X
Tap here to go to the mobile version of the site.

منتدى الدعم

Mozila FireFox system tools 17.54.5468

Posted

When we got up this morning my mum had a message on her computer telling her to download Mozila FireFox system tools 17.54.5468 - the message popped up when she tried to play a facebook game. We clicked it and downloaded it and the computer seemed fine after that (but we did notice something called uniblue was now on her computer). Then i got onto my computer and when i tried to get into yahoo groups i got the same message. I also got a different message when half way thru watching a video on youtube a screen came up saying that the certificates for youtube were invalid or didn't exist. I deleted firefox completely - including the folder in programs (x86) - reinstalled it and i can once again play youtube videos (so far) but i'm still getting a message for Mozila FireFox system tools 17.54.5468 when i try to get into yahoo groups. My question - is 'Mozila FireFox system tools 17.54.5468' a real message from you guys and if its not, does anyone know how i get rid of it? I have Windows 7 and its a desktop if anyone needs to know.

When we got up this morning my mum had a message on her computer telling her to download Mozila FireFox system tools 17.54.5468 - the message popped up when she tried to play a facebook game. We clicked it and downloaded it and the computer seemed fine after that (but we did notice something called uniblue was now on her computer). Then i got onto my computer and when i tried to get into yahoo groups i got the same message. I also got a different message when half way thru watching a video on youtube a screen came up saying that the certificates for youtube were invalid or didn't exist. I deleted firefox completely - including the folder in programs (x86) - reinstalled it and i can once again play youtube videos (so far) but i'm still getting a message for Mozila FireFox system tools 17.54.5468 when i try to get into yahoo groups. My question - is 'Mozila FireFox system tools 17.54.5468' a real message from you guys and if its not, does anyone know how i get rid of it? I have Windows 7 and its a desktop if anyone needs to know.

Additional System Details

Installed Plug-ins

  • Shockwave Flash 14.0 r0
  • Adobe Shockwave for Director Netscape plug-in, version 12.1.2.152
  • Adobe PDF Plug-In For Firefox and Netscape 11.0.07
  • Next Generation Java Plug-in 10.55.2 for Mozilla browsers
  • NPRuntime Script Plug-in Library for Java(TM) Deploy
  • Adobe Shockwave for Director Netscape plug-in, version 12.0.7.148
  • NVIDIA 3D Vision plugin for Mozilla browsers
  • NVIDIA 3D Vision Streaming plugin for Mozilla browsers

Application

  • User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:30.0) Gecko/20100101 Firefox/30.0

More Information

abecrabt 0 solutions 14 answers

Lord_Brainstorm - what a superb great write-up.

My understanding of several of your points:

Firmware: TP-Link said they had firmware that included a rule to block web access from the public internet (which I believe to be the WAN - Wide Area Network.) They haven't yet supplied anything that stops the ROM being unloaded without the router's admin password. Thus the new firmware should prevent further stealing by a firewall rule, which would be good enough. If that firmware is 2012 that suggests TP-link new about this problem and kept quiet. i find that a bit hard to believe.

That's interesting about the chipset. If there's a bug in the chipset does that mean new firmware couldn't fix the problem? We don't know and anyway tp-link aren't supplying new firmware that fixes this problem, just a firewall rule.

"I never-ever save passwords in any web browser" and "no-remote" - saving passwords in the browser is irrelevant here: this is a problem inside the router. The router stores the admin password in order to check it when you log into it, and the hackers have found out how to unload the router rom remotely and scan out that password, then to log in to your router and alter the DNS set-up. If you were "no-remote" that should not have happened. I absolutely distrust this router (and tp-link) now - I don't even trust its firewall.

I'm more worried about your sister's laptop because as far as I can tell no one yet knows what Mozila.systemtools17.FireFox.54.5468__7818_i930854344_il6790280.exe actually installs, so can antivirus things definitely remove it and whatever its effects are? Furthermore that DNS hack offered other dubious links, but quite possibly to the same malware, with a different name (e.g. I saw one in IE on my Mrs' laptop.)

I put questions against the top 6 listed tp-link routers on Amazon, asking whether each one had this problem. The question has been ignored.

I'm back on my Netgear router now.

Lord_Brainstorm - what a superb great write-up. My understanding of several of your points: Firmware: TP-Link said they had firmware that included a rule to block web access from the public internet (which I believe to be the WAN - Wide Area Network.) They haven't yet supplied anything that stops the ROM being unloaded without the router's admin password. Thus the new firmware should prevent further stealing by a firewall rule, which would be good enough. If that firmware is 2012 that suggests TP-link new about this problem and kept quiet. i find that a bit hard to believe. That's interesting about the chipset. If there's a bug in the chipset does that mean new firmware couldn't fix the problem? We don't know and anyway tp-link aren't supplying new firmware that fixes this problem, just a firewall rule. "I never-ever save passwords in any web browser" and "no-remote" - saving passwords in the browser is irrelevant here: this is a problem inside the router. The router stores the admin password in order to check it when you log into it, and the hackers have found out how to unload the router rom remotely and scan out that password, then to log in to your router and alter the DNS set-up. If you were "no-remote" that should not have happened. I absolutely distrust this router (and tp-link) now - I don't even trust its firewall. I'm more worried about your sister's laptop because as far as I can tell no one yet knows what Mozila.systemtools17.FireFox.54.5468__7818_i930854344_il6790280.exe actually installs, so can antivirus things definitely remove it and whatever its effects are? Furthermore that DNS hack offered other dubious links, but quite possibly to the same malware, with a different name (e.g. I saw one in IE on my Mrs' laptop.) I put questions against the top 6 listed tp-link routers on Amazon, asking whether each one had this problem. The question has been ignored. I'm back on my Netgear router now.
John99 971 solutions 13138 answers

Lord_Brainstorm

Great work with your last post thanks for all the detail. it should help those unfortunate enough to be using TP-Link routers.


xarnaye,

You started this question.

  • How is it working for you now ?
  • Taking your last post answer-595174as an example
  • Who is your ISP ?
    I understand you contacted themanswer-594784, did they get back to you ?
  • This thread was escalated answer-595431 so I am hoping HelpDesk staff may post.
    • It is an active thread 61 replies, 92 have this problem, 2039 views
  • Most of this thread has been answered in relation or TP_link routers, what is the make and model of your router ?
===Lord_Brainstorm=== Great work with your last post thanks for all the detail. it should help those unfortunate enough to be using TP-Link routers. ------------------ ===xarnaye, === You started this question. *How is it working for you now ? *Taking your last post <sup>[https://support.mozilla.org/en-US/questions/1007352?page=2#answer-595174 answer-595174]</sup>as an example **What happens if you try to get to YouTube site are you getting a 404 error still ? **What about if you use this link https://www.youtube.com/ ** What about just google.com ? <br /> Or this direct one [http://173.194.41.128] ? * Who is your ISP ? <br /> I understand you contacted them<sup>[https://support.mozilla.org/en-US/questions/1007352#answer-594784 answer-594784]</sup>, did they get back to you ? * This thread was escalated <sup>[https://support.mozilla.org/en-US/questions/1007352?page=3#answer-595431 answer-595431]</sup> so I am hoping HelpDesk staff may post. ** It is an active thread '' 61 replies, 92 have this problem, 2039 views'' * Most of this thread has been answered in relation or TP_link routers, what is the make and model of your router ?
John99 971 solutions 13138 answers

P.S. Lord_Brainstorm

Mozila.systemtools17.FireFox.54.5468__7818_i930854344_il6790280.exe actually installs, so can antivirus things definitely remove it and whatever its effects are? 

I did send a copy of that file to Firefox staff, but I have no response so far.

