Mod request - update a thread

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by ImGeo, Dec 9, 2012.

  1. ImGeo

    ImGeo Private E-2

    Hello, I know this isn't the appropriate way to do things, but I've spent way too many hours to fix this firefox hijack, and hope that I can help other users. The link to http://forums.majorgeeks.com/showthread.php?t=177061 is the top result when searching for "firefox slirsredirect.search.aol.com", and I'm guessing some users would have discovered the hijack enough to end up at that thread.

    Since I'm unable to reply to that thread myself to add the info I provided, I'm requesting that a mod (or someone with permissions) add the following info to that thread, so that other users get the info they need.

    ---------------

    These instructions only apply to Firefox, and not internet explorer:
    After uninstalling all AOL/AIM programs, and extensions (from the add-ons/extensions screen), if you're still redirected from the home page (aka, from the address bar type "about:home", and do a search from that box), it's because AIM modified the C:\Users\<user>\AppData\Roaming\Mozilla\Firefox\Profiles\<profile>.default\chromeappsstore.sqlite database to include the following: emoh.:moz-safe-about|search-engine|{"name":"AOL Search","searchUrl":"http://slirsredirect.search.aol.com/redirector/sredir?sredir=843&q=_searchTerms_&s_it=aimright-ff&s_qt=sb&tb_uuid=2012120952816355&tb_oid=09-12-2012&tb_mrud=09-12-2012"}|0|

    What this means, is that the browser thinks that the default safe search engine is AIM instead of google. To fix it, you need to replace chromeappsstore.sqlite with a non-hijacked one, such as this one which I uploaded to my Dropbox https://dl.dropbox.com/u/15537140/chromeappsstore.sqlite -- but since you're afraid of hijacking and have no reason to trust mine, what you can do is go to C:\Users\<user>\AppData\Roaming\Mozilla\Firefox\ and rename profiles.ini and restart Firefox. Now a new profiles.ini will be created, and a new profile in C:\Users\<user>\AppData\Roaming\Mozilla\Firefox\Profiles\<new_profile>.default\ which contains a default chromeappsstore.sqlite.

    Make a copy of this new chromeappsstore.sqlite, then delete the new profiles.ini, and un-rename the old profiles.ini, paste the new chromeappsstore.sqlite into the old profile folder (overwriting the old corrupt one), and the next time you start firefox and search from about:home, you should be back to using Google.
     
    ImGeo, Dec 9, 2012
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    I'm sorry but that is a 4 year old thread that we will not be updating. But thanks for your post.

    There are different methods in use these days to resolve issues with Firefox ( and also Chrome ) having redirection problems. Sometimes the easiest and fastest thing to do is a simple reset to default settings which can be easily performed with Firefox ( see: Reset Firefox to Defaults ). No real easy way with Chrome. The other fast thing to do is uninstall, delete folders from the applications ( necessary to remove the addon ) and then reinstall. We have dozens of issues with Chrome and Firefox each week and since there are so many different reasons/infections, it is easier to have a more generic approach by resetting to defaults.
     
    chaslang, Dec 10, 2012
    #2

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds