I got whazzed with a complete BITCH of a skanking the other week, and I use firefox. Something called Antimalware doctor downloaded itself onto my netbook. Entering safemode, and using Hijack This! to delete suspicious startup entries, then malwarebytes to clean the system, I managed to get rid of it.

Or so I thought.

Next time I loaded the netbook up, and clicked on firefox, it started running really slow. I thought I would maybe nip onto avg's website via google to see if there were any updates, to give everything a full, up-to-date scan. To my horror, I got redirected to a load of trash - stopzilla.com or something. I tried again, once more via google's search and link, and got redirected somewhere different. So I tried a malwarebytes link, with a redirect to a shopping page. Every time I went on a computer 'defence' site, I got redirected.

I tried to quit out of firefox, and was met with a mega-freeze. After a while I had to reset the machine, as it hung for ages with no movement. Instead of loading windows up, I was faced with a black screen, apart from a single white cursor flicking on and off in the top left corner of the screen. I reset again, and was faced with the same thing. It didn't even present the Asus load-up screen, just ... nothing.

Eventually I managed to get the netbook to jump straight into BIOS, and found the problem. My primary boot device had been set to Nothing! After resetting it as the HD, I managed to load up in safe mode with networking.

Clicking on firefox in safe mode, I entered google and searched for avg. My jaw dropped when the redirect still happened! Damn thing had infected my machine so bad that it had skanked my safe mode networking. I tried malwarebytes again, and spent hours using Hijack This to examine every startup programme and check for fake entries. Still nothing.

Then I chanced upon something. I went into firefox and entered the avg address directly into the address bar. It worked! No redirect! I tried the malwarebytes website. Success! Then I saw something that had somehow previous eluded my attention. My homepage is google. Just plain old google. Now my homepage was google featuring Mozilla, with a few firefox visuals on the screen. I'd seen this mozilla google before and it was fine, so it was familiar. But I thought it odd that I hadn't set that version of google as my homepage, and yet there it was. Coupled with the google redirects, I decided to search for this term:

'firefox redirect virus'

And there it was. Infected by a rootkit, that seemed to commandeer my google homepage with it's own ghost mozilla google homepage, redirecting anything that threatened it. I grabbed the TDSS Rootkit Removal Tool from Kaspersky, and the brilliant little programme found the rootkit within seconds and smashed it. No problems since.

So firefox hyper skanked me, with a rootkit designed specifically to exploit it.

Prinny, thanks for this post. My mate has had his laptop infected for the umpteenth time and it just loads into a black screen. I will try a similar method to yours, although he uses IE so it may be something different.

I hate malware with a passion, but then, who likes it?

My brother converted my whole family to Opera more years ago than I can remember. Never looked back.

You guys who are catching nasty stuff with Firefox - are you using NoScript?

I don't use it at the moment, but I have in the past. The only thing I'm using at the moment is Adblock Plus (at least the only thing that might have a positive impact as far as security goes) and I've never had a single problem.

NoScript is too much of a pain in the arse to use. You can get quite far into a website before coming up to something that needs Flash or javascript (and it may not be obvious)

I would moan about that but I'm currently coding a web app that is unusable without JS (boss demanded a design that makes a noscript version near impossible) so I can't complain.

My question is what the heck are you doing to catch all this stuff?!

I use my XP PC extensively for questionable things (games related - it's a work thing), and it seems clean. Running Eset as my antivirus and firewall.

Am I just lucky, secretly infected, or simply not as bad a man as the other bad mans in this thread?

Can't remember how I got my skanking. I think I was checking out some random movie blog.

A blog?! I assumed this stuff was almost exclusive to pr0n and pirate game sites.

Sadly not Obscure film, iirc. Now I'm a bit paranoid. It was with trepidation that I compiled the Godzilla thread post today, grabbing stuff off blogs, but they're all ok.

If it had been porn, at least i would have had a GLORY to go with the skanking, but alas, nothing.

I dunno, maybe it was porn. My memory is hazy. It happened at about 1pm, so i was probably a bit drunk.

You can get a virus from a single compromised site.

What's worse is the new method of spreading malware: Fill a server with popular images. You click on the image in google image search, site loads in the background and runs the exploit.

That was it! I remember now!

I was looking at a blog and it had a load of links to other blogs at the bottom. It was the usual ****e about PHOTOSHOP GAFFES and BODYBUILDING NIGHTMARES. Amongst the picture links was an image of Christina Hendricks at a desk, tits bulging out of her top.

''Ay Up', I thought, 'I'll have a bit of that. Ring a ding ding.' I clicked on it to get my big tit fix and the site locked up. It must have ran the exploit in the background at that point.

Never mind, it's all been fixed. I don't blame Miss Hendricks and she's welcome to pop round mine for a spot of motorboating anytime.

I was searching for tesselating geometric patterns the other day and a link from google images had my firefox crash and flag up warnings in my antivirus

A link from Google images is how the guy at work got infected the other day. I may just be lucky, or AdBlock is stripping the crappy content.

I haven't used AV in years, Adblock Plus seems to work wonders it seems.