How to restore Firefox tabs after removing adware?

1

1

I installed a software from CNET Downlaods and with it came bunch of adware that was bloating down my system and generally just making my life difficult. It changed my home page in Firefox, added some some extensions, and all my tabs were gone the next time I started Firefox (Firefox closed during the installation of the software). It also added two new search engines and changed my default search engine from Google to one of the new ones.

Addons installed were:

  • DealPly Shopping 2.0
  • Default Tab 2.0
  • lucky leap 1.0.0

I have disabled all of them but not removed them yet.

It also added a toolbar in Internet Explorer.

It doesn't seem to be doing any harm now and I can use Firefox as usual, but I want my tabs back. I have made two copies of my Firefox profile folder, one before and one after disabling the above mentioned addons.

I have tried renaming and replacing the following files.

  • sessionstore.bak
  • sessionstore.js
  • sessionstore-1.js

But I didn't manage to restore the previous session or tabs. I did have those options available from the Firefox history menu right before I removed the addons. But I guess after closing Firefox and the new tabs these were stored into these files. So there is nothing to restore from now. Or is there? Maybe I'm doing it the wrong way...

I also noticed that I have shadow copies of my Firefox profile folder from yesterday. Can I use this to restore my Firefox tabs?

Some screenshots...

The last screenshot shows what happened when I opened a new tab in Internet Explorer, went to google.com and tried to click in the search field to do a web search.

Click on them for larger view.

scrn1

scrn2

scrn3

scrn4

Samir

Posted 2013-09-01T10:12:07.853

Reputation: 17 919

1I think I was the one who allowed the addons to install in the first place. After successfully uninstalling the software it opened up Firefox and there were 3 tabs open, one showed the "satisfaction" type of feedback form on the developer website, and the other two were confirmations for installing Default Tab 2.0 and Lucky leap 1.0.0. – Samir – 2013-09-01T10:55:39.957

1Now, after restoring the tabs using the shadow copy from yesterday and starting Firefox for the first time, along with my tabs there were 3 confirmation tabs for all three of the addons listed above. One reads about:newaddon?id=addon@defaulttab.com in the address bar, one is about:newaddon?id=firefox@luckyleap.net and the last one is about:newaddon?id={906000a4-88d9-4d52-b209-7a772970d91f}. I of course closed all of these. – Samir – 2013-09-01T10:58:14.840

Answers

2

Yes, in general you should be able to use a shadow copy to "go back in time". Just make sure you restore the whole folder.

Extra note: Use a tool such as Malwarebytes.org to ensure everything is indeed removed (some components might hide in background or be loaded by other processes, e.g. those using Internet Explorer, in case you only cleaned Firefox.

Mario

Posted 2013-09-01T10:12:07.853

Reputation: 3 685

It worked! I first copied over the shadow copy to my desktop by clicking on Copy button in the folder properties window, just to have a backup of it. I then clicked the Restore button (folder properties) to do the in-place restore of the folder. Firefox needs to be closed when you do this. I started Firefox again and all my tabs were back, well those from yesterday anyway. Plus, the addon installation tabs asking for install confirmation as shown above. – Samir – 2013-09-01T10:41:44.803

1I had some bad experience with Malwarebytes software in the past, but I will give it a spin anyway. I just didn't expect this from CNET Downloads. But during the instlalation there was a small checkbox of some sort, I just clicked Next and didn't see what it said. CNET is nowdays using their own offline type of installer for the programs you download. That checkbox must have been the option for adding this crappy-ware on my system. This is why it's important to go through the installation carefully and remove any extra software. – Samir – 2013-09-01T10:47:04.670

1Yes, main reason for me to no longer download anything from CNET. Same crapware/bundled stuff Oracle does with Java. Worst part, in some cases this is indeed business software and they essentially compromise your security for their gain... "I just clicked Next and didn't see what it said" is exactly what they want you to do - they could make it opt-in, but won't do so. – Mario – 2013-09-01T11:41:06.033

1If you don't want to use Malewarebytes, you can find a step-by-step guide to remove Lucky Leap by hand here [removed link; they're trying to install their own crap...]. There might be other stuff bundled with it though. Deactivating it in Firefox (or other browsers) usually isn't enough. – Mario – 2013-09-01T11:46:58.667

If you don't trust Malewarebytes or want to use an alternative, try Spybot Search & Destroy.

– Mario – 2013-09-01T11:49:52.260

@Sammy — I don't know what your buttons (CopyRestore) are. – Nicolas Barbulesco – 2013-10-05T08:10:26.077

1@NicolasBarbulesco If you've got a shadow copy, it should appear in the folder properties as a new tab. There you'll see previous versions with folder icons. Just double click any copy and it should open in a standard Explorer window (but it will still show the old copy; not the current one). You can then just drag&drop files or use standard copy/past shortcuts. – Mario – 2013-10-05T09:37:00.097

@Mario — I don't know this "shadow copy". It must be a Windows thing. – Nicolas Barbulesco – 2013-10-07T12:27:30.110

1Yes, it's a feature built into Windows 7 and Windows 8. It essentially tries not to overwrite previous versions of "protected" files (by default everything under My Documents) and instead leaves the previous versions as "shadow copies". I'm not sure something like that exists in any form for Linux systems, although I could imagine someone wrote something like that. – Mario – 2013-10-08T09:35:41.213

Asked: 2013-09-01T10:12:07.853

Viewed: 807 times

Active: 2016-10-18T22:12:59.937