X
Tap here to go to the mobile version of the site.

Support Forum

Fake anti-virus pop up

Posted

Hi i was just browsing the internet and out of no where i got a big, red pop up saying virus has been found and cannot be blocked etc and some woman's voice saying stuff and infront of that a white pop up window with 'username' then below that 'password' i tried closing the tab but nothing would happen so i tried closing the login window thing with the 'x' and 'close' button but the login box just kept bouncing back. i eventually task manager and closed the whole firefox program/window with end task. i re-opened firefox and closed the tab with it on before it could open and that has been the end of that (i hope).

the url/history of it says 'loading' with 'http://z13xxx01z-virus.com/en' and more letters... and it also has 'ec3adcac-8d42' more letters with 'moz-extension://ec3adcac-8d42' and more letters..

does anyone know what this is and what to do?

Thanks

Hi i was just browsing the internet and out of no where i got a big, red pop up saying virus has been found and cannot be blocked etc and some woman's voice saying stuff and infront of that a white pop up window with 'username' then below that 'password' i tried closing the tab but nothing would happen so i tried closing the login window thing with the 'x' and 'close' button but the login box just kept bouncing back. i eventually task manager and closed the whole firefox program/window with end task. i re-opened firefox and closed the tab with it on before it could open and that has been the end of that (i hope). the url/history of it says 'loading' with 'http://z13xxx01z-virus.com/en' and more letters... and it also has 'ec3adcac-8d42' more letters with 'moz-extension://ec3adcac-8d42' and more letters.. does anyone know what this is and what to do? Thanks

Additional System Details

Installed Plug-ins

  • Foxit PhantomPDF Plug-In For Firefox and Netscape
  • Intel web components updater - Installs and updates the Intel web components
  • Intel web components for Intel® Identity Protection Technology
  • McAfee MSC FF plugin DLL
  • NVIDIA 3D Vision Streaming plugin for Mozilla browsers
  • NVIDIA 3D Vision plugin for Mozilla browsers
  • Shockwave Flash 23.0 r0
  • WildTangent Games App V2 Presence Detector
  • iTunes Detector Plug-in

Application

  • User Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:49.0) Gecko/20100101 Firefox/49.0

More Information

Andrew
  • Moderator
322 solutions 4071 answers

This could be due to the websites you visit. If you suspect you have malware on your computer:

you can try these free programs to scan for malware, which work with your existing antivirus software:

Microsoft Security Essentials is a good permanent antivirus for Windows 7/Vista if you don't already have one. Windows 8/10 have antivirus protection built-in.

This could be due to the websites you visit. If you suspect you have malware on your computer: you can try these free programs to scan for malware, which work with your existing antivirus software: * [http://www.microsoft.com/security/scanner/default.aspx Microsoft Safety Scanner] * [http://www.malwarebytes.org/products/malwarebytes_free/ MalwareBytes' Anti-Malware] * [http://support.kaspersky.com/viruses/disinfection/5350 Anti-Rootkit Utility - TDSSKiller] * [http://general-changelog-team.fr/en/downloads/viewdownload/20-outils-de-xplode/2-adwcleaner AdwCleaner] (for more info, see this [http://www.bleepingcomputer.com/download/adwcleaner/ alternate AdwCleaner download page]) * [http://www.surfright.nl/en/hitmanpro/ Hitman Pro] * [http://www.eset.com/us/online-scanner/ ESET Online Scanner] [https://support.microsoft.com/help/14210/security-essentials-download Microsoft Security Essentials] is a good permanent antivirus for Windows 7/Vista if you don't already have one. Windows 8/10 have antivirus protection [https://www.microsoft.com/windows/windows-defender built-in].
FredMcD
  • Top 10 Contributor
4272 solutions 59922 answers

If it's like the fake FBI/Interpol browser lock page, This add-on can stop such pages; disallow Script Button {web link} The Disallow Script button looks like a letter "M" and the title is the Minus Script, drag and drop the button on a toolbar. If the button is not displayed then nothing operates, except rules for plugins.

If it's like the fake FBI/Interpol browser lock page, This add-on can stop such pages; '''[https://addons.mozilla.org/en-US/firefox/addon/disallow-script-button/ disallow Script Button]''' {web link} The Disallow Script button looks like a letter "M" and the title is the Minus Script, drag and drop the button on a toolbar. If the button is not displayed then nothing operates, except rules for plugins.

Question owner

i have done a Windows defender anti virus scan and Malwarebytes scan and nothing came up but can't these scans miss threats sometimes?

The website i visited was one ive visited regulary and never had problems, it's a forum for a game i play and many use it, i didnt even click on anything and my Windows defender didnt even flag up to block anything of a threat

i have done a Windows defender anti virus scan and Malwarebytes scan and nothing came up but can't these scans miss threats sometimes? The website i visited was one ive visited regulary and never had problems, it's a forum for a game i play and many use it, i didnt even click on anything and my Windows defender didnt even flag up to block anything of a threat

Modified by Dayne2015

jscher2000
  • Top 10 Contributor
8797 solutions 71968 answers

Some advertisers have discovered a technique to divert you from a normal page to their site. If you do not already use an ad blocking extension, you could consider that as a layer of your defense. For example:

https://addons.mozilla.org/firefox/addon/ublock-origin/

Like many content-changing add-ons, you may occasionally need to use its button to make an exception for a page to work correctly. Each user needs to find her/his own balance of security and convenience.

