Fragen mit folgendem Schlagwort anzeigen: Alle Fragen anzeigen
  • Gelöst
  • Archiviert

"New" Firefox Search Result Hijacker

Hi, I recently downloaded and installed some Android emulator named "Andy". Unfortunately, the .exe also installed all kinds of other Software on my Windows 7 system. I … (Lesen Sie mehr)

Hi,

I recently downloaded and installed some Android emulator named "Andy". Unfortunately, the .exe also installed all kinds of other Software on my Windows 7 system.

I removed most of the unwanted Software but one problem remained: A search result hijacker was part of the package. It replaces the top 4 results with some cryptic redirect links that are luckily displayed in a different font, otherwise I wouldn't have noticed at all.

I tracked the issue down to a addon in Firefox (see attached screenshot) that I cannot remove, no matter what I try.

What I tried to remove it: - I tried to remove the addon via about:config - I tried to run Firefox in safe mode and uninstall it - I tried to factory reset Firefox - I Installed Avira and made a system scan - I installed MalwareBytes and made a system scan - I check all the extension folders for addons that I do not know but can't find anything - I checked my whole system for any xpi-files but couldn't find any.

I am out of ideas. I can disable the addon but thats about it. After a while Firefox will shut itself down and the next time I start it, the addon is on again. When I resinstall FIrefox, the same thing happens. The addon is always back.

When I inspect the element it loads some invisible icon file that is supposedly located in "src="jar:file:///C:/Windows/Installer/%7BB28AF4A4-C997-4A5B-A111-FD1E65138A8D%7D/%7B02E337C0-4D70-452D-AA64-92D0A8C5D953%7D.xpi!/icon48.png"", if that helps. But the location doesn't exist on my system.

Can anyone here help me? I alread sent a problem report via the official tool.

Sincerely Florian

Gefragt von flau vor 1 Jahr

Beantwortet von flau vor 1 Jahr

  • Gelöst

pups prefs.js keep coming back found by malwarebytes plus several tries to hack my email account

I found some infos but I do not trust myself just deleting the files in question since they ared all over my system. The following I found per malwarebytes which found th… (Lesen Sie mehr)

I found some infos but I do not trust myself just deleting the files in question since they ared all over my system. The following I found per malwarebytes which found the pups every day up to now:

PUP.Optional.DefaultSearch is Malwarebytes’ detection name for a family of browser hijackers targeting Chrome, Firefox and Internet Explorer. Symptoms The browsers’ default search engine was changed to one that belonged to the threat-actors. I am german so probably I need your patience in helping me to clean my system resp. Mozilla.

Looking forward Ingrid

Gefragt von iethomas vor 4 Monaten

Beantwortet von jscher2000 vor 4 Monaten

  • Archiviert

ALERT !!!!!!!! Firefox needs to be more secure for the add-ons section.

Hi, For the add-ons section, I think all the add-ons should be scanned. ================= it is not my fault that if I download an add-on, it turns out to be a malicious… (Lesen Sie mehr)

Hi, For the add-ons section, I think all the add-ons should be scanned.

=================

it is not my fault that if I download an add-on, it turns out to be a malicious add-on that executes remote codes. You are telling me: "This is not monitored for security through Mozilla's Recommended Extensions program. Make sure you trust it before installing." How can I trust it if I don't know anything about it?? or if it is new? -Most of people here who are downloading add-ons are normal users like me, not people who understand codes and developing.- Read reviews?? Do I understand from you that some people have to sacrifice for us so the rest can know if it is bad or good add-on? And by the way Reading reviews is not enough, For example Few months ago I downloaded a VPN similar to another one, lots of reviews say it is good, so I used it for maybe 1 month then I disabled it and stopped using it. Today I look at it in the disabled add-ons list, I find this message: "VPN has been disabled due to security or stability issues." I read more information about it, it turned out that it was executing remote codes....... That means I shouldn't even trust reviews!! Nothing happened to my firefox browser, but (it may happen) in the future, because of the already executed remote codes or or maybe those codes stole some information about me,....I don't know, but it may get worse who knows what those executed codes do.....

