ابحث في الدعم

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Is a verification of FF installed code possible?

  • 3 ردود
  • 1 has this problem
  • 6 views
  • آخر ردّ كتبه John99

more options

Strongly desired is a 'verification' of programs loaded vs mozilla copy. This to suppliment 'you are on the latest release.' Reasoning is lately when a web page is replaced by 'update firefox' orange screen and a pop-up of 'opening firefox-patch.exe' which wants to save a binary file. But it is not a FF patch. The result could be malware. Months ago I fell for this ploy, or a similar FLASH update and endured problems (ie, svchost.exe running taking 50% of my CPU all the time.)

Might be caused by a rotating 'ad' related, or that FLASH is blocked, or maybe html5 is running. Unknown. I have other notes. PS windows security essentials finds a trojan KIVTER in my temp file soon thereafter. I don't know where it is stored after that.

Strongly desired is a 'verification' of programs loaded vs mozilla copy. This to suppliment 'you are on the latest release.' Reasoning is lately when a web page is replaced by 'update firefox' orange screen and a pop-up of 'opening firefox-patch.exe' which wants to save a binary file. But it is not a FF patch. The result could be malware. Months ago I fell for this ploy, or a similar FLASH update and endured problems (ie, svchost.exe running taking 50% of my CPU all the time.) Might be caused by a rotating 'ad' related, or that FLASH is blocked, or maybe html5 is running. Unknown. I have other notes. PS windows security essentials finds a trojan KIVTER in my temp file soon thereafter. I don't know where it is stored after that.

الحل المُختار

We are very aware of what is going on. There is a contributors support thread about these fake updates over here: https://support.mozilla.org/en-US/forums/contributors/712056?last=69507

One of our moderators here - James - has taken the 'lead' on this situation by keeping us informed and 'cataloging' the the various domain names that seem to be 'supplying' the fake patch.

Read this answer in context 👍 0

All Replies (3)

more options

الحل المُختار

We are very aware of what is going on. There is a contributors support thread about these fake updates over here: https://support.mozilla.org/en-US/forums/contributors/712056?last=69507

One of our moderators here - James - has taken the 'lead' on this situation by keeping us informed and 'cataloging' the the various domain names that seem to be 'supplying' the fake patch.

more options

If you get a pop-up message asking to update Firefox or plugins or scanning for malware then such a message is likely a scam and you should never respond to such an alert to avoid getting infected with malware.

  • Only update Firefox via "Help > About" or by downloading and installing Firefox from the Mozilla server and never via a pop-up or link on a web page.
  • plugins should only be updated via the plugin itself or by visiting the home page of the plugin.

You can find the full version of the current Firefox release (47.0.1) in all languages and all operating systems here:

more options

Note the Kovter trojan may be fileless and as such able to hide in the Registry and RAM without creating a malware file to detect and remove. Symantec have a free tool to remove this

These are the instructions for catching the ad information

{#c16}If ... affected users) could tell us what the ad URLs are, that would be helpful.
They would need to right-click on the ad image, choose "This Frame -> View Frame Info", and copy/paste the following info:
General tab: Address (URL)
Media tab: Location (URL) of each item in the list of media in that frame.
This will help us isolate the affected ad networks so we can contact them and inform them of the malware.
Thanks!