Speaking of extensions, an address starting with moz-extension:// is an internal location of a component of one of your add-ons, so that normally is nothing to worry about.

Some advertisers have discovered a technique to divert you from a normal page to their site. If you do not already use an ad blocking extension, you could consider that as a layer of your defense. For example: https://addons.mozilla.org/firefox/addon/ublock-origin/ Like many content-changing add-ons, you may occasionally need to use its button to make an exception for a page to work correctly. Each user needs to find her/his own balance of security and convenience. Speaking of extensions, an address starting with '''moz-extension://''' is an internal location of a component of one of your add-ons, so that normally is nothing to worry about.

Question owner

Hi yeah i have adblock plus enabled on my browser

yeah thats why i posted here cuz it said moz-extension://.

so what you think happened and is it anything of concern?

Thanks

Hi yeah i have adblock plus enabled on my browser yeah thats why i posted here cuz it said moz-extension://. so what you think happened and is it anything of concern? Thanks
jscher2000
  • Top 10 Contributor
8797 solutions 71968 answers

Firefox add-ons should not give you big red pop-ups. Have you reviewed your list to make sure nothing strange snuck in?

You can view, disable, and often remove unwanted or unknown extensions on the Add-ons page. Either:

  • Ctrl+Shift+a (Mac: Command+Shift+a)
  • "3-bar" menu button (or Tools menu) > Add-ons

In the left column, click Extensions. Then cast a critical eye over the list on the right side. All extensions are optional. If in doubt, disable.

Often a link will appear above at least one disabled extension to restart Firefox. You can complete your work on the tab and click one of the links as the last step.


If you see the moz-extension:// address in your history -- you can use the Library dialog, either:

  • Ctrl+Shift+h
  • History menu > Show All History

and then use the search in the upper right, or look for the time you started up Firefox -- you can copy/paste it into a reply. Although the first part of the address is randomized to prevent websites from accessing it, the later parts are helpful in tracking down which extension has that page.

Firefox add-ons should not give you big red pop-ups. Have you reviewed your list to make sure nothing strange snuck in? You can view, disable, and often remove unwanted or unknown extensions on the Add-ons page. Either: * Ctrl+Shift+a (Mac: Command+Shift+a) * "3-bar" menu button (or Tools menu) > Add-ons In the left column, click Extensions. Then cast a critical eye over the list on the right side. All extensions are optional. If in doubt, disable. Often a link will appear above at least one disabled extension to restart Firefox. You can complete your work on the tab and click one of the links as the last step. ---- If you see the moz-extension:// address in your history -- you can use the Library dialog, either: * Ctrl+Shift+h * History menu > Show All History and then use the search in the upper right, or look for the time you started up Firefox -- you can copy/paste it into a reply. Although the first part of the address is randomized to prevent websites from accessing it, the later parts are helpful in tracking down which extension has that page.

Question owner

Hi, i looked at the extensions and all the ones i am aware of are there, no unknown ones...

i have done virus scan windows defender, microsoft safety scanner and malwarebytes and no threat.

i cleared my history but took note of the moz extension and url of them.

nothing else has appeared since, no idea what to call it or find out whatever it was.

i am just concerned because i kept clicking the x button and close button to get rid of the username/password box thing (no idea what password it was even asking for) and it kept instantly bouncing back (it was infront of the actual pop up website thing), until i just closed all of firefox. im just hoping by clicking the x i didnt activate or download something hidden

Hi, i looked at the extensions and all the ones i am aware of are there, no unknown ones... i have done virus scan windows defender, microsoft safety scanner and malwarebytes and no threat. i cleared my history but took note of the moz extension and url of them. nothing else has appeared since, no idea what to call it or find out whatever it was. i am just concerned because i kept clicking the x button and close button to get rid of the username/password box thing (no idea what password it was even asking for) and it kept instantly bouncing back (it was infront of the actual pop up website thing), until i just closed all of firefox. im just hoping by clicking the x i didnt activate or download something hidden

Modified by Dayne2015

jscher2000
  • Top 10 Contributor
8797 solutions 71968 answers

Dayne2015 said

i am just concerned because i kept clicking the x button and close button to get rid of the username/password box thing (no idea what password it was even asking for) and it kept instantly bouncing back (it was infront of the actual pop up website thing), until i just closed all of firefox. im just hoping by clicking the x i didnt activate or download something hidden

If it's like the ones I've seen, that dialog did not have any interactivity that could cause a software download. The page keeps reloading the moment the dialog is closed. If you press the Esc key several times in quick succession, that should terminate the cycle by stopping the reload, and then you can close the tab.

