Help!! My website has been ruined by pop up ads, links, etc.

Try returning the prefs.js to where it belongs. It's not unusual for it to be that size, that's where all your Firefox preference settings are kept, not just the adware. But do trash the user.js, which is responsible for locking the prefs.js, making it impossible to remove the GoPhoto.it Add-on.

Next, with Firefox quit, open up prefs.js with TextEdit and look through it for all the items marked as extensions. Do you see the GoPhoto thing anywhere there? Also, in the address bar, enter "about:config" (no quotes) skip the silly "I promise" warning, and enter "extensions" in the search field there, and see if the GoPhoto thing comes up. Please report back what you see. You may be able to remove this without trashing prefs.js.

WZZZ wrote:

Try returning the prefs.js to where it belongs. It's not unusual for it to be that size

Hmmm, mine is only 303KB and it's full of many years worth of preferences.

Thomas has observed a huge increase in his test bed, so something needs to go, but I think it would be best to figure out what that is and use Firefox "about:config" to edit it as recommended.

Just checked mine again and you're right. However, but not certain of this, it may be possible to remove all this junk from prefs.js by way of about:config. So, the OP should go directly to about:config, without opening prefs.js.

WZZZ wrote:

Try returning the prefs.js to where it belongs. It's not unusual for it to be that size

1.2 MB? No, that's not normal, at least not in my experience. And at least some recent versions of GoPhoto.it install almost 800 K worth of JavaScript code in that file. It's not all installed in one place. A file comparison showed that a lot of the code is in one new block, but that there are a number of other lines that were added or changed.

It is, of course, up to PeterUK how he wants to handle this and whether he's willing to live with the loss of whatever preferences are deleted... but personally, I wouldn't trust that file after GoPhoto.it has molested it.

If you've got Firefox set to remember passwords, they shouldn't be stored in there. That would be a huge security risk... anyone who got their hands on your computer, or any malware that got installed, could grab them in a flash. They should be somewhere else, in an encrypted file.

I'm not a regular Firefox user, so I'm not entirely certain what preferences will be lost. Just keep in mind that it's not irreversible... as long as you keep the old, compromised prefs.js, you can always go back to that if you have to. I doubt you will, though.

I wouldn't bother with about:config. Although that's an easier way to edit those preferences than by using a text editor, you still wouldn't know exactly what needed to be deleted or changed. (I imagine the one massive code block should be pretty obvious, but the rest of the changes not so much.)

Sorry Thomas, I was badly off about the size of prefs.js, but I do think it may be possible to clear this out through about:config.

Peter, no your bookmarks aren't stored there. They are safely stored in another file in the Profiles folder, places.sqlite and passwords are in signons.sqlite and key3.db.

prefs.js saves some, but not all, of your settings. It saves the settings that have been changed from the default settings. See what happens for yourself if you pull it out and then restart Firefox. Then you will be able to know if it's worth it trying to save the current prefs.js by editing in about:config, or if you can live with the new prefs.js and make changes accordingly.

I'm not certain about this, since I don't have this adware to inspect, but in about:config, it may be a simple matter of just removing the GoPhoto.it extensions. It's worth having a look anyway. There may be no massive code block there. That may just exist in prefs.js.

OK, I'm learning about this too. I've never had to do it this way. I'm seeing that there is no option to directly delete an about:config entry, either through the delete key on the keyboard or by right clicking on the entry. I have been reading that right-clicking on the entry should bring up Reset, which upon quitting and re-opening FF should remove the entry, but most of my about:config entries have Reset greyed out.

I suppose you can see if the ones for GoPhoto--if they are there--are greyed out or not.

Thomas, here's an idea. Maybe not for the average user, but possibly something you might want to try. Since prefs.js is supposed to be a plain text file, wouldn't it be possible to just nuke all the extraneous code, the code block--no need to edit it selectively-- and edit out all the unwanted GoPhoto extensions listed there as well?

A small example, from mine:

user_pref("extensions.acr.amo_host", "addons.mozilla.org");

user_pref("extensions.acr.donefirstrun", true);

user_pref("extensions.acr.firstrun", false);

user_pref("extensions.acr.previousApplicationVersion", "17.0");

user_pref("extensions.adblockplus.correctTyposAsked", true);

user_pref("extensions.adblockplus.currentVersion", "2.5.1");

user_pref("extensions.adblockplus.fastcollapse", true);

user_pref("extensions.adblockplus.hideContributeButton", true);

user_pref("extensions.adblockplus.lastRuleUpdate", 1353595410);

user_pref("extensions.adblockplus.notificationdata", "{\"lastCheck\":1397163984991,\"softExpiration\":1397187026670,\"hardExpiration \":1397259722829,\"data\":{\"notifications\":[],\"version\":\"201404092340\"},\" lastError\":0,\"downloadStatus\":\"synchronize_ok\",\"shown\":[]}");

user_pref("extensions.autohidetabbar.delayHideMs", 3000);

user_pref("extensions.autohidetabbar.delayShowMs", 50);

user_pref("extensions.autohidetabbar.isEnabled", false);

user_pref("extensions.autohidetabbar.isUseHotKey", true);

user_pref("extensions.beef-taco.showtoolbarpref", true);

user_pref("extensions.blocklist.pingCountTotal", 1001);

user_pref("extensions.blocklist.pingCountVersion", 22);

user_pref("extensions.bootstrappedAddons", "{\"***************\":{\"version\":\"2.2\",\"type\":\"extension\",\"descriptor\":\"/Users/****/Libr ary/Application Support/Firefox/Profiles/4xotrpre.default/extensions/add-to-searchbox***********.xpi\"},\"*************-addons.mozilla.org\":{\"version\":\"1.1\",\"type\":\"extension\",\"descriptor\":\"/Users/****/Libr ary/Application Support/Firefox/Profiles/4xotrpre.default/extensions****************2-addons.moz illa.org.xpi\"},\"{086e582e-455b-4289-bfab-e90da7c0558b}\":{\"version\":\"1.3\",\"type\" :\"extension\",\"descriptor\":\"/Users/****/Library/Application Support/Firefox/Profiles/4xotrpre.default/extensions/{086e582e-455b-4289-bfab-e 90da7c0558b}.xpi\"},\"{1823e248-6bf4-f6f1-7901-65a68e8b6c1e}\":{\"version\":\"1. 0\",\"type\":\"extension\",\"descriptor\":\"/Users/****/Library/Application Support/Firefox/Profiles/4xotrpre.default/extensions/{1823e248-6bf4-f6f1-7901-6 5a68e8b6c1e}.xpi\"},\"{a7213cf2-fa1e-4373-88ff-255d0abd3020}\":{\"version\":\"0. 4.5\",\"type\":\"extension\",\"descriptor\":\"/Users/****/Library/Application Support/Firefox/Profiles/4xotrpre.default/extensions/{a7213cf2-fa1e-4373-88ff-2 55d0abd3020}.xpi\"},\"{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\":{\"version\":\"2. 5.1\",\"type\":\"extension\",\"descriptor\":\"/Users/****/Library/Application Support/Firefox/Profiles/4xotrpre.default/extensions/{d10d0bf8-f5b5-c8b4-a8b2-2 b9879e08c5d}.xpi\"},\"firefox@ghostery.com\":{\"version\":\"5.1.2\",\"type\":\"extension\",\"descriptor\":\"/Users/****/Li brary/Application Support/Firefox/Profiles/4xotrpre.default/extensions/firefox@ghostery.com.xpi\"}}");

user_pref("extensions.bprivacy.DataDir", "/Users/****/Library/Preferences/Macromedia");

user_pref("extensions.bprivacy.LSOcount", 1);

user_pref("extensions.bprivacy.initiated", 3);

user_pref("extensions.bprivacy.lastSession", "Wed Oct 5 10:31:14 2011");

user_pref("extensions.calomelsslvalidation.first_install", false);

user_pref("extensions.calomelsslvalidation.version", 70);

user_pref("extensions.checkCompatibility", false);

user_pref("extensions.checkCompatibility.3.6", false);

user_pref("extensions.checkCompatibility.3.6b", false);

user_pref("extensions.checkCompatibility.3.6p", false);

