Browser Hijacked by Firefox Add-on

There are thousands of Firefox Add-ons   Most of them are good, but bad ones exist.

Recently, my Firefox was hijacked, when I was using Google, the search results page was redirected to

searchdotcom hijack browser

I thought of being hijacked by evil add-ons ( I have over 20 add-ons installed ), so I restart in safe mode to test this idea.

restart with firefox addons disabled

I was right, the problem was gone, Google search results page won’t be redirected to anymore.

Next, I enabled add-ons one by one, if the problem arose again after enabling add-on A, then A was the evil add-on.

Finally, I found the bad guy –

remove google search redirects

Here is a video recorded to show what it does to Firefox – the evidence.

The add-on download link is

So, guys, be careful next time you want to try a preliminarily reviewed Firefox add-on, which means “not thoroughly tested” and “potentially harmful”. And when you got problem with Firefox, follow my steps mentioned above, firstly, restart with all addons disabled, then enable one by one to find the cause.


  1. Anonymous   •  

    My fault, “search?q=…” should be “/search?q=…”.

  2. Anonymous   •  

    Perhaps it is because of something like that…&url=&…
    where “hex_string” is URL encoded “search?q=…”, which, after some careless processing by the addon, becomes some kind of URL beginning with “”?

  3. Meteor   •  


    • Jeriff Cheng   •     Author

      不用客气 :) 花了我好多天琢磨

  4. Kelly Brookman   •  

    Your evidence is not evidence at all as many malware addons will not enable their payload unless other addons are enabled that impact the same area. You should really take the time to rename the xpi to a zip, extract the contents and look through the code to find true evidence (of which when looking through this addon there was none to support your claim).

    You should not be doing such kinds of outrageous poorly researched statements.

    • Kelly Brookman   •  

      I do however want to comment on Jeriff Cheng’s false accusatory statements and poor non-evidence.
      Non-evidence, worthless garbage that cannot by any sane thinking human be thought to prove the intended point of the claim.
      Now why do I say Jeriff’s evidence is garbage non-evidence.
      Watch his youtube video:
      Did he test on a new windows install? No.
      On a fresh firefox install? No. – From here down is the Minimum testing that should have been done. He failed to do this.
      With a brand new profile? No. He failed to do this.
      With no other addons installed? No. He failed to do this.
      With no other addons enabled (as the accusatory text on his webpage implies)? NO! NO! He failed to do this.

      So his most basic test is a complete and total failure as he had other addons enabled and malware addons have been known to detect changes in the areas they want to impact (thus searching for other addons affecting that area) and only enable their payload at that time.
      Worse, it maybe his PC that is infected or any prior infection to his Firefox profile or Firefox install itself due to some real malware or virus.

      Lastly, all one has to do to check is look at the source code. Download the .XPI file for the extension. Rename the .XPI file to a .ZIP file. Extract the contents from the zip. Read through the files included looking for the malware code.
      If Jeriff had done proper diligence before making such a report he would have tried just that and shown the malware code.
      Jeriff Cheng’s review, page, and Youtube video should all be removed.

      • Jeriff Cheng   •     Author

        lol, I’m not celebrity, little influence, I have right to say someone is bad or good, you can say no to me if you don’t think so, but please try for yourself.. try this addon, you will find out I was right.

    • Jeriff Cheng   •     Author

      Yeah, you are right, but your case is rare, very little possibility that someone is planning to frame another one….
      Have you tried this addon ?

Leave a Reply

Your email address will not be published. Required fields are marked *