''Dayne2015 [[#answer-936658|said]]'' <blockquote> i am just concerned because i kept clicking the x button and close button to get rid of the username/password box thing (no idea what password it was even asking for) and it kept instantly bouncing back (it was infront of the actual pop up website thing), until i just closed all of firefox. im just hoping by clicking the x i didnt activate or download something hidden </blockquote> If it's like the ones I've seen, that dialog did not have any interactivity that could cause a software download. The page keeps reloading the moment the dialog is closed. If you press the Esc key several times in quick succession, that should terminate the cycle by stopping the reload, and then you can close the tab.

Question owner

ok thanks and the ones that do this are - if you click the x or close button for example, do you see the download starting as if you just clicked ok to download or does it happen literally like invisible?

i ran another scan with microsoft windows malicious software removal and no threats came up, so thats 4 different scans i've run

ok thanks and the ones that do this are - if you click the x or close button for example, do you see the download starting as if you just clicked ok to download or does it happen literally like invisible? i ran another scan with microsoft windows malicious software removal and no threats came up, so thats 4 different scans i've run
FredMcD
  • Top 10 Contributor
4272 solutions 59922 answers

Dayne2015 said

thats 4 different scans i've run

Malwarebytes is the only malware scanner you listed. The others are virus scanners.

Further information can be found in the Troubleshoot Firefox issues caused by malware article.

Run most or all of the listed malware scanners. Each works differently. If one program misses something, another may pick it up.

''Dayne2015 [[#answer-936769|said]]'' <blockquote> thats 4 different scans i've run </blockquote> Malwarebytes is the only malware scanner you listed. The others are virus scanners. Further information can be found in the [[Troubleshoot Firefox issues caused by malware]] article. Run most or all of the listed malware scanners. Each works differently. If one program misses something, another may pick it up.

Question owner

FredMcD said

Dayne2015 said
thats 4 different scans i've run

Malwarebytes is the only malware scanner you listed. The others are virus scanners.

Further information can be found in the Troubleshoot Firefox issues caused by malware article.

Run most or all of the listed malware scanners. Each works differently. If one program misses something, another may pick it up.

in the link you provided it says Microsoft safety scanner is one of the scanners used for malware

''FredMcD [[#answer-936786|said]]'' <blockquote> ''Dayne2015 [[#answer-936769|said]]'' <blockquote> thats 4 different scans i've run </blockquote> Malwarebytes is the only malware scanner you listed. The others are virus scanners. Further information can be found in the [[Troubleshoot Firefox issues caused by malware]] article. Run most or all of the listed malware scanners. Each works differently. If one program misses something, another may pick it up. </blockquote> in the link you provided it says Microsoft safety scanner is one of the scanners used for malware
jscher2000
  • Top 10 Contributor
8797 solutions 71968 answers

Dayne2015 said

ok thanks and the ones that do this are - if you click the x or close button for example, do you see the download starting as if you just clicked ok to download or does it happen literally like invisible?

If you have Firefox set to ask you where you want to save a download, of course it will be more obvious, but even if Firefox auto-saves a download, you'll see the download arrow on the toolbar animate to indicate completion and the download will be listed. This is for normal file pushes, and not what plugins can do; plugins can bypass the normal browser mechanisms.

''Dayne2015 [[#answer-936769|said]]'' <blockquote> ok thanks and the ones that do this are - if you click the x or close button for example, do you see the download starting as if you just clicked ok to download or does it happen literally like invisible? </blockquote> If you have Firefox set to ask you where you want to save a download, of course it will be more obvious, but even if Firefox auto-saves a download, you'll see the download arrow on the toolbar animate to indicate completion and the download will be listed. This is for normal file pushes, and not what plugins can do; plugins can bypass the normal browser mechanisms.

Question owner

jscher2000 said

Dayne2015 said
ok thanks and the ones that do this are - if you click the x or close button for example, do you see the download starting as if you just clicked ok to download or does it happen literally like invisible?

If you have Firefox set to ask you where you want to save a download, of course it will be more obvious, but even if Firefox auto-saves a download, you'll see the download arrow on the toolbar animate to indicate completion and the download will be listed. This is for normal file pushes, and not what plugins can do; plugins can bypass the normal browser mechanisms.

ok is there anyway to see what my plugins are doing/downloading?

you said earlier that advertisers have found a way to divert my page to their website... i do have adblock plus plugin/extension on my firefox, have for years, is it possible one just got through somehow and it was a rarity? i can't remember the last time it happened and hasnt happened again since

or have these advertisers found a way to get round adblock plus or something?

''jscher2000 [[#answer-936931|said]]'' <blockquote> ''Dayne2015 [[#answer-936769|said]]'' <blockquote> ok thanks and the ones that do this are - if you click the x or close button for example, do you see the download starting as if you just clicked ok to download or does it happen literally like invisible? </blockquote> If you have Firefox set to ask you where you want to save a download, of course it will be more obvious, but even if Firefox auto-saves a download, you'll see the download arrow on the toolbar animate to indicate completion and the download will be listed. This is for normal file pushes, and not what plugins can do; plugins can bypass the normal browser mechanisms. </blockquote> ok is there anyway to see what my plugins are doing/downloading? you said earlier that advertisers have found a way to divert my page to their website... i