1
I'm running Linux Mint, with Firefox 12.0 (Mozilla Firefox 1.0 for Linux Mint). I also have one Firefox extension installed: Live HTTP headers. I am not using Firefox Sync.
Whenever I go to any website using Firefox, I observe on the bottom status-bar that my browser is contacting a domain called "my-top-fun.com
".
I assume this is some malware that is tracking which sites I visit, probably to use as marketing data.
My first thought was to make sure that only Firefox is affected, and this isn't some deeper issue. So, I tried a simple wget
, and also downloaded and installed Google-Chrome for Linux. Both are unaffected - so the problem is definitely isolated to Firefox.
I've Googled around for "my-top-fun.com", but other than whois
and other domain registration information, there is literally no information available about this domain. I grep
'd around for my-top-fun.com
in ~/.mozilla
but found nothing other than references to the domain in the Cache files and in the .mozilla/firefox/mwad0hks.default/sessionstore.js
file.
Using the Live HTTP Headers extension, I can see that Firefox is making a request to my-top-fun.com
whenever I vist any site:
http://my-top-fun.com/script.js
GET /script.js HTTP/1.1
Host: my-top-fun.com
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:12.0) Gecko/20100101 Firefox/12.0
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://superuser.com/
Cookie: __utma=203335309.1541668361.1361278532.1361278532.1361278532.1; __utmc=203335309; __utmz=203335309.1361278532.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=%22my-top-fun.com%22
If-Modified-Since: Sun, 17 Feb 2013 23:40:24 GMT
If-None-Match: "1180033-36f-4d5f421e93750"
Cache-Control: max-age=0
So, what are some strategies to attempt to remove this malware from Firefox? Should I just uninstall, and then re-install Firefox?
2Do you have any Firefox extensions installed? – gronostaj – 2013-02-19T17:19:22.813
Are you using Firefox sync? Could it be a plugin synced from another machine? Have you checked for suspicious plugins? – user 99572 is fine – 2013-02-19T17:19:58.607
I have one Firefox extension: Live HTTP headers. – Channel72 – 2013-02-19T17:21:17.543
I am not using Firefox sync – Channel72 – 2013-02-19T17:21:43.890