This thread was archived. Please ask a new question if you need help.
Malware bytes found: PUM.Optional.FireFoxSearchOverride. Also noticed new entry into my saved passwords list dated the same day. An entry that I did not do. Looks like someone hacked Firefox Saved Passwords feature.I have changed all my passwords. Google does not know what this is. Thanks, Brent
Modified by Water8203
All Replies (14)
Quarantine that program. Scan your system with other scanners as well. That unknown password, what is it to?
Further information can be found in the Troubleshoot Firefox issues caused by malware article.
Run most or all of the listed malware scanners. Each works differently. If one program misses something, another may pick it up.
FredMcD, Thanks for responding. It's just that if 'unknown' managed to save a logon and password to my saved passwords list, doesn't that mean they hacked my 'firefox saved passwords' password and saw all my logon names and passwords?
Malware bytes did quarantine the program and I also scanned with MS Security. Also spent hours changing passwords on dozens of sites. Also removed and deactivated save password feature.
This is the first time I heard of a password being added to the Password Manager.
Can you post that entry? Also, I called the big guys to help out.
Modified by FredMcD
The screenshot mentions the user.js file.
The user.js file will only be present if you or other software has created this file and normally won't be present. You can check its content with a plain text editor (right-click: "Open with"; do not double-click). The user.js file is read each time Firefox is started and initializes preferences to the value specified in this file, so preferences set via user.js can only be changed temporarily for the current session.
You can delete the user.js file if you didn't create this file yourself.
You can use this button to go to the current Firefox profile folder:
- Help > Troubleshooting Information > Profile Directory: Show Folder (Linux: Open Directory; Mac: Show in Finder)
I deleted entry but it was for a GoDisney.com or DisneyGo account.
Do not know how to use a text editor.
The file is quarantined by malware bytes, should I delete it?
Malware bytes said is was a non threat file or low threat, something like that. There has been no other entries and no problems on any of my sites.
Thanks all for responding.
What is the name of that quarantined file?
Please see attached. Thank you.
The user.js file is where your settings are stored. Something in that file may have triggered the alert. Of it's a false positive.
Is there a way to access the file contents?
Have you received any other alerts? If not, I don't think there is anything to worry about.
Modified by FredMcD
No other alerts. The file is Quarantined in Malwarebytes , do not know how to access it. Maybe I should also email Malewarebytes. Thanks for helping.
If you want. But if your problems are gone, I think you are all set.
I think external software would have a harder time creating a valid entry in the logins file than an add-on. You might want to check whether you have any unknown/unexpected extensions. I suggest disabling ALL nonessential or unrecognized extensions on the Add-ons page. Either:
- "3-bar" menu button (or Tools menu) > Add-ons
In the left column, click Extensions. Then cast a critical eye over the list on the right side and, if in doubt, disable or remove.
Often a link will appear above at least one disabled extension to restart Firefox. You can complete your work on the tab and click one of the links as the last step.
If you have questions about anything there, the easiest way to extract a list with the title, version number and ID (useful for web searches) is to copy it from the support information page. Either:
- "3-bar" menu button > "?" button > Troubleshooting Information
- (menu bar) Help > Troubleshooting Information
- type or paste about:support in the address bar and press Enter
Scroll down to the Extensions heading, use the mouse to select from there through the table that follows and copy, and then paste into a reply. It will look a little messy, but don't worry, we're used to it.
Hi jecher2000, Thanks for responding. Everything looks OK. Please see attached.
Do you see more extensions when you start Firefox in Safe Mode?
Do a clean reinstall and delete the Firefox program folder before (re)installing a fresh copy of the current Firefox release.
- Download the Firefox installer and save the file to the desktop
If possible uninstall your current Firefox version to cleanup the Windows registry and settings in security software.
- Do NOT remove "personal data" when you uninstall your current Firefox version, because this will remove all profile folders and you lose personal data like bookmarks and passwords including data in profiles created by other Firefox versions.
Remove the Firefox program folder before installing that newly downloaded copy of the Firefox installer.
- (32 bit Windows) "C:\Program Files\Mozilla Firefox\"
- (64 bit Windows) "C:\Program Files (x86)\Mozilla Firefox\"
- It is important to delete the Firefox program folder to remove all the files and make sure that there are no problems with files that were leftover after uninstalling.
Your personal data like bookmarks is stored in the Firefox profile folder, so you won't lose personal data when you uninstall and (re)install or update Firefox, but make sure NOT to remove personal data when you uninstall Firefox as that will remove all Firefox profile folders and you lose your personal data.
If you keep having problems then create a new profile.
No unexpected extensions in safe mode. I will try uninstall and reinstall. Thank You.