Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Lavasoft in Firefox

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Lavasoft in Firefox

Unread postby forever-nl » August 8th, 2014, 7:23 pm

Lavasoft hijacks Firefox with annoying 'secure search'

Using: Windows 8.1. and Firefox 31.0

Short description:
Firefox browser appears to be 'hijacked' by some lavasoft <add bad language here> <use imagination>.

Symptoms and appearance: Symptoms appeared after installing several free software programs for working with PDF files. I find it likely they are related, but would like to keep them and get rid of lavasoft. When using Firefox and typing an invalid url the lavasoft comes up, recently it also launched on 100% valid URLs from other websites (for example Wikipedia). Installed programs include 'Soda PDF 6' and 'PDF split and merge'. Usually I uncheck all toolbars and other garbage but it's possible I missed something or it installed without option.

Note: Internet Explorer appears to be infected as well.

Tried steps:
- Checked installed programs on Windows for signs of something that could cause this. Nothing.
- Checked browers plugins and addons. Nothing out of the ordinary.
- Manually changed default start page to google again (via Firefox general tab).
- Tried steps from lavasoft.com to remove SecureSearch (so they call it...). Steps were to type about:config and search for Keyword.url in order to replace it with different search engine. No results on "Keyword.url". (screenshot included)

Thanks in advance, any help or inside is greatly appreciated.


Attachments:
- FRST.txt -- Scan result of Farbar Recovery Scan Tool
- Addition -- Additional scan result of Farbar Recovery Scan Tool
- lavasoft.png -- Image of browser infection in Firefox
- firefoxconfig.png -- Where the Lavasoft steps fail
You do not have the required permissions to view the files attached to this post.
Last edited by forever-nl on August 9th, 2014, 1:10 pm, edited 2 times in total.
forever-nl
Active Member
 
Posts: 5
Joined: August 8th, 2014, 6:32 pm
Advertisement
Register to Remove

Re: Lavasoft in Firefox

Unread postby forever-nl » August 8th, 2014, 7:45 pm

After reporting the issue on the bottom it provided list with similar topics about people being annoyed by lavasofties. I looked at them and found installing and running AdwCleaner to be a possible solution (as provided by Cypher). I tried this and this seemed to solve the issue by removing a file in "~\Firefox\Profiles\akdgoyj3.default\prefs.js".

It appears there are still traces left though:
lavasofties.png
You do not have the required permissions to view the files attached to this post.
forever-nl
Active Member
 
Posts: 5
Joined: August 8th, 2014, 6:32 pm

Re: Lavasoft in Firefox

Unread postby Gary R » August 9th, 2014, 12:56 am

Uninstall ... Ad-Aware Browsing Protection ... which looks likely to be the culprit.

It shows in your Addition.txt log as ...

Ad-Aware Browsing Protection (HKLM-x32\...\Ad-Aware Browsing Protection) (Version: 1.0.1.110 - Lavasoft)


... of course you may not be able to remove it this way now because you've "jumped the gun" and tried to fix things yourself and in doing so you may have damaged the uninstaller, in which case we'll need to hack things out manually.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Lavasoft in Firefox

Unread postby forever-nl » August 9th, 2014, 2:51 am

Hi Gary, thanks for your quick reply. I have removed the 'software' via control panel list. Showed no errors and appeared to be gone entirely from browser afterwards. AdwCleaner did find a register key still but that was also removed.

Sorry for 'jumping the gun' I read you guys don't alow/like it as it can actually do more bad then good to install all kind of anti-malware possibly sheep in wolf's clothes.

Two questions remain: Is it possible it was 'hidden' from uninstall list in Windows before I ran AdwCleaner? Or did I just overlook it. Also any idea what software it was packaged with? This so I can start sending hate mail to author about it :-)
forever-nl
Active Member
 
Posts: 5
Joined: August 8th, 2014, 6:32 pm

Re: Lavasoft in Firefox

Unread postby Gary R » August 9th, 2014, 8:36 am

No there's nothing to suggest it was hidden, you probably just overlooked it, it's easily done.

I've no idea which program it came bundled with, these days just about anything that is "free" can come bundled with stuff you don't want.

Before we finish, you could also do with uninstalling the following 2 programs ...

Java 7 Update 45 (64-bit)
Java 7 Update 60


Out of date versions of Java can be (and usually are) exploited.

If you don't have a specific need for Java, I usually recommend people not to have it on their machines. Java is not the same as Javascript, which almost all websites use, so most people have it installed thinking that they have to have it for their browsers to work properly, when they don't actually have a need for it at all.

I've run without Java for years, and had absolutely no problems whatsoever.

If you do have a specific need for Java, then download and install the latest version ... JDK 7 Update 67 (JDK or JRE) ... new exploits for Java are found regularly (practically every week), so it's important that you check regularly for new updates.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Lavasoft in Firefox

Unread postby forever-nl » August 9th, 2014, 12:06 pm

I'm aware of Java security issues. I updated Java 7 to version 76 and removed the old version(s). Some games I play use it, and a chat box too. However, in Firefox the plugin is disabled by default, this should already greatly reduce risk? I do read security related news on a technology website in my country, if they write about new great risk exploits I will be extra careful.

Aside of this, I noticed the link to DDS in "forum rules" on top of this page gives 404 error. I guess most people will find their way but fixing it could help and also adding the version for Windows 8.1...

Is it okay when I remove log files as they no longer serve any purpose?

Thanks for your help, I'm glad I got rid of the mess. Have a good weekend!
forever-nl
Active Member
 
Posts: 5
Joined: August 8th, 2014, 6:32 pm

Re: Lavasoft in Firefox

Unread postby Gary R » August 9th, 2014, 3:19 pm

Both the DDS links in ... viewtopic.php?p=491381#p491381 ... work for me.

There is no version of DDS for Windows 8.1, and its creator has made it pretty clear that he has no intentions at present of creating one, which is why we use FRST to anylise problems on machines using Windows 8.1

Yes, it's OK for you to remove the log files.

Glad we could help you. :)

As your problems appear to have been resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 281 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware