Home
Archive
About Me
Disclaimer
Contact Me
How I Fixed my Hijacked Firefox from MyWebSearch Spyware!
3 days back I was browsing a popular website and I spotted “Zwinky” (which is supposed to turn a photograph into a 3D image)! It did look harmless and hence I installed it willing to give it a try. If you read me regularly, then you might probably know that I prefer Firefox over any other browser. I had used Firefox while downloading and installing “Zwinky”. But my excitement was short-lived when I spotted a new web search tool bar (MyWebSearch) that was added to my Firefox toolbar without my permission during the installation. I uninstalled this toolbar and thought it was the end of it; but soon I was going to be proved wrong!
Sometimes later, while trying to lookup something in Google, I directly typed the search query into the Firefox location/address bar. Usually, it should have displayed Google search results or a direct website based on Google’s "I'm feeling Lucky" algorithm. But this time, I got this instead:
It was super-annoying because I couldn’t search with Google, my primary search engine and Firefox, my primary web browser. It was clear that my dear browser (Firefox) was hijacked by MyWebSearch, which was causing browser redirection to their site. What the hell? I went through all of the Firefox preferences (Tools --> Options) to see if I could change back the default search engine to Google but I couldn't find any such option! Searching in Google for “MyWebSearch” gave me loads of information about this spyware. Yes, I would call it a spyware because it collects and stores information about the web pages you view, the data you enter in online forms and search fields, the "clicks" you make, the IP address, URL and country of the sites you visit, your IP address, information about your browser and operating system, and the products you purchase online while using the service. Instantly I did a scan of my PC using “Spybot – Search & Destroy”. It did find some instances of “MyWebSearch” and claimed to clean it too. But when I started Firefox, I saw it remained hijacked! Damn! :(
"MyWebSearch" Spyware Removal - Getting rid of Firefox/Google redirect Hijack:
The most irritating thing about a spyware is that it can manage to hide in your system and thus hard to be cleaned/removed. And “MyWebSearch” appeared to be quite good at it. I did the following things trying to hunt it down:
1. I checked again in “Add & Remove Programs” list. It wasn’t there.
2. I did a manual search in the “C:\program files”. I didn’t find any suspicious folder here as well. I expanded my search to whole “C:\”, without any luck.
3. Now I opened the “Registry Editor” (Start --> Run --> regedit). I did a search (Ctrl+F) for “MyWebSearch” and found 3 registry entries. I deleted them after making sure that they were the ones I was looking for. To make sure I was not missing any more registry keys, I did a search for “search” and this gave me some more entries. Out of these most were genuine Windows registry keys. But I found 2 of them were pointing to “MyWebSearch” entries; so I deleted them as well.
WARNING! If you are doing this, please be very careful while deleting a registry entry. Accidental deletion of a genuine entry may result in corrupted Windows that can only be fixed via reinstalling Windows.
After deleting the relevant “MyWebSearch” entries from the registry I was almost sure that this time it was finally removed. I started Firefox and oops; I was wrong! It was still hiding somewhere and hijacking my search results everytime I tried to do a quick Google Search via Firefox location/address bar. I searched on Web in hopes of finding out a MyWebSearch removal tool. But most (all) of them described how to get rid of the toolbar, which I had removed already. I could hardly find any info that could help in getting back my hijacked Firefox. I tried HijackThis (a free spyware removal tool by Trend Micro) too. But it was unable to sniff out “MyWebSearch” in its scan result.
I was beginning to get frustrated at this point and suddenly another “test idea” came across my mind. I went to the configuration mode of Firefox by typing “about:config” on the location bar. But searching for “defaultSearch” in the filter bar, gave me “Google” as the default engine! Damn. Where did they hide the redirect hijack configuration then?
Baffled, I now keyed in “myweb” in the filter box and here it was. It showed me the entries where the user setting was modified to hijack the browser, without my permission.
I right-clicked both the entries, choose “Reset” and restarted Firefox.
Hurray! And now the search result is back to Google. I am glad that this nasty hijack episode is finally over for me. Sorry Firefox. You had to spend 3 days in hostage situation due to my stupidity (in deciding to try out a malicious program like “Zwinky”). If you are facing a similar situation of browser hijack and looking for a way out, feel free to try my above steps and let me know if it helped.
Happy Testing…
Categories:
Critical Thinking,
How I Fixed,
How To,
Lessons Learned,
News,
Quality,
Software Testing,
Thinking Tester,
Tutorial
Or Subscribe via Email
[Print this Page]
35 Comments:
Wow. This pest had been hunting me for several weeks now. And when I had almost decided try and live with it for ever, I came across your blog. Thanks a lot for sharing your experience here. I had already tried many of those so called removal tools, anti-spyware. But it was your Firefox Config hack what did the job for me. Now my Firefox is free from MyWebSearch and runs faster too. Thanks a lot once again, Debasis.
Brilliant! – This saved me ages digging around. It also saved my kids from being banned from the PC for more than a day or 2…
Aaargh, now they’ve found their way into Firefox! Mywebsearch is truly the Devil.
Like you I tried every anti spyware without any luck to delete mywebsearch. Then found your site. Thank goodness it was so simple to delete with your guidance.
Thanks a million for this tip. Saved me hours of head scratching :)
Awesome. I had been trying to get rid of this bugger since 2 months. In this period I tried every leading anti-spyware that you can think of. But in vain. Who would have thought that it's solution was so simple and was present inside Firefox itself? You are simple brilliant, Debasis. Thanks for the tip.
Hi Debasis ,
You can try below this also.
open mozilla
press these keys on keyboard
ALT+T+A or just go to Tool>add ons
on the plugins/extensions tab , remove speedbit.
ALso click on View>toolbars and check if Speedbit is listed their, if yes uncheck it.
go to control panel>add remove programs> highlight speedbit> remove.
type "about:config" in firefox address bar(without quotes)
search for "keyword.URL" by pressing Ctrl+F
change its entry to " http://www.google.co.in/search?q="
Thank You for this tip. It would be useful in my "Admin's" part of computing.
Also I must thank Vivek for additional useful info.
You are the BEST buddy. Simply smart and determined. It was intriguing to see how you kept your hopes up while hunting down this malware and how you finally tracked it down. Though I have never been infected by it yet, I simply enjoyed the way you described your story of rescuing hijacked Firefox. Keep it up. Happy Bug Hunting ;)
@ Everybody,
Thanks everyone for leaving your comments. I'm glad to see that my little experience is helping you in getting rid of MyWebSearch. Thanks Vivek for leaving your comment on how to get rid of it. Hope it may help people for whom my method doesn't work out. Happy Testing/Bug Fixing... ;)
Please accept me as a warrior in your War against the Evil MyWebSearch. I hereby take oath to fight till my last breath to bring it down. Amen...
Maybe this faq on their website on - "How do I uninstall the My Web Search toolbar?" would have helped?
http://smileycentral.custhelp.com/cgi-bin/smileycentral.cfg/php/enduser/std_adp.php?p_faqid=2355&p_created=1170433528&p_sid=Mk4l5VGj&p_accessibility=0&p_redirect=&p_lva=2142&p_sp=cF9zcmNoPTEmcF9zb3J0X2J5PSZwX2dyaWRzb3J0PSZwX3Jvd19jbnQ9NTAsNTAmcF9wcm9kcz05MzYsMTAyMyZwX2NhdHM9JnBfcHY9Mi4xMDIzJnBfY3Y9JnBfcGFnZT0x&p_li=&p_topview=1
@ Hadi,
Yeah, that's a informative source how to uninstall the toolbar. But if you look closely, I had no trouble getting rid of their toolbar (Add/Remove Programs seemed to do it). The problem was the hidden MyWebSearch that was hijacking my Google Search Result Page and was redirecting to their own! I could not allow a third party software to take control of my browsing preferences, without my permission.
THANK YOUUUUUUUU
Hey man, my folks machine got hijacked by a similar program (ALOT search). Your solution worked like a charm, thanks. :D
Thank you! I learned something new. MyWebsearch.. those dastardly, sneaky dogs!
OMG!!!!! Thank you so very, very much! Pissed me off for MONTHS. Wasted weekends doing many of the things you tried as well. Gave up using Firefox altogether. I truly appreciate your work and grateful that you shared it with others.
SecurityTool may also generate annoying pop ups and will perform a fake system scan. This system scan will come up with all sorts of false results in order to scare you into buying the full version.
@ Anonymous,
I am glad that I decided to write my experience as a blog post (going against my self-decided norm to post mainly software testing related stuffs here). Seeing that this is helping many annoyed people whom MyWebSearch had troubled so much, brings me immense relief and satisfaction.
Thank you so much! That stupid thing was making me crazy. I searched everywhere to find a solution and happily I got here.
Awesome *thumbs up* finally got rid of it! :D
Best solution I have found and only one that worked. Easy and great instructions! Thank you...I'm free of MyWebSearch...
Thank you very much. Like you I got rid of the toolbar a while ago but mywebsearch was still there. It resulted in me having a 'pretend' blue screen. Eventually got that sorted but have only now, thanks to you, been able to get rid of the culprit.
You're very helpful, thanks again.
Bananange
Thank you so much. Can't believe it was that simple. been reading all sorts on how to get rid of it including editing the registry. Should have found this article day's ago. Thanks again!!!!!
thanks a bunch! i got infected by mywebsearch toolbar through zwinky a couple of months ago, and barely managed to uninstal it. no google highjacking that time. but a couple of days ago, i got infected with the highjacker via msn-update (that's really mean!) thanks for the great solution - i only fiddled with firefox (your last solution) and it worked like charm!
Nice blog.... Thanks for the sharing http://www.itemplatez.com
It's already been said above....had this problem for a couple of months and was beginning to think that it's here to stay. But it's now gone thanks to you. CHEERS
you are great 5 months of problems, this solution saved me!!!!!!
Thank You Thank You Thank You, I have finally gotten rid of the pain in the but my web. Thank You so much I didn't know what I was going to do. I finally have my fav search engine back. I even bookmarked this page just in case. Thanks J.W
Amazing. It was driving me nuts. You solved it in a few minutes. Such nerve of them!
Thank Debasis,
your post was both clear and efficient
Very informative blog. Testers should have digging out habbit.
Had the same problem for the past months.
Firefox default search engine set at Google, but still hijacked by mywebsearch.
Thought of the filter - with five entries, while simultaneously reading this page.
"RESET" did the trick !! :-)
Mywebsearch web site does not provide useful information :
http://helpint.mywebsearch.com/intlinfo/policies/policies.jhtml
An online help form will even ask you to create an account first !!
http://smileycentral.custhelp.com/cgi-bin/smileycentral.cfg/php/enduser/ask.php
Hi Debasis,
Im a silent reader of your blog for more than 1 year now i guess. The thing which made me speak today is a same spyware named 'SweetIm' that too hijacked my firefox the same way 'MyWebSearch' did yours. I was completely tired with how to get rid of it then suddenly this post of yours came into my mind and I used the same workaround you discussed here and got freed from that damn toolbar.
Thanks for sharing your these kind a experiences.
Thank you Thank you tried posting on tech guy no reply I'm so glad to come across this while searhing.
Post a Comment