recover from. And the stored website passwords need to be changed now, anyway.

@OP: after the cleanup I advise to run your Firefox in a sandbox, like this:
https://easylinuxtipsproject.blogspot.c ... ndbox.html

Re: Firefox Virus

Posted: Tue Jan 29, 2019 7:21 pm
by Schultz
If you want to get rid of that nastyware, follow Pjotr's advice.

Re: Firefox Virus

Posted: Tue Jan 29, 2019 7:42 pm
by all41
Schultz wrote:
Tue Jan 29, 2019 7:21 pm
If you want to get rid of that nastyware, follow Pjotr's advice.
+1
and also +1 for using Firejail sandbox to thwart further corruptions like this

Re: Firefox Virus

Posted: Tue Jan 29, 2019 7:46 pm
by MrGrimm
Pjotr wrote:
Tue Jan 29, 2019 6:16 pm
MrGrimm wrote:
Tue Jan 29, 2019 6:07 pm
Pjotr wrote:
Tue Jan 29, 2019 5:53 pm
Delete your current .mozilla profile and start with a new, clean profile. You'll lose all of your bookmarks and all of your stored website passwords, though.

Code: Select all

rm -r -v ~/.mozilla && rm -r -v ~/.cache/mozilla
simply NO! really no need to lope off one's own head to simply remove a zit.
I had no idea that your head was in your .mozilla profile. :lol:

Look, when there's clearly a contamination by malware in the .mozilla profile, there's no telling how deeply it has infiltrated into it and how widely it has spread in it. Better safe than sorry.

Losing the bookmarks is not too difficult to recover from. And the stored website passwords need to be changed now, anyway.

@OP: after the cleanup I advise to run your Firefox in a sandbox, like this:
https://easylinuxtipsproject.blogspot.c ... ndbox.html
humorous you're not. that said you're ASSuming that it's something that can't be simply removed from the addons. my roommate is a good one for forgetting to uncheck and i end up having to fix the problem he created. more times than not where the browser is concerned it's a simple matter of uninstalling something from the os and or removing a addon that was added without permission. do the checks to see if the profile can be saved first.

Re: Firefox Virus

Posted: Tue Jan 29, 2019 8:36 pm
by philotux
@ M8WHRR

Perhaps a less drastic option would be to refresh your Firefox:
If you're having problems with Firefox, refreshing it can help. The refresh feature fixes many issues by restoring Firefox to its default state while saving your essential information like bookmarks, passwords, and open tabs.
Please refer to: https://support.mozilla.org/en-US/kb/re ... d-settings

Re: Firefox Virus

Posted: Tue Jan 29, 2019 9:36 pm
by MrGrimm
philotux wrote:
Tue Jan 29, 2019 8:36 pm
@ M8WHRR

Perhaps a less drastic option would be to refresh your Firefox:
If you're having problems with Firefox, refreshing it can help. The refresh feature fixes many issues by restoring Firefox to its default state while saving your essential information like bookmarks, passwords, and open tabs.
Please refer to: https://support.mozilla.org/en-US/kb/re ... d-settings
+1

Re: Firefox Virus

Posted: Tue Jan 29, 2019 10:03 pm
by Pierre
you should still be able to export & save your current Bookmarks List though:
- - Bookmarks - Show all Bookmarks - - Import & backup - - Backup ( to a *.JSON file )
then use that mentioned Reset Function - - Help - Troubleshooting Information.

or - just follow Pjotr's advice on restoring your .mozilla profile.

Re: Firefox Virus

Posted: Wed Jan 30, 2019 6:09 am
by Pjotr
MrGrimm wrote:
Tue Jan 29, 2019 7:46 pm
humorous you're not. that said you're ASSuming
And you're not good at hiding donkeys. It takes one to know one, I suppose. Heehaw, brother! :lol:

Now let the following sink in. There's a difference between acting like a sloppy "whatever, man" teenager and acting like a responsible man who cares about a potential leak of his stored website passwords.

There's no way of knowing for sure, that a clearly infected .mozilla profile didn't also leak its stored website passwords to the creator of the malware. So changing those immediately, each and every one of them, should be first priority. Which means that losing them all by creating a shiny clean new .mozilla profile, isn't a true loss anyway.

As to the bookmarks: Pierre's suggestion should make the loss of those even easier to overcome.

Re: Firefox Virus

Posted: Wed Jan 30, 2019 7:31 am
by philotux
Pjotr wrote:
Wed Jan 30, 2019 6:09 am
There's no way of knowing for sure, that a clearly infected .mozilla profile didn't also
... infect other parts of the home directory. Is it safe to assume that the malware stays contained within the .mozilla folder?

Re: Firefox Virus

Posted: Wed Jan 30, 2019 7:32 am
by Pjotr
philotux wrote:
Wed Jan 30, 2019 7:31 am
Pjotr wrote:
Wed Jan 30, 2019 6:09 am
There's no way of knowing for sure, that a clearly infected .mozilla profile didn't also
... infects other parts of the home directory. Is it safe to assume that the malware stays contained within the .mozilla folder?
No, but that's why I advise to run your web browser in a sandbox:
https://easylinuxtipsproject.blogspot.c ... ndbox.html

Re: Firefox Virus

Posted: Wed Jan 30, 2019 7:37 am
by philotux
Yes, that's a must! Maybe it should be a sticky somewhere in the forums:
Sandbox your browser!
at the very least.

Re: Firefox Virus

Posted: Wed Jan 30, 2019 8:09 am
by MrGrimm
as stated do not delete your profile unless there is no other choice.

Re: Firefox Virus

Posted: Wed Jan 30, 2019 8:13 am
by Pjotr
MrGrimm wrote:
Wed Jan 30, 2019 8:09 am
as stated do not delete your profile unless there is no other choice.
Simply repeating debunked bad advice without giving new arguments, doesn't make it any more valid.

Re: Firefox Virus

Posted: Wed Jan 30, 2019 8:19 am
by MrGrimm
first it's not debunked advice, second it's not bad advice and you know it. you damn well know you only use the nuclear option if there is no other choice.

Re: Firefox Virus

Posted: Wed Jan 30, 2019 8:26 am
by Pjotr
MrGrimm wrote:
Wed Jan 30, 2019 8:19 am
first it's not debunked advice, second it's not bad advice and you know it. you damn well know you only use the nuclear option if there is no other choice.
Deleting the current .mozilla profile isn't the nuclear option. The nuclear option, which would indeed be exaggerated, would be to delete all the contents of the personal user folder. The rest of your message is just, again, repetition of your debunked bad advice....

Peace!
https://www.youtube.com/watch?v=qfTdCYl-c70