X
Tippen Sie hierhin, um die Version dieser Website für Mobilgeräte aufzurufen.

Hilfeforum

Malicious Extensions

Veröffentlicht

I downloaded a malicious add-ons extension called "YouTube to MP3 Convert Button" by "Firefox user 6248547". All it did was open a video conversion website, which worked for the first video I tried (with alot of popups) but the second video I tried, it redirected me to a fake Firefox update page. As soon as I tried to cancel it, a login popup kept appearing and all my open tabs immediately went haywire trying to do some kind of redirect, and I it would not let me click on anything. I quickly ended the process to force close the browser, restarted Firefox and cleared my cache and uninstalled the extension. I am concerned about what kind of malware this may have installed on my machine. I reported this user over a month ago, but it is still available on the add-on page, and other people also commented about it having malware. Any suggestions?

I downloaded a malicious add-ons extension called "YouTube to MP3 Convert Button" by "Firefox user 6248547". All it did was open a video conversion website, which worked for the first video I tried (with alot of popups) but the second video I tried, it redirected me to a fake Firefox update page. As soon as I tried to cancel it, a login popup kept appearing and all my open tabs immediately went haywire trying to do some kind of redirect, and I it would not let me click on anything. I quickly ended the process to force close the browser, restarted Firefox and cleared my cache and uninstalled the extension. I am concerned about what kind of malware this may have installed on my machine. I reported this user over a month ago, but it is still available on the add-on page, and other people also commented about it having malware. Any suggestions?

Ausgewählte Lösung

Yes I just reinstalled and created a new Firefox profile in case there was anything still hidden within Firefox.

Thank you for the link to the article about the Malware, I tried three of them and the Microsoft Safety Scanner was the one that found the "VirTool:Win32/DefenderTamperingRestore" infection. I am almost 100% certain that this was what was loaded on my computer because of this malicious extension.

From what I found about this infection is it that is a new type of nasty Trojan Malware that installs automatically. It infiltrates Firefox and other browsers running Windows OS, and can cause all kinds of issues including installing ransomware and stealing personal info. It also disables Windows Defender Anti-Virus (which I was using).

Hopefully it did not do any damage to my system, I think it was just sitting dormant as I have not noticed any symptoms of this infection.

Diese Antwort im Kontext lesen 0
Zitieren

Mehr Details zum System

Anwendung

  • User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0

Weitere Informationen

FredMcD
  • Top 10 Contributor
4272 Lösungen 59928 Antworten
Veröffentlicht

Hilfreiche Antwort

Where did you get the link from?


You may have ad/mal-ware. Further information can be found in this article; https://support.mozilla.org/en-US/kb/troubleshoot-firefox-issues-caused-malware?cache=no

Run most or all of the listed malware scanners. Each works differently. If one program misses something, another may pick it up.

Where did you get the link from? You may have ad/mal-ware. Further information can be found in this article; https://support.mozilla.org/en-US/kb/troubleshoot-firefox-issues-caused-malware?cache=no Run most or all of the listed malware scanners. Each works differently. If one program misses something, another may pick it up.
Hat Ihnen das weitergeholfen? 1
Zitieren

Fragesteller

This was the add-on link where I found the extension. When you use it, it opens a tab to a conversion website that loads the malware with the fake Firefox update. It only did it on the second file I tried to convert.

https://addons.mozilla.org/en-US/firefox/addon/youtube-to-mp3-convert-button/?src=search

This was the add-on link where I found the extension. When you use it, it opens a tab to a conversion website that loads the malware with the fake Firefox update. It only did it on the second file I tried to convert. https://addons.mozilla.org/en-US/firefox/addon/youtube-to-mp3-convert-button/?src=search
Hat Ihnen das weitergeholfen?
Zitieren

Fragesteller

I know better than to download suspicious files like fake updates, so I clicked cancel when it asked to save the file, but it still executed some kind of drive-by download. It then had a login credentials window popup (asking for username and password), and when I hit cancel on that, It immediately caused Firefox to be unresponsive and all my open tabs changed showing that they were redirecting to something else. This was when I had to end the windows process to close Firefox.

I ran Microsoft Safety Scanner and it detected and removed: VirTool:Win32/DefenderTamperingRestore

I know better than to download suspicious files like fake updates, so I clicked cancel when it asked to save the file, but it still executed some kind of drive-by download. It then had a login credentials window popup (asking for username and password), and when I hit cancel on that, It immediately caused Firefox to be unresponsive and all my open tabs changed showing that they were redirecting to something else. This was when I had to end the windows process to close Firefox. I ran Microsoft Safety Scanner and it detected and removed: VirTool:Win32/DefenderTamperingRestore
Hat Ihnen das weitergeholfen?
Zitieren
FredMcD
  • Top 10 Contributor
4272 Lösungen 59928 Antworten
Veröffentlicht

I sent a message to the add-on site. I checked the reviews. Many give it 5 stars. But others report malware.

Did you remove this?

I sent a message to the add-on site. I checked the reviews. Many give it 5 stars. But others report malware. Did you remove this?
Hat Ihnen das weitergeholfen?
Zitieren

Ausgewählte Lösung

Yes I just reinstalled and created a new Firefox profile in case there was anything still hidden within Firefox.

Thank you for the link to the article about the Malware, I tried three of them and the Microsoft Safety Scanner was the one that found the "VirTool:Win32/DefenderTamperingRestore" infection. I am almost 100% certain that this was what was loaded on my computer because of this malicious extension.

From what I found about this infection is it that is a new type of nasty Trojan Malware that installs automatically. It infiltrates Firefox and other browsers running Windows OS, and can cause all kinds of issues including installing ransomware and stealing personal info. It also disables Windows Defender Anti-Virus (which I was using).

Hopefully it did not do any damage to my system, I think it was just sitting dormant as I have not noticed any symptoms of this infection.

Yes I just reinstalled and created a new Firefox profile in case there was anything still hidden within Firefox. Thank you for the link to the article about the Malware, I tried three of them and the Microsoft Safety Scanner was the one that found the "VirTool:Win32/DefenderTamperingRestore" infection. I am almost 100% certain that this was what was loaded on my computer because of this malicious extension. From what I found about this infection is it that is a new type of nasty Trojan Malware that installs automatically. It infiltrates Firefox and other browsers running Windows OS, and can cause all kinds of issues including installing ransomware and stealing personal info. It also disables Windows Defender Anti-Virus (which I was using). Hopefully it did not do any damage to my system, I think it was just sitting dormant as I have not noticed any symptoms of this infection.
Hat Ihnen das weitergeholfen?
Zitieren
FredMcD
  • Top 10 Contributor
4272 Lösungen 59928 Antworten
Veröffentlicht

If you are sure the issue is gone,

That was very good work. Well Done. Please flag your last post as Solved Problem as this can help others with similar problems.

If you are sure the issue is gone, That was very good work. Well Done. Please flag your last post as '''Solved Problem''' as this can help others with similar problems.
Hat Ihnen das weitergeholfen?
Zitieren
Stellen Sie eine Frage

Sie müssen sich mit Ihrem Benutzerkonto anmelden, um auf Beiträge zu antworten. Bitte stellen Sie eine neue Frage, wenn Sie noch kein Benutzerkonto haben.