Thanks KinJasasis.
I have re-installed Firefox using the code above. However, I entered the code line by line - not sure if that was the intention or to copy it in one block. The 2nd code line
rm ~/.mozilla/ ~/.cache/mozilla/ -rf
produced a warning message about the dangers of recursive commands. I did not understand what that was about, so removed it and succeeded in reinstalling firefox using the 3rd line of code. That is fully successful, the hijacking thing having gone and all the bookmarks are back again. So a good solution. Thank you.
SteveEnthusiast
Excellent. I'm glad that worked for you Steve!
I'm also glad the infection only affected the browser and not the rest of your system!
As for the warning about the recursive command, it was because I used the rm command with the -rf switches, which can be extremely dangerous and should always be used with
EXTREME CARE. If used improperly, using rm with -rf can hose your entire system.
I assure you that the line I posted containing the 'rm' command
WAS completely safe. It would only have removed two hidden directories containing cached data from Firefox that were stored in your home folder. Removing those caches would ensure that all of the various settings and data cached by the malware were removed. It would also have got rid of all other data and settings that Firefox had cached. So all of your bookmarks and extensions would also be gone!
When recommending the use of the 'rm' command in forum posts (and when using it in the terminal on my own machine) - I
always list paths to the files to delete immediately after the 'rm' command. Then visually verify that the paths to all files are 100% correct before adding the '-rf' switches at the end of the line and pressing enter, or posting!
If you copy/pasted that command it was definitely completely safe. I would
NEVER intentionally post a command that would cause damage to another persons system and always go to great pains to ensure that there are no mistakes in any posted code.
However, your caution was well advised. You should
ALWAYS be careful when copying/pasting code/commands from the internet. Especially if they contain the 'rm' command - and even moreso if they have the '-rf' switches specified. Some people out there are not as conscientious and
will post malicious commands that
WILL hose your machine!
But once again - I assure you that the rm command I posted was
completely safe:
Code:
rm ~/.mozilla/ ~/.cache/mozilla/ -rf
However, if I had accidentally (or maliciously) inserted a space between '~/' and one of the directory names, the command would do something completely different:
e.g.
DO NOT RUN THIS - THIS IS A BAD USE OF rm:
Code:
rm ~/.mozilla ~/ .cache/mozilla -rf
Because of the space between '~/' and '.cache/mozilla' - the above would cause rm to recursively remove the hidden ~/.mozilla directory, then your entire home dir (~/) and then the .cache/mozilla dir - which wouldn't exist any more at that point because it would have already been removed when your home dir was recursively removed.
:: Eeek! :: :/
As seen above - a simple typo can have disasterous consequences when using 'rm' with '-rf' and is the reason that I am so careful when using or recommending it!
It's also the kind of "mistake" that is deliberately hidden in code posted by malicious posters/trolls on some forums and is definitely something to look out for when copy/pasting terminal commands from the internet.
If I'm ever unsure of commands copied from the internet - I will post them into a plain text file (so they cannot be executed) and will visually check through them for any accidental/deliberate mistakes. And if I'm ever unsure - I simply won't run them!
Finally - the following recursive rm command is basically suicide:
NEVER RUN THIS - This is like armageddon for your Linux PC!!!!
Code:
sudo rm -rf --no-preserve-root /
That would recursively delete every single thing on the file-system, including on the file-systems of all mounted devices. Also, if you have a system which uses UEFI instead of BIOS - it is also possible that it will delete data on the EPROM containing the UEFI settings and completely brick your motherboard/PC - because this is typically mounted too.
Perhaps I should have mentioned some of this in my original post! :/
Either way - I'm glad your problem is sorted!