X
Tryk her for at gå til webstedets mobilversion.

Supportforum

Fake Adobe PDF addon installs with FF updates

Skrevet

Every time FF updates, upon restarting I have a page (URL: https://addonbrowser.com/open-with-adobe-pdf?v=1.2.3&type=install) which looks as if Adobe PDF Reader would be installed. It is trojan malware.

An American female voice invites me to call a phone number to have adware virus removed.

"http://www.ddinbb.ml is requesting your username and password. The site says: “MAC OS is infected with Viruses and other malicious applications. It is necessary to Call Apple Support 0800-404-8452. Viruses must be removed and sys…”"

I have to kill FF and restart again to shut it up.

How can I prevent this page from opening up after every update?

Every time FF updates, upon restarting I have a page (URL: https://addonbrowser.com/open-with-adobe-pdf?v=1.2.3&type=install) which looks as if Adobe PDF Reader would be installed. It is trojan malware. An American female voice invites me to call a phone number to have adware virus removed. "http://www.ddinbb.ml is requesting your username and password. The site says: “MAC OS is infected with Viruses and other malicious applications. It is necessary to Call Apple Support 0800-404-8452. Viruses must be removed and sys…”" I have to kill FF and restart again to shut it up. How can I prevent this page from opening up after every update?

Yderligere systemdetaljer

Program

  • User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.1 Safari/605.1.15

Yderligere information

Luk
philipp
  • Top 25 Contributor
  • Moderator
5291 løsninger 23381 svar

hi, when you enter about:config into the firefox address bar (confirm the info message in case it shows up) & search for the preference named startup.homepage_override_url to check if it has the offending website in it. if so, just right-click and reset this entry to its default value.

hi, when you enter '''about:config''' into the firefox address bar (confirm the info message in case it shows up) & search for the preference named '''startup.homepage_override_url''' to check if it has the offending website in it. if so, just right-click and reset this entry to its default value.

Spørgsmålsstiller

Thank you for the suggestion. The preference you refer to has no value (i.e. blank). I searched for "ddinbb" as well but it found nothing :(

Thank you for the suggestion. The preference you refer to has no value (i.e. blank). I searched for "ddinbb" as well but it found nothing :(
James
  • Moderator
1594 løsninger 11232 svar

Nyttigt svar

What Extensions do you have installed as no version of desktop Firefox internal updates or downloads from mozilla.org have ever come with this.

What Extensions do you have installed as no version of desktop Firefox internal updates or downloads from mozilla.org have ever come with this.

Spørgsmålsstiller

Good question... and thank you.

I have just found Add-ons Manager and listed there is an extension called Open with Adobe PDF Reader 1.2.3 and a homepage of https://addonbrowser.com/open-with-adobe-pdf

To my untrained eye it looks suspect. Have just Googled and found there's a virus called Browser.addon I've run Malwarebytes before and its come up clean. Will deleting the extension get shot of this damn thing?

Good question... and thank you. I have just found Add-ons Manager and listed there is an extension called Open with Adobe PDF Reader 1.2.3 and a homepage of https://addonbrowser.com/open-with-adobe-pdf To my untrained eye it looks suspect. Have just Googled and found there's a virus called Browser.addon I've run Malwarebytes before and its come up clean. Will deleting the extension get shot of this damn thing?
James
  • Moderator
1594 løsninger 11232 svar

Uninstalling the extension will be a good start.

Addons.mozilla.org is the place to get Extensions. Check the reviews and what the support/homepage listing is before installing.

Normally extensions hosted at AMO are safe but some can get get through review to public.

The addonbrowser .com now mybrowseraddon .com seems to post extensions from AMO as their own.

A number from that site seemed to have been hosted on addons.mozilla.org but were removed after discovery of this malware or being a (modified) repost of a original extension hosted at AMO.


A extension under a similar name had a coin miner and was blocked months ago.

Coinminer malware in "Open with Adobe PDF Reader" extension https://bugzilla.mozilla.org/show_bug.cgi?id=1426582

Uninstalling the extension will be a good start. Addons.mozilla.org is the place to get Extensions. Check the reviews and what the support/homepage listing is before installing. Normally extensions hosted at AMO are safe but some can get get through review to public. The addonbrowser .com now mybrowseraddon .com seems to post extensions from AMO as their own. A number from that site seemed to have been hosted on addons.mozilla.org but were removed after discovery of this malware or being a (modified) repost of a original extension hosted at AMO. A extension under a similar name had a coin miner and was blocked months ago. Coinminer malware in "Open with Adobe PDF Reader" extension https://bugzilla.mozilla.org/show_bug.cgi?id=1426582

Ændret af James den

Spørgsmålsstiller

Thanks yet again. Should I be worried that "Normally extensions hosted at AMO are safe but some can get get through review to public" ... sounds a little unsafe. That said, if one has installed the pukka Adobe Reader then I assume no extension is needed? Apologies, I'm showing my ignorance.

Thanks yet again. Should I be worried that "Normally extensions hosted at AMO are safe but some can get get through review to public" ... sounds a little unsafe. That said, if one has installed the pukka Adobe Reader then I assume no extension is needed? Apologies, I'm showing my ignorance.
WestEnd
  • Top 25 Contributor
60 løsninger 5377 svar

Just look at the reviews or do a review search on the addons and that should give you more info about it.

Just look at the reviews or do a review search on the addons and that should give you more info about it.
jscher2000
  • Top 10 Contributor
8643 løsninger 70721 svar

Extensions should never appear mysteriously without explanation, and everything you see listed on the Extensions panel of the Add-ons page is your choice to keep or toss, and your responsibility to manage. Don't let unknown software run on your system.

Most "open with" extensions are designed to connect links automatically to external programs so you don't need to interact with the download dialog. You don't need them, and they require installing non-reviewed external applications, so they are less safe than fully self-contained extensions.

Extensions should never appear mysteriously without explanation, and everything you see listed on the Extensions panel of the Add-ons page is your choice to keep or toss, and your responsibility to manage. Don't let unknown software run on your system. Most "open with" extensions are designed to connect links automatically to external programs so you don't need to interact with the download dialog. You don't need them, and they require installing non-reviewed external applications, so they are less safe than fully self-contained extensions.