Try looking in the config screen on firefox by putting about:config
in your address bar.
See if any search options there have been hijacked. If searches are still being hijacked even in Windows Safe Mode and running firefox with addons disabled, you may have a rootkit.
Try ComboFix from Bleeping Computer, and TDSSKiller, and ZbotKiller from Kaspersky Virus Removal Tools usually work well for me detecting common rootkits.
Yeah - this is a huge f**g hairball, thanks mostly to Apple for their blockheaded resistance to supporting their users. There are some links that seem to allow one to manage their situation. I currently use Mavericks 10.9.4. Here's my take on the way to proceed:
DISCLAIMER: I am not expert on OSX, nor with Java, so follow these instructions with care. All I can say is that they semmed to work for me.
First, know that installing the latest version of Java (the JRE) gets the latest software on your system, but your system doesn't necessarily use it! To do that, you'll need to make use of the command line. Here's what I did:
First, I installed the latest version of Java, as downloaded from Oracle's Java website. To see if the new version was 'registered' in OSX, use the following command. This result shows that the 'system' doesn't recognize the upgrade, and won't be using it.
MacBook-1:~ jmoore$ java -version
java version "1.6.0_65"
Java(TM) SE Runtime Environment (build 1.6.0_65-b14-462-11M4609)
Java HotSpot(TM) 64-Bit Server VM (build 20.65-b04-462, mixed mode)
After some research, the solution seems to be the following:
MacBook-1:~ jmoore$ export JAVA_HOME="/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home"
Now, let's check the version again to see if we've made any progress:
MacBook-1:~ jmoore$ java -version
java version "1.7.0_60"
Java(TM) SE Runtime Environment (build 1.7.0_60-b19)
Java HotSpot(TM) 64-Bit Server VM (build 24.60-b09, mixed mode)
OK! I think that's it.
Best Answer
The official Java installer does not come bundled with any 3rd party software at all.
If you are getting the Amazon software as part of the payload, the only explanation is that either the installer you received wasn't genuine (possibly a browser hijack), or your machine is already infected with malware from another source.
You can check the validity of the Java installer .EXE file by right-clicking it and getting Properties for it. On the digital signatures tab, it should say Oracle America, Inc. If it says anything different, or does not have a signatures tab, then the file is not signed and is not a genuine Oracle file.