P.S. Lord_Brainstorm ''Mozila.systemtools17.FireFox.54.5468__7818_i930854344_il6790280.exe actually installs, so can antivirus things definitely remove it and whatever its effects are? '' I did send a copy of that file to Firefox staff, but I have no response so far.
zuwik 0 solutions 6 answers

I've worked on the problem yesterday.

tp-link tl-w8961nd V1, firmware stock. DNS changed as posted before.

What I've done: - password changed - update to latest firmware from 2012 - ACL configured as in tp-link solution http://uk.tp-link.com/article/?faqid=569

As far everything is all right.

I've worked on the problem yesterday. tp-link tl-w8961nd V1, firmware stock. DNS changed as posted before. What I've done: - password changed - update to latest firmware from 2012 - ACL configured as in tp-link solution http://uk.tp-link.com/article/?faqid=569 As far everything is all right.

Modified by zuwik

Question owner

sorry about not answering you Lord_Brainstorm but i've been offline for a few days. when i click the link you gave for youtube it opened up fine, i was even able to go into my playlists and watch what i wanted to. my isp did not get back to me after that initial response and when i called them they passed me on to TP_Link who told me that because my isp gave me the router and because it was out of warranty that they can't help me with anything - trust me its news to me that it was out of warranty! and to answer your question my ISP is SpinTel (australia).

Now onto how the problem is right now. Its funny but it actually stopped for a couple of days - i was able to get into everything without those annoying messages showing up and it was great. But this morning after coming home from picking my mum up at the hospital the problem is back. I just tried to get into youtube and that annoying message showed up again! I've done the nslookup thing again and its once more showing default server unknown, address 94.102.63.137

i can't change my modem's passwords because its no longer accepting the right password and username to access it. I know i've got to buy a new one but i just can't afford it right now. But even after i get a new one, how do i stop this from happening again? I'm sure i don't have to mention that the next one WON'T be tp-link! Did anyone find out WHY this is happening? Is it still happening with anyone else?

sorry about not answering you Lord_Brainstorm but i've been offline for a few days. when i click the link you gave for youtube it opened up fine, i was even able to go into my playlists and watch what i wanted to. my isp did not get back to me after that initial response and when i called them they passed me on to TP_Link who told me that because my isp gave me the router and because it was out of warranty that they can't help me with anything - trust me its news to me that it was out of warranty! and to answer your question my ISP is SpinTel (australia). Now onto how the problem is right now. Its funny but it actually stopped for a couple of days - i was able to get into everything without those annoying messages showing up and it was great. But this morning after coming home from picking my mum up at the hospital the problem is back. I just tried to get into youtube and that annoying message showed up again! I've done the nslookup thing again and its once more showing default server unknown, address 94.102.63.137 i can't change my modem's passwords because its no longer accepting the right password and username to access it. I know i've got to buy a new one but i just can't afford it right now. But even after i get a new one, how do i stop this from happening again? I'm sure i don't have to mention that the next one WON'T be tp-link! Did anyone find out WHY this is happening? Is it still happening with anyone else?
zuwik 0 solutions 6 answers

Try pressing RESET button on router for more than 10 seconds. User and password should be changed to default (for my router it was admin, admin, as noted on the label under devive).

Try pressing RESET button on router for more than 10 seconds. User and password should be changed to default (for my router it was admin, admin, as noted on the label under devive).
FredMobbing 0 solutions 5 answers

At xarnaye: Since I have my new DSL router, and new (good) passwords: everything is fine.

Something to mention: The bad http links could be still in the cache of the browser. Then you might see the download side using this cached entry in the browser. So: It is best to remove history and coocies etc in the browser, too.

Greetings, FredMobbing

At xarnaye: Since I have my new DSL router, and new (good) passwords: everything is fine. Something to mention: The bad http links could be still in the cache of the browser. Then you might see the download side using this cached entry in the browser. So: It is best to remove history and coocies etc in the browser, too. Greetings, FredMobbing