user_pref("extensions.checkCompatibility.3.6pre", false);

user_pref("extensions.checkCompatibility.3.7a", false);

user_pref("extensions.checkCompatibility.4.0", false);

user_pref("extensions.checkCompatibility.4.0b", false);

user_pref("extensions.checkCompatibility.4.0p", false);

user_pref("extensions.checkCompatibility.4.0pre", false);

user_pref("extensions.checkCompatibility.4.2", false);

user_pref("extensions.checkCompatibility.4.2a", false);

user_pref("extensions.checkCompatibility.4.2b", false);

user_pref("extensions.checkCompatibility.4.2p", false);

user_pref("extensions.checkCompatibility.4.2pre", false);

user_pref("extensions.checkCompatibility.5.0", false);

user_pref("extensions.checkCompatibility.5.0a", false);

user_pref("extensions.checkCompatibility.5.0b", false);

user_pref("extensions.checkCompatibility.5.0p", false);

user_pref("extensions.checkCompatibility.5.0pre", false);

user_pref("extensions.checkCompatibility.6.0", false);

user_pref("extensions.checkCompatibility.6.0a", false);

user_pref("extensions.checkCompatibility.7.0", false);

user_pref("extensions.checkCompatibility.7.0a", false);

user_pref("extensions.checkCompatibility.8.0a", false);

user_pref("extensions.checkCompatibility.nightly", false);

user_pref("extensions.closealltabs2.openHome", false);

user_pref("extensions.closealltabs2.showNotifications", false);

user_pref("extensions.closealltabs2.version", "2.3");

user_pref("extensions.cookieController.on3rdParty", false);

user_pref("extensions.cookieController.startOn", true);

user_pref("extensions.cookiemonster.originaldefaulticon", true);

user_pref("extensions.cookiesafe.hideContext", false);

user_pref("extensions.cookiesafe.hideStatus", false);

user_pref("extensions.cookiesafe.initialized", true);

user_pref("extensions.cookiesmanagerplus.autoupdate", true);

user_pref("extensions.databaseSchema", 15);

user_pref("extensions.downloads_window.auto_close", false);

user_pref("extensions.downloads_window.clean_and_close", true);

user_pref("extensions.downloadyoutubemp4.download-youtube-script-url", "http://s.ytimg.com/yts/jsbin/html5player-vflUKrNpT.js");

user_pref("extensions.downloadyoutubemp4.download-youtube-signature-code", "0,-2,0,63,0");

user_pref("extensions.dta.confirmremove", false);

user_pref("extensions.dta.counter", 55);

user_pref("extensions.dta.directory", "[\"/Users/****/Desktop/\"]");

user_pref("extensions.dta.filter", "[\"\",\"/(.mp3)$/\",\"/(.(html|htm|rtf|doc|pdf))$/\",\"http://www.website.com/subdir/*.*\",\"http://www.website.com/subdir/pre*.???\"]");

user_pref("extensions.dta.network.http.max-connections", 0);

user_pref("extensions.dta.renaming", "[\"*name*.*ext*\",\"*num*_*name*.*ext*\",\"*url*-*name*.*ext*\",\"*name* (*text*).*ext*\",\"*name* (*hh*-*mm*).*ext*\"]");

user_pref("extensions.dta.saveasmode", 0);

user_pref("extensions.dta.seltab", 0);

user_pref("extensions.dta.version", "2.0.16");

bf7}:20100908,***************:2.0.21,{55ce2530-61df-4ddc-b287-feae64e70575}:0.8,{972ce4c6-7e08-4474-a285-3208 198ce6fd}:3.6.16");

wouldn't it be possible to just nuke all the extraneous code, the code block--no need to edit it selectively-- and edit out all the unwanted GoPhoto extensions listed there as well?

That is not something I would be willing to do. First, because the changes are not always easy to spot. They are not always obviously something that can be associated with GoPhoto. Second, because I'm not an expert at the format of the prefs.js file. And third, and most importantly, I have seen so many changes in adware over time that I know that there are going to be variants that may behave differently that I haven't seen yet. Keeping it simple is best, in my opinion.