At some point, you downloaded those files.

. Whenever you get a message / popup that software / files need to be updated;

DO NOT USE ANY OF THE PROVIDED LINKS

While this may be a legitimate message, it could also be Malware or a Virus. Any time you want or need to check for upgrades, go to the web site of the True Owner of the program in question. For example, to check out Firefox, go to Mozilla.org. {web link}

You can also report such a site at; Google Report Phishing Page {web link} which is the same when done while on site by going to Help > Report Web Forgery

Help us safeguard Mozilla’s trademarks by reporting misuse {web link}

Perhaps it goes without saying that the files discovered in your Download folder are not real Mozilla software, but an infection being spread from numerous servers through fake advertisements. Based on other reports, they may be spread through a Flash ad.

To reduce your exposure, you can take stronger control over which sites are allowed to run Flash, and/or use an ad blocking add-on.

On the first point, try setting Flash to Click-to-Play ("Ask to Activate"). This will delay Flash from starting on a page until you approve it. I find this speeds initial page loading, and often the Flash isn't needed at all.

To set "Ask to Activate", open the Add-ons page using either:

• Ctrl+Shift+a
• "3-bar" menu button (or Tools menu) > Add-ons

In the left column, click Plugins. Look for "Shockwave Flash" and change "Always Activate" to "Ask to Activate".

With this setting, when you visit a site that wants to use Flash, you should see a notification icon in the address bar and usually (but not always) one of the following: a link in a dark gray rectangle in the page or an infobar sliding down between the toolbar area and the page.

The plugin notification icon in the address bar typically looks like a small, dark gray Lego block. (If it's red, Flash needs updating.)

The delay in activating Flash can help distinguish between problems caused on initial page load, styling, and script activation vs. loading/running Flash.

If you see a good reason to use Flash, and the site looks trustworthy, you can go ahead and click the notification icon in the address bar to allow Flash. You can trust the site for the time being or permanently.

But some pages use Flash only for tracking or playing ads, so if you don't see an immediate need for Flash, feel free to ignore the notification! It will just sit there in case you want to use it later.

On the second point, these are popular extensions for blocking ads on websites (I haven't tried them myself):

• https://addons.mozilla.org/firefox/addon/adblock-plus/
• https://addons.mozilla.org/firefox/addon/ublock-origin/

shipley_f said

On Wednesday, December 16, 2015 my weekly AVG Internet Security scan of whole computer notified me that I had 2 Trojan horse Inject3/SGL's on C:\Users\Administrator\Dowloads. One was FirefoxPatch.exe and the other was FirefoxPatch(1).exe. I have noticed others are having issues with "patches." Please give me a detailed explanation of why this happened and how you are going to ensure that I WILL NOT receive any more Trojan infections in the future.

Mozilla.org nor the Firefox web browser has anything to do with this fake, yes FAKE FirefoxPatch.exe.

Mozilla only does Firefox updates internally in Firefox (by way of a .mar file) or by download from www.mozilla.org and www.mozilla.org/firefox/all

Firefox is not just for Windows but also Mac OSX and Linux so updates are not done by way of a .exe, especially not ones served from random sites outside of mozilla.org.

The so called FirefoxPatch .exe is recent thing (been showing up for around for 1 1/2 to 2 months now) scammers are using to prey on less experienced Windows and or Firefox users in convincing them this is a update for Firefox when it really is something that can install the nasty CryptoLocker on Windows should the person run that fake firefoxpatch .exe.

So its possible you and or someone downloaded this file twice at some point and then forgot about it hopefully and not actually run this .exe.

Thanks James for the replay. We followed instructions below but the AVG Anti Virus didn't show anything. We then went and uninstalled Flash because we found this article (http://wccftech.com/adobe-flash-player-receives-fixes-for-over-77-critical-exploits/). So it wasn't an 'less experienced Windows and or Firefox users,' it was a problem with the software itself. Have had no Trojan Threats since! Needless to say, I will be CONTINUING to use Firefox <3

How to remove a virus that keeps coming back? Dealing with a recurring computer virus can be tricky and may require a high level of technical knowledge to remove. The first and easiest thing to try is: • Restart the computer in Safe Mode and run your AVG Anti Virus software. In Safe Mode your computer is only running the vital processes, therefore your Anti Virus will be able to scan more files. • To start your computer in Safe Mode, press the F8 key right when Windows starts, usually right after you hear your computer beep when you reboot it. • If a virus is detected during the scan in Safe Mode, remove it like a normal virus (see also Question 1) and restart your computer. • Run a virus scan again in normal mode. If the infection was detected and removed in Safe Mode, it should come clean. • If the virus continues to return, it could be accompanied by an undetected rootkit or infected system file. In this case we recommend you restore to a previous version of the operating system (see also Question 5), or contact our TechBuddy experts, available 24/7, to solve your device's virus problems for you. Get help now.