=============================

Now after I provided my (((important))) suggestion, I need an advice please what should I do now?? Should I now reinstall this browser and clean it and remove all of the history? Or change my passwords in ((every site)) I visited?? or what? Thank You Very Much.

Gefragt von ai1t21tt2 vor 1 Jahr

Letzte Antwort von ai1t21tt2 vor 1 Jahr

Bitdefender: suspicious connection blocked involving Firefox - signature-2.cdn.mozilla.net

Each morning, when I first cold boot my computer, the moment I open my Firefox browser, I receive numerous (10+) identical error messages from Bitdefender: Suspicious con… (Lesen Sie mehr)

Each morning, when I first cold boot my computer, the moment I open my Firefox browser, I receive numerous (10+) identical error messages from Bitdefender:

Suspicious connection blocked: Feature: Online Threat Prevention

firefox.exe attempted to establish a connection relying on an unmatching security certificate to content-signature-2.cdn.mozilla.net. We blocked the connection to keep your data safe since the used certificate was issued for a different web address than the targeted one.

Question: Is this ACTUALLY coming from Firefox? If so, please match your security certificates! If that's impossible due to a technical issue, then please email me your confirmation so that I can add an exception to Bitdefender.

Question: If it's not coming from Firefox, please email me, letting me know what additional system information you require so that we can get to the bottom of who/what is masquerading as Firefox while attempting to establish an unauthorized Internet connection from my computer.

HP Envy laptop, Windows 10 OS, latest update.

This has been occurring for several months.

Thank you for your time.

Gefragt von swamper vor 4 Monaten

Letzte Antwort von jscher2000 vor 2 Monaten

Firefox 94.0.2 was hacked

Last night my Firefox 94.0.2 was hacked. When running Firefox, it would lock up my desktop. It disabled Norton Security, it disable other installed security software, an… (Lesen Sie mehr)

Last night my Firefox 94.0.2 was hacked. When running Firefox, it would lock up my desktop. It disabled Norton Security, it disable other installed security software, and it disabled Windows System Restore. The hacker put up a message claiming to be Microsoft Support, with a phone number to call for help. This was a scam. I ran Firefox refresh, and that removed the hacker's program from Firefox, but then I had to do a full repair of my Window's installation. To protect my system, and prevent this from happening again, I added "xpinstall.enabled = false" into about.config. Please let me know if this will prevent a web site from installing a dangerous hack into Firefox, or if there is something else that I need to do. I have used Firefox for years, and have never encountered this problem before. Firefox is my favorite browser, but I am now afraid to use it. Please advise me what to do. Thanks, Jim

Gefragt von jimwest1 vor 1 Monat

Letzte Antwort von James vor 1 Monat

  • Archiviert

Malwarebytes reports Firefox.exe as a trojan attempting to contact a separately reported bad IP address

Malwarebytes interrupted with a pop-up alert saying Firefox was trying to connect to IP address 167.71.99.170 (https://urlhaus.abuse.ch/url/348428/), which apparently mi… (Lesen Sie mehr)

Malwarebytes interrupted with a pop-up alert saying Firefox was trying to connect to IP address

167.71.99.170 (https://urlhaus.abuse.ch/url/348428/),

which apparently might be bad?

Interestingly, the above urlhaus link initially reported the hit on the IP address per a Pascal Geenens (@geenensp on twitter) who writes for a security blog at

Thanks to any and all who might be able to help!

-Log Details- Protection Event Date: 6/4/20 Protection Event Time: 4:18 PM Log File: 920f76a0-a6a0-11ea-9633-00ffc7e81200.json

-Software Information- Version: 4.1.0.56 Components Version: 1.0.920 Update Package Version: 1.0.25022 License: Premium

-System Information- OS: Windows 10 (Build 18362.836) CPU: x64 File System: NTFS User: System

-Blocked Website Details- Malicious Website: 1 , C:\Program Files (x86)\Mozilla Firefox\firefox.exe, Blocked, -1, -1, 0.0.0

-Website Data- Category: Trojan Domain: IP Address: 167.71.99.170 Port: 443 Type: Outbound File: C:\Program Files (x86)\Mozilla Firefox\firefox.exe


(end)

Gefragt von thompson.g vor 1 Jahr

Letzte Antwort von the-edmeister vor 1 Jahr

  • Archiviert

My Firefox browser has been 'taken over' by 'https://goto-searchitnow.global.ssl.fastly.net/v1/hostedsearch'... How did this happen and how di I get rid of it?

My Firefox now 'defaults' to 'https://goto-searchitnow.global.ssl.fastly.net/v1/hostedsearch?aid=5329&data=aWlkPTIwJnVpZD01MDUyMDI2Ng==&keyword'. The 'response' i… (Lesen Sie mehr)

My Firefox now 'defaults' to 'https://goto-searchitnow.global.ssl.fastly.net/v1/hostedsearch?aid=5329&data=aWlkPTIwJnVpZD01MDUyMDI2Ng==&keyword'. The 'response' is always 'nothing here'. The only way I can search now is Safari...not my favourite! How did this happen? How can I fix it? Thanks! Charley

Gefragt von coachcharley vor 2 Jahren

Letzte Antwort von jscher2000 vor 1 Jahr

  • Gelöst
  • Archiviert

suspicious IP address

For the last several days McAfee has blocked the following IP address 52.216.241.14 as being suspicious. When I Google searched this IP address FF lit up with a red warni… (Lesen Sie mehr)

For the last several days McAfee has blocked the following IP address 52.216.241.14 as being suspicious. When I Google searched this IP address FF lit up with a red warning message. What's up with this address? Also, is there a better forum to get more information about this address? Thanks

Gefragt von arejfour vor 1 Jahr

Beantwortet von RobertJ vor 1 Jahr

  • Gelöst
  • Archiviert

My Firefox on Mac crashed after message to quarantine Ransomware. Reinstalled v75, now working but only opens with Profile Manager using terminal command.

Out of the blue I received a message stating I was being attacked on my Mac by software that maybe Ransomware. I was asked to close and delete the files. I run Mac Os 10.… (Lesen Sie mehr)

Out of the blue I received a message stating I was being attacked on my Mac by software that maybe Ransomware. I was asked to close and delete the files.

I run Mac Os 10.14.6 and have never had any previous problems. After quarantining these files I quit Firefox and then could not open it. I therefore deleted the .app and reinstalled Firefox 75. I can only start up Firefox by using the Terminal Command window using the Profile manager. I created a new profile but cannot see my old profile within the Profile Manager. I can find the old profile under Profile's in Application Support/Users. So despite having a new default set created, I still cannot get the Firefox.app to open by clicking on it. I have now deleted the old profile and still cannot open the Firefox app from the dock or applications folder.

help please!

I could never find out why I got the message "Ransomware may be trying to access my computer", except two files have appeared in my bin; Edgar Poe Murder and Righteous Games.

Any help appreciated.

Gefragt von blcweb vor 1 Jahr

Beantwortet von blcweb vor 1 Jahr

  • Archiviert

malware: need to identify it and uninstall

I clicked an .exe to download a zoom meeting list. It installed malware. I'm unable to go to add-on's, options, etc - it opens a blank page. Redirects webpages to all sor… (Lesen Sie mehr)

I clicked an .exe to download a zoom meeting list. It installed malware. I'm unable to go to add-on's, options, etc - it opens a blank page. Redirects webpages to all sorts of stuff like porn and IDK what. How do I identify and remove?

What can I provide to assist beyond this: seems the "root" URL is spontaneousguarded.com

Using Chrome, as I do not want to enter my info to ask for help on a compromised Firefox browser. Searching on Chrome doesn't bring anything up that can help an (NON-IT) person. I'm also unable to allow troubleshooting information using Chrome. Thank you!

Gefragt von kaspytek vor 1 Jahr

Letzte Antwort von FredMcD vor 1 Jahr

  • Gelöst
  • Archiviert

I'm using Firefox with add ons including No Script. Something called jackhillty.net keeps following me around. What is it and how do I get rid of it ? Thanks

I'm using Firefox with add ons including No Script. Something called jackhillty.net keeps following me around. What is it and how do I get rid of it ? P.S. I'm not a pro… (Lesen Sie mehr)

I'm using Firefox with add ons including No Script. Something called jackhillty.net keeps following me around. What is it and how do I get rid of it ? P.S. I'm not a programmer or IT person. Please keep it simple. Thanks

Gefragt von Ray vor 1 Jahr

Beantwortet von FredMcD vor 1 Jahr

  • Gelöst
  • Archiviert

Virus in distibutive - Trojan.Inject.bcbj

Hi all For security reasons, all new FF distributions are tested. When checking the distribution kit version 68.5.0esr (exe for x86 and x64) - the antivirus software "Vir… (Lesen Sie mehr)

Hi all

For security reasons, all new FF distributions are tested. When checking the distribution kit version 68.5.0esr (exe for x86 and x64) - the antivirus software "VirusTotal" detected Trojan.Inject.bcbj. FortiSandbox also scolded the distribution on x86 - saying that it deleted the file "% programfiles (x86)% \ google \ update \ 1.3.33.17 \ googlecrachhandler.exe" - its installation is undesirable in the ESR version.

Gefragt von kittyfriend vor 1 Jahr

Beantwortet von kittyfriend vor 1 Jahr

  • Archiviert

Malware.Exploit.Agent.Generic, , Blocked, 0, 392684, 0.0.0, , -Exploit Data- Affected Application: Mozilla Firefox (and add-ons) Protection Layer: Protection Against OS Security Bypass Protection Technique: Exploit ROP gadget attack blocked

Firefox updated yesterday to ver 90.0.1 (64-bit). Today when I open Firefox browser, Malwarebytes blocks an exploit with thiis message: Malwarebytes www.malwarebytes.com… (Lesen Sie mehr)

Firefox updated yesterday to ver 90.0.1 (64-bit). Today when I open Firefox browser, Malwarebytes blocks an exploit with thiis message: Malwarebytes www.malwarebytes.com

-Log Details- Protection Event Date: 7/21/21 Protection Event Time: 1:37 PM Log File: 577494dc-ea4a-11eb-a649-54bf641896a0.json

-Software Information- Version: 4.4.2.123 Components Version: 1.0.1358 Update Package Version: 1.0.43331 License: Premium

-System Information- OS: Windows 10 (Build 19043.1110) CPU: x64 File System: NTFS User: System

-Exploit Details- File: 0 (No malicious items detected)

Exploit: 1 Malware.Exploit.Agent.Generic, , Blocked, 0, 392684, 0.0.0, ,

-Exploit Data- Affected Application: Mozilla Firefox (and add-ons) Protection Layer: Protection Against OS Security Bypass Protection Technique: Exploit ROP gadget attack blocked File Name: URL:


(end)


When I open in safe mode, no problem. I can not find the extension causing the problem

Gefragt von ItBme vor 6 Monaten

Letzte Antwort von ItBme vor 6 Monaten

  • Gelöst

Firefox tries to access weird websites each time it starts

Hello Mozilla community! Merry Christmas! I have noticed since yesterday (but maybe it is related to the 95.0.2 Firefox update) that Firefox tries to access some weird we… (Lesen Sie mehr)

Hello Mozilla community! Merry Christmas!

I have noticed since yesterday (but maybe it is related to the 95.0.2 Firefox update) that Firefox tries to access some weird websites each time it starts.

The websites Firefox tries to access are various (non-exhaustive list):

Kaspersky Internet Security blocks all those access attempts and notifies me with a "Download denied" event and a "Probability of unauthorized software download" message (see uploaded image).

I immediately suspected one of my Firefox extensions, so I disabled them all... But the issue kept on occurring. Could Firefox be infected? (I ran Kaspersky Internet Security through my whole PC, and it found nothing ; I did the same with the free version of MalwareBytes ; nothing again).

I find it hard to believe that this behavior is normal and that these alerts are false positives from Kaspersky Internet Security... What do you think guys?

Regards, Jerome.

Gefragt von Jerome vor 1 Monat

Beantwortet von Jerome vor 1 Monat

  • Archiviert

my old email acct was hacked sct581@yahoo.com,, no longer have access to it

want to get my old bookmarks from my acct that was hacked but i have no way of betting into my old email thanks to the morons that own yahoo now,, after 30 years they wer… (Lesen Sie mehr)

want to get my old bookmarks from my acct that was hacked but i have no way of betting into my old email thanks to the morons that own yahoo now,, after 30 years they were not even smart enough to figure out i know who i am,,

Gefragt von Linden Allman vor 1 Jahr

Letzte Antwort von Linden Allman vor 1 Jahr

Old version of firefox keeps opening porn sites randomly

Hello. Im new to the Mozilla Support community I am running a Japanese Windows XP SP3 on VMWare Workstation 16, i have downloaded a old version of firefox, due to newer v… (Lesen Sie mehr)

Hello. Im new to the Mozilla Support community

I am running a Japanese Windows XP SP3 on VMWare Workstation 16, i have downloaded a old version of firefox, due to newer versions not working on xp

And heres the issue: Firefox keeps opening tabs randomly which are related to pornographic websites like xxnx, pornhub, evilangel n' etc..

Heres things ive tried, but didnt work: -Install tdsskiller & scan -Scan with Avast Antivirus -Uninstalling Firefox and delete registry entries -Getting IE8 or G**gle Chr*me for Windows XP SP3

Any way to resolve this problem? i can't watch these things!

Gefragt von mm321 vor 1 Monat

Letzte Antwort von mm321 vor 1 Monat

  • Gelöst
  • Archiviert

Firefox search contest 2020??

Just ran a search in the address bar and was taken to this "Firefox search contest 2020" page. Never happened before and I assume it's a scam, have checked my add-ons and… (Lesen Sie mehr)

Just ran a search in the address bar and was taken to this "Firefox search contest 2020" page. Never happened before and I assume it's a scam, have checked my add-ons and plugins but I don't see anything suspicious. Is this something to be concerned about?

If helpful, the url for this page is: https://sweetrelxme16.live/2262313374/?utm_campaign=QPF8euu28II5lw7O2iHhCugVqK5RzfdNsTpLaMM91qY1&t=main9_f90c820c180a04261c8d0973930afd&f=1&fp=4e4lHv53VRFsZD7g8DH8cHoGoZqhKuVVuUJjMi0vd9MavAzv9Ra8r35cGpaMIxPQMRUMvVHb0l82DIdO3468J0I1IGraOutgrge%2Bq9NWJxSgTtCArhRG9wrtn5m01%2Bx0n3MmjZiSV6rdotDp1uZK3X%2FC73QNaXrVEwU6oP9mIPSfJK%2B9iUDEhYFO3CUB0gqNmsYjipzEBg99p%2B0M3CKQbwifntTBZHvPFeMpyKOWKE7SKgze%2FpKn5JZBWY3pSSBh4y1pXXC3eYKb2LhL2ZoH4%2BWQ9hbMgWcybfFg5BkLBtWg1kwuZsikClxevJtm60RKV7prd51JiGjLrzf%2FNTDqxdrpwU2A0t4hnMG%2FGjpBHkvqc7jsROicHRQJdXvl6Xw%2BK1B4QHr4OdFM%2BRtvtMIuVoWNw3847b%2Bz5EijdBw1lIcKWD54y5Ykl2UHIWkWE3GJ0k%2Boz0qwm%2Bjks2VWfUk1dLIjwzZZ67mP3%2BIlzBvpAGyhYi%2FWISpYwui97wQ8U53uQKjnBTYIz1WN5e6HZkKCRHJTfzo%2FYcUJhu%2Fk4HDS04VDapoV6VLpeDv4JHDFP3AcqH5EPLVv648vIOUc%2B27TQByyZx70ORGYyOztbMH6xU0v%2B%2FM6DLecFWnHAPkQ8X%2Fk1igvbBNx8cPPUGQOchdh9Y1Hc7nm%2F4mZ%2BHsCVI5oeT%2FX7TJ15lDFHvc7uVp7J61DCWuWlQdtwjhqXu7Ms0k45AQQwlDJe4XvNbuDOTcti8QfPQw0zMaHTsoH6KjWUiBG6Qlk5UE4apuslT%2BVS8%2FhGlqRo190rqmBhsp3GLn%2B%2FkX8eoNQBK5adrrme1vjyuDFwg3XB1E0E9FY5RGGQuCmS2NgJ5NY1epvc0bT8qUYVwoKESw3dxc0I8oaHXm8pjJotg8dJ9p18vFzQfENSQ1Lif%2FXLA3qsLDDGOeLC5KQwPTUDb%2Bbwt5MjbLFbi09eakKIqSw1T6jyb6AzUIbIYU9CobdiZXlqXR1faA65a%2Bb49rHlYpFMsmtVMGAZGJ6GRcpqgidhwUeEfDWptpsKYjjcWxDXhB3bu93CuigV8dR%2FobTpbwwGmyFCtClfyPoqFgQ57R83bMHQta0ufdOf5rN%2BN%2BUUcgassNy4H84lggSNKjX1Tfle8JYPE8P850TKT8zL0qRyVHs9cq5ng7k%2FQl3TB847FICfrcWLUcxAU5Ed5hGOBPMcjGbc1pABVRV9%2BIivKKTvd06vBei1U27t1QJnlPCRub9A1wI2MEwWlJijoNtXlXN1odzAUFPLHNLG%2B3OjI80qmpNeUJoxRmfUN%2B%2BohI9hbzBle58Ij9659u%2FRIvLRx5Cs96YiHAeFadW%2FDvWvDJh3TzYhc798ZMqiB4KIcFtttKF8siLLCWSmhOmvNl0xVlAZBjrv%2Bs7beWbDKa2

Gefragt von paulcharlesworth vor 1 Jahr

Beantwortet von James vor 1 Jahr

  • Archiviert

possible malware sites opened

The new firefox should have some malware protection by default? I thought I can use it without blocking addons, maybe a mistake? On searching the web by google I came on… (Lesen Sie mehr)

The new firefox should have some malware protection by default? I thought I can use it without blocking addons, maybe a mistake?

On searching the web by google I came on a webpage, where another page suddenly opened and I could not leave with back button. Just another fake page opened.

I scanned the pages here (others are in the comment): https://www.virustotal.com/gui/url/518ffb491d9ae673e803a930d05aae5bd0db9536a93197bfb2a874de76009af2

Could there be some infection? What can I do now to be save?

I deleted cache inside firefox and after that a scan with clamscan. It could not find anything on my device.

Thank you

Gefragt von cj447 vor 1 Jahr

Letzte Antwort von cor-el vor 1 Jahr

  • Archiviert

Adware hidden in Firefox Account

I recently observed that when I visit a certain page (not a website, but a certain page in the website), it seems to be attempting to load flashing the "X" repeatedly. Af… (Lesen Sie mehr)

I recently observed that when I visit a certain page (not a website, but a certain page in the website), it seems to be attempting to load flashing the "X" repeatedly. After a few seconds it stops and within 10 seconds I am then redirected to a scam survey website asking me how satisfied I am with my internet provider. I immediately assumed the worst and ran McAfee scans, cleared cache, Malwarebytes free trial scans and no joy.

Then I logged into another computer and loaded up the same page. Please note instead of logging into Firefox and clicking on my bookmark, I simply went to the website, logged in and went to the page. It is the same link in the end. Nothing happened. I thought it was something wrong with my PC at this stage.

I then decided to log into Firefox to see if that would yield different results. I logged in on the other computer that had not presented the spam yet. I clicked the bookmark and it did it. The spam page loaded. From this I understand whatever is causing the problem is in my Firefox Account data.

I then immediately logged out of Firefox on the second computer, uninstalled it and then redownloaded it. Without logging in, the spam still comes up. I am lost. Neither McAfee, Malwarebytes or AdwCleaner find it.

The link for the spam is different every time, usually ending in ".xyz".

Before the spam was present, the page always had a normal padlock beside the URL. Now,sometimes not always, when the spam is going to come up it has an orange warning symbol and say some elements are not secure, and it says something about images.

The page it occurs on is on eBay, and I have used this site no problem for years. It only occurs on my regional message page specific to my country, not on the message page on "ebay.com".

Any help greatly appreciated.

Gefragt von g474 vor 1 Jahr

Letzte Antwort von jscher2000 vor 1 Jahr