Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 25

Thread: Browser hijacking

  1. #11
    Join Date
    Oct 2011
    Location
    Southern England
    Beans
    134
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Browser hijacking

    I've renamed the .mozilla folder as suggested, and so far it seems to have worked.

    THANK YOU.

    Presumably it is now safe to delete the renamed folder, but I'll wait a while before doing that.

    The only thing I did differently that day was to let a friend show me one of his favourite sites. Presumably that was where I acquired the infection. The site was called something like "Mami's s**t", which doesn't sound very wholesome anyway.

    I certainly won't be going there again.

    I won't mark this thread as "Solved" for a few days until I'm certain the hijacker is gone, and I'll be following the discussion in the hope of learning more about this particular item of malware.

  2. #12
    Join Date
    Nov 2008
    Location
    Metro Boston
    Beans
    10,849
    Distro
    Kubuntu 14.04 Trusty Tahr

    Re: Browser hijacking

    Oh, come on now. Mami is just a cute fourteen-year-old girl who likes to drink tea, eat cake, and kill witches. How much more wholesome can you get?
    If you ask for help, please have the courtesy to check for responses and thank the people who helped you.

    Blog · Linode System Administration Guides · Android Apps for Ubuntu Users

  3. #13
    Join Date
    Oct 2011
    Location
    Southern England
    Beans
    134
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Browser hijacking

    Perhaps it's a different Mami. I don't know. I just saw page after page of videos. I don't even know what they were about. There wasn't much time, so I bookmarked the site and said I'd check it out later.

    I should be able to provide more information later this week, when I've had a chance to find out from him what the URL is.

    From a StartPage search, it seems likely that it could have been grizzom.blogspot.com, but I need to check, and I'm not going back to that place until I'm certain it's clean.

    I'm not even saying it WAS the "Mami's s**t" site that installed the hijacker, just that it seems the most likely suspect as I normally only visit a few trusted sites. A trusted friend comes over for a visit, shows me this one site, and that evening I've got an infection.

  4. #14
    Join Date
    Nov 2008
    Location
    Metro Boston
    Beans
    10,849
    Distro
    Kubuntu 14.04 Trusty Tahr

    Re: Browser hijacking

    I was making a joke. Mami is a relatively common Japanese girl's name, and there are many others who might have been on the site you mentioned besides young Ms. Tomoe of Madoka Magica fame. A quick search for "mami gravure idol" brings up lots of alternatives, many of them including videos. You can see Tomoe Mami in action at Crunchyroll. She first appears near the end of episode one complete with her impressive battle theme.

    As others have remarked, AdBlockPlus and Ghostery can help protect you against this type of junk.
    Last edited by SeijiSensei; March 26th, 2013 at 12:04 AM.
    If you ask for help, please have the courtesy to check for responses and thank the people who helped you.

    Blog · Linode System Administration Guides · Android Apps for Ubuntu Users

  5. #15
    Join Date
    Oct 2011
    Location
    Southern England
    Beans
    134
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Browser hijacking

    No problem SeijiSensei. We all need a bit of light relief from time to time.

    I already had AdBlock Plus and Ghostery installed prior to the infection, and now I've installed BrowserProtect, so I can hope it won't happen again (everything crossed).

    I've been finding a lot on line about something called (if I've got this right) "Google redirect virus" (a browser hijacker, not a virus) that seems to fit. It's described as something pretty nasty and difficult to get rid of, but most of the posts I've found seem to be two or three years old.

    I haven't had any problems since renaming the .Mozilla folder, so I can hope that's the answer. I'll give it a couple of days to be sure, then delete the folder, after which I'll mark this thread as solved - - unless the hijacker comes back that is.

  6. #16
    Join Date
    Apr 2008
    Beans
    7

    Re: Browser hijacking

    Based on the json suggestion I did a search on root for all json's and focussed on the last additions.
    One sprang out : bokehpassion_02.persona.json.

    Never heard of it, don't use it, seems some gimmick.
    But after deleting it and restarting FF, the hijack seems to be gone.
    And it is FF related, no issues with Konquerer.

  7. #17
    Join Date
    Apr 2009
    Location
    UK Lake District
    Beans
    3,075
    Distro
    Ubuntu 14.04 Trusty Tahr

    Re: Browser hijacking

    the .json files are in the .mozilla profile folder

    For me that is: ~/.mozilla/firefox/3vbwf2j7.default/bookmarkbackups/
    Ubuntu Member Always something different. Promoting Ubuntu and System 76 at TUXPC

  8. #18
    Join Date
    Nov 2012
    Location
    Halloween Town
    Beans
    Hidden!
    Distro
    Xubuntu Development Release

    Re: Browser hijacking

    Quote Originally Posted by vasa1 View Post
    I don't understand this ^^^. What exactly does it do?
    Since version 3.0, Firefox regularly creates a file for for bookmark backup in JSON format in "bookmarkbackups" folder in your profile. Firefox version 1.0 - 2.0 stored bookmark backup in HTML.
    When importing a *.json file to a new profile, it will replace any existing bookmarks with those in the *.json file.

  9. #19
    Join Date
    Jun 2008
    Location
    Across The Pond
    Beans
    821
    Distro
    Xubuntu 12.04 Precise Pangolin

    Re: Browser hijacking

    I appreciate the head's up, having recently returned to FF from Opera. I do use Adblock Plus also HTTPS Everywhere. Hopefully there will be no problems.
    "Everybody is ignorant, only on different subjects." Will Rogers

  10. #20
    Join Date
    Oct 2011
    Location
    Southern England
    Beans
    134
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Browser hijacking

    I haven't had any more problems, thank goodness, so I've deleted the old (renamed) .mozilla file and am rebuiding my bookmarks manually. They needed "thinning out", so for me, this is the best way.

    I'll mark the thread as solved (and hope it is).

    Thanks again for all your help.

Page 2 of 3 FirstFirst 123 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •