Ask Your Question
2

F18 browser hijacker malware problem

asked 2013-12-28 19:08:54 -0600

joseluisq gravatar image

updated 2014-09-28 10:51:41 -0600

mether gravatar image

Hello,
I have Fedora 18 x64,
And recently I have a problem with a malware called browser hijacker ( Linkbucks.com ) inexplicably that adhered to my browsers (Firefox and Chrome)
I thought it was a browser problem only, I uninstall and remove the two browsers and related files but the problem is persisting... I think is a daemon..

Basictly this malware change the "HREF (in html)" The link is replaced when I click on some link for then show me many damn ads.. Here a screenshot

image description

Note my link is http://www.dcwg.org/detect/
I review on internet about this, I found some information for MS Windows but not for Linux, I would like to identify this malware on my system and report it for help to others with similar problems, Also I read that might be a DNS Changer, but I'm not sure because the links are replaced when just I click on them.

By the way, When I enter in this link http://meta.stackoverflow.com/questions/89433/stack-overflow-requires-external-javascript-from-another-domain-message to show me a message on the top of site this say Meta Stack Overflow requires external JavaScript from another domain, which is blocked or failed to load. Maybe that might be a DNS changer..

I hope I don't wrong to post it here.. But if I wrong, can you help me with some home pages for discuss about this topic?

Finally This is my first experience but I think the re-installation of F18 is not the unique solution :D
Thanks in advance!

edit retag flag offensive close merge delete

3 Answers

Sort by ยป oldest newest most voted
3

answered 2014-01-03 22:22:11 -0600

joseluisq gravatar image

It's a malware that infects any browsers like firefox or google chorme, this virus replace the original link of your page, so that changes it for annoying ads when you click on links. Finally I got to delete it to it as follows:

First uninstalling the infected browsers via yum

sudo yum remove firefox google-chrome

Second, in your home directory, delete the config folder for your infected browsers.
Keep in mind, I'm using Fedora 20 x64 in this tutorial, depending of your system version the location for these directories could change.

Firefox

rm -rf /home/username/.mozilla/firefox

Google Chrome

rm -rf /home/username/.config/google-chrome

Finally, install the browsers once again.

sudo yum install firefox google-chrome-stable

Change 'username' to your current username. I hope my little experience can help them.

Thanks to @FranciscoD_ for the idea ;)

edit flag offensive delete link more

Comments

2

I don't think you need to remove and install your browsers. The malware should not have permissions to modify the system files that the rpms install. Whatever it was, it probably made modifications to your user files only. That being said, I've never run into such a situation so you really should be careful of what you're opening in your browsers.

FranciscoD_ gravatar imageFranciscoD_ ( 2014-01-04 00:09:22 -0600 )edit
1

Exactly, I think this situation it happened because I opened some suspect link (unintentionally), Yeah I will be careful from now. Thanks bro.

joseluisq gravatar imagejoseluisq ( 2014-01-04 10:57:08 -0600 )edit
4

answered 2013-12-28 23:24:49 -0600

FranciscoD_ gravatar image

Reinstalling firefox won't do much. Delete your firefox profiles, create a new one and see if the issue persists.

edit flag offensive delete link more

Comments

Yes, really I unistalled both browsers via yum then I removed the config files of my home directory. I will publish the complete solution, Thanks anyway !

joseluisq gravatar imagejoseluisq ( 2014-01-03 21:12:23 -0600 )edit

The internet is full of scam artists; you do have to be careful about what you click. But when you do get your browser problem sorted out, it would be wise to back up ALL your browser configuration files, preferably to another drive. Then if something like this happens again, you can just replace the config files without having to do another browser install.

hawkfeather gravatar imagehawkfeather ( 2014-09-10 01:32:50 -0600 )edit

Question Tools

Stats

Asked: 2013-12-28 19:08:54 -0600

Seen: 778 times

Last updated: Sep 07 '14