Can't remove plugin. Malware. I can disable it, but there's no option to remove.
A friend of mine accidentally installed something he shouldn't have which installed a plugin in Firefox called "Information Vine". The offending app is gone but the plugin remains.
The result of the addon was that it redirected every Google search to their own website (type something into Google... no "common phrase" dropdown... and it takes you to the malware's host website to display links to advertisers masquerading as Google search results.) And any installed adware/malware removal app already installed on his computer refuses to run (forcing me to install new software, which neither sees nor detects the malware.) His Avast Antivirus likewise does not detect the plugin.
Disabling the plugin solved the issue of redirecting his Google searches, but I can not find a way to *remove* the plugin itself. I've tried going thru his plugin folder (in his User\Profile directory), removing anything suspicious in his Registry that might be related, and even "HiJackThis" doesn't detect the plugin (even if I re-enable it.)
I'm stumped. How do I delete a plugin that can't be removed by conventional means? I've tried every answer found on Google but nothing works.
TIA
PS: Before anyone suggests it, I also already tried obtaining the path to the plugin via "about:plugins", found the folder and deleted it, yet it's still there.
Ändrad
Vald lösning
I contacted my friend last night and provided him with instructions on how to reenable the plugin, take a screenshot, and email it back to me.
He called back to say that after reenabling the plugin, the problem did not return and all is now fine. I had spent about an hour on his computer the day before deleting suspicious software and hand-deleting suspicious Registry entries (all Chinese characters), but never rechecked to see if I had fixed his issue. It appears now I had.
I even tried to visit "VineInformation.com" myself from home but the URL no longer exists. Ugh!
I don't like not knowing what happened, but ces't la vie.
Thanks all.
Läs svaret i sitt sammanhang 👍 0Alla svar (20)
You may have ad/mal-ware. Further information can be found in this article; https://support.mozilla.org/en-US/kb/troubleshoot-firefox-issues-caused-malware?cache=no
Run most or all of the listed malware scanners. Each works differently. If one program misses something, another may pick it up.
If you still have the redirect problem, Type about:support in the address bar and press Enter. Under the main banner, press the button; Copy Text To Clipboard.. Now in the Reply Box on the forum page, do a right-click in the box and select Paste.
This will show us your system details. No Personal Information Is Collected.
Thanks for the reply. I've uploaded my friend's browser data (saved to a text file) here .
The offending app appears in the data as "WideVine". The app was removed and the plugin disabled, but the references are still there.
TIA
Mugsy said
This application has not been configured to display crash reports.
Type about:preferences#advanced<enter> in the address bar. Select Data Choices. Turn on Enable Crash Reporter.
Note: For Firefox 56+ its; about:preferences#privacy Under Firefox Data Collection turn on Allow Firefox To Send Crash Reports.
Did you run the mal-scanners?
Mugsy said
. . . . it redirected every Google search . . .
Type about:preferences#search<enter> in the address bar. You can select any search engine to be your default from here.
You can also remove an engine from here.
Thanks for the reply.
His browser is not crashing, and I have run numerous malware/adware scans. I am simply trying to remove the now-disabled offending plugin from his system.
As noted, his "Avast AV" did not detect a problem, nor did "HiJackThis" detect the BHO. Another AdWare detector called "Exterminate It" detected a couple of apps it identified as AdWare, but they were old & unrelated to his current issue. I removed them anyway.
Also, as noted, when the plugin is disabled, he is able to search normally using Google once again (which he visits via the URL, not the FF search bar.)
PS: This is FF Quantum v65.
Ändrad
Hello Mugsy,
Just in case you'd like some info about the WideVine plugin :
https://support.mozilla.org/en-US/kb/enable-drm
And please see FredMcD's post (Chosen Solution) and my post in this thread :
Thanks for the reply, but I've already seen that post and it provides no helpful information other than to suggest performing a MalWare scan, which I have already done.
Mugsy said
Thanks for the reply, but I've already seen that post and it provides no helpful information other than to suggest performing a MalWare scan, which I have already done.
How about :
- The article about the WideVine plugin?
- My post in that thread ?
I have already removed the WideVine app yet the plugin remains.
I had already seen those posts prior to posting and they did not resolve the problem.
Mugsy said
I have already removed the WideVine app yet the plugin remains.
The WideVine plugin is built-in and can't be removed. To disable it you can set it to 'Never Activate' (hence I gave you a link to that article about WideVine).
As stated in my initial post, I have already disabled the plugin.
I wish to remove it. It is malware and has no business being present at all.
Mugsy said
As stated in my initial post, I have already disabled the plugin. I wish to remove it. It is malware and has no business being present at all.
The WideVine plugin is not malware. And, like I said before, you can't remove it, just disable it, like you have already done.
What you menioned in your original post ('Information Vine') is not the same thing as the WideVine plugin - hence I asked you to take a look at my post in that other thread.
I can't tell you what you want to hear - maybe somebody else can (sorry .... )
My friend informed me he downloaded "Map" software which installed the "WideVine" plugin. The installer prompted if he also wanted to install additional utilities and he foolishly clicked "Yes".
Disabling the "WideVine" plugin disables the redirected searches.
So it wasn't "WideVine" that installed the MalWare, it was the installer itself.
But all of this is irrelevant. The plugin is present and needs to go.
Ändrad
Your friend installed 'Map' - that is not the same as 'Information Vine', as you mentioned earlier .... There is some malware with the word 'Map' - see these search results .....
But again : the WideVine plugin is not malware and as far as I know it can't be removed.
The fact that after you disabled the plugin, searches are 'back to normal' : I'm convinved that that is just a coincidence. Removing the malware (whatever it was) is more likely the reason why the problem disappeared.
If you (or your friend) are not happy with the built-in WideVine plugin, then I can only hope that someone else will be able to tell you how to remove it ......
Mugsy said
I wish to remove it. It is malware and has no business being present at all.
What the Widevine has been used for in Firefox as it can be used on sites like Netflix and Amazon Prime Video. https://support.mozilla.org/en-US/kb/enable-drm
I believe you are the first to claim it is malware or comes with malware.
McCoy said
Just in case you'd like some info about the WideVine plugin : https://support.mozilla.org/en-US/kb/enable-drm
Maybe the fact that James gives you the same information about the WideVine plugin, will convince you ?
AFAIK, the software was not called "Map". He stated he was looking for "Map" software (instead of using "Yahoo Maps as usual.")
After doing so, every time he went to Google to search for something, the search results always resulted in a page with a graphic logo in the upper left that read "Vine Information" followed by links to products related & not to his search query.
Disabling the "WideVine" plugin, Google stopped redirecting his searches to "Vine Information".
I'm not sure how much clearer I can be, or what any of this has to do with being unable to remove an installed plugin.
James said
I believe you are the first to claim it is malware or comes with malware.
I'm not claiming "WideVine" is malware. I'm telling you the program that installed the plugin may have modified/replaced or otherwise installed something called "WideVine" that was redirecting his searches.
Whether or not it is a legitimate copy of the "WideVine" plugin, I can not say. All I can tell you is a plugin calling itself "WideVine" was redirecting his searches, and defies removal.
McCoy said
McCoy saidJust in case you'd like some info about the WideVine plugin : https://support.mozilla.org/en-US/kb/enable-drmMaybe the fact that James gives you the same information about the WideVine plugin, will convince you ?
Convince me of what? There are no removal instructions at that link. And you are assuming this plugin is legitimate software that should be easily removable. Clearly it is not.
Mugsy said
Convince me of what?
Convince you of the fact that the (built-in) WideVine plugin is not malware.
There are no removal instructions at that link. And you are assuming this plugin is legitimate software that should be easily removable. Clearly it is not.
Again : the plugin is built-in and can't be removed.
I give up ......