• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

FireFox has been cracked...

H

homercles337

Diamond Member
I dont remember when this started happening but when i type any url (sans the www and com/org/etc) i get sent to searchathand.com. What is going on here? For example, in the past i could just type "google" and i would go to google. Now i get sent to searchathand.com. Any ideas? Thanks.

--Homer
 
it's not foxfire it's whatever you have been downloading. It's easy to make any browser redirect to your site if the user is willing to download your program and install it on their machine for you. Get adaware or something and try to clean your drive.
 
Have you tried running spyware removers like spybot and/or adaware? I'm not sure where you even set "default" url's to go to in the absence of a proper URL...

 
Originally posted by: homercles337
FireFox has been cracked...
Click to expand...

Yes, and you're the one who broke it by downloading something malicious.

Bullet proof vests aren't exactly bullet proof, then there's the fact that they don't protect your head and neck very well...so the best way stay alive is to try and avoid fire fights when possible.
 
Originally posted by: bunnyfubbles
Originally posted by: homercles337
FireFox has been cracked...
Click to expand...

Yes, and you're the one who broke it by downloading something malicious.

Bullet proof vests aren't exactly bullet proof, then there's the fact that they don't protect your head and neck very well...so the best way stay alive is to try and avoid fire fights when possible.
Click to expand...

Youre wrong. I NEVER download anything from unknown sites. Take your "holier than thou" crap elsewhere. Thanks.
 
From looking into this previously, it appears that searchathand.com has bought the domain name google.com.net. So if your browser has trouble reaching www.google.com, and tacks on the likely TLD suffixes in case you meant it as a search term rather than a URL, then one of those will be the .net TLD. And hey look, if it goes to www.google.com.net, its DNS resolves, namely to searchathand.com.

Passive pharming, someone called it. On a separate note, make sure that you aren't using an out-of-date verison of FireFox, the current one as of today is 1.5.0.4 and fixes highly-critical vulnerabilities in 1.5.0.3. So make sure it's up-to-date.
 
Originally posted by: mechBgon
From looking into this previously, it appears that searchathand.com has bought the domain name google.com.net. So if your browser has trouble reaching www.google.com, and tacks on the likely TLD suffixes in case you meant it as a search term rather than a URL, then one of those will be the .net TLD. And hey look, if it goes to www.google.com.net, its DNS resolves, namely to searchathand.com.

Passive pharming, someone called it. On a separate note, make sure that you aren't using an out-of-date verison of FireFox, the current one as of today is 1.5.0.4 and fixes highly-critical vulnerabilities in 1.5.0.3. So make sure it's up-to-date.
Click to expand...

Great info mech. And yes, im fully updated--always. I even removed then reinstalled FF and i had the same result. Im wondering if poking around the reg is necessary?
 
You can try deleting your C:\Documents and Settings\<user>\Application Data\Mozilla\Firefox directory and see if that helps any.

Edit: note that this will delete your firefox profile and plugins and such. Given this, I'd recommend simply renaming the directory first, and see how that works so you can undo it if desired.
 
Originally posted by: homercles337
Im wondering if poking around the reg is necessary?
Click to expand...
Why would you? From the looks of mech's post, this is not really an exploit, just a clever trick that has nothing to do with your machine (Do other american's experience the same thing? 'google' sends me to www.google.ca).

Have you tweaked your quicksearch at all? If other people don't experience this, it could be that they've still got the default which maps 'google' to 'http://www.google.com/search?q=%s'. You could try adding a quicksearch for google to do it properly. That'll only fix this specific instance, but are any other domains getting 'hijacked' in this way?
 
try a new profile...i once had a problem that random pictures on websites were replaced with porn pictures! so i did the "clear private data" tool built in firefox 1.5 and it was gone. but i still made a new profile after that and i made sure that adblock plus was updated (though i have adblock filterset G updater installed) from then on.
 
Originally posted by: MangoTBG
Could this have something to do with the hosts file?
Click to expand...
That is what I was thinking. Check %windir%\system32\drivers\etc\host. for any unusual entries (besides localhost 127.0.0.1). Also, check your IP stack by opening your network connection and seeing if the TCP/IP properties have not been set to a static DNS. If DNS has changed to a malicious site, they can redirect any entry to another site. You could type www.goggle.com and their DNS will point it to the other site when the browser tries to resolve the address to a numeric IP.

BTW, no amount of profile deleting or tweaking will make a single difference if the IP stack has been compromised with false DNS or host resolutions. Check the network first.
 
THANK YOU!!!!!!

I finally solved this awful despicable problem with searchathand despicable human beings!!!!!

THANKSSSSSSS!!!

I had been working on it and losing sleep over it for 3 whole days!!!

The virus simply can't be found because it is NOT a virus. The freaking thing that messes with your internet TCP IP settings could be called "bastard" or anything. But it doesn't place virus in your pc. It just alters your dns servers.

THANKS THANKS THANKS THANKS - ALL IS SOLVED - THANKS THANKS THANKS

THANK YOU AWESOME FORUM!!!!!!!!!!!!!!!!!!
 
Originally posted by: travmont
THANK YOU!!!!!!

I finally solved this awful despicable problem with searchathand despicable human beings!!!!!

THANKSSSSSSS!!!

I had been working on it and losing sleep over it for 3 whole days!!!

The virus simply can't be found because it is NOT a virus. The freaking thing that messes with your internet TCP IP settings could be called "bastard" or anything. But it doesn't place virus in your pc. It just alters your dns servers.

THANKS THANKS THANKS THANKS - ALL IS SOLVED - THANKS THANKS THANKS

THANK YOU AWESOME FORUM!!!!!!!!!!!!!!!!!!
Click to expand...

Uh. . ok somebody correct me if I'm wrong. . .but how could something that would NOT be considered a virus gain access to AND alter your TCP/IP DNS server settings without your authorization or knowledge?
 
Originally posted by: ahurtt
Originally posted by: travmont
THANK YOU!!!!!!

I finally solved this awful despicable problem with searchathand despicable human beings!!!!!

THANKSSSSSSS!!!

I had been working on it and losing sleep over it for 3 whole days!!!

The virus simply can't be found because it is NOT a virus. The freaking thing that messes with your internet TCP IP settings could be called "bastard" or anything. But it doesn't place virus in your pc. It just alters your dns servers.

THANKS THANKS THANKS THANKS - ALL IS SOLVED - THANKS THANKS THANKS

THANK YOU AWESOME FORUM!!!!!!!!!!!!!!!!!!
Click to expand...

Uh. . ok somebody correct me if I'm wrong. . .but how could something that would NOT be considered a virus gain access to AND alter your TCP/IP DNS server settings without your authorization or knowledge?
Click to expand...
Because it is not classified as a virus. Virii are self-replicating and generally do require action (worms do not and can effect a machine without a user - pet peeve about calling something in e-mail a "worm" - the definition has blurred). Anyway, this is usually a one shot deal via an exploit in a browser or by social engineering to get you to click OK to install it. It usually implies you have the right to change the settings (read admin or power user). AND most AV packages do not find this as it is a behavior as they watch for file signatures. Spyware scanners tend to find it (but sig based for the most part.) The only thing I know will catch it by deed instead of content is Cisco Security Agent with the correct rules. But CSA is not available over the counter (enterprise software from Cisco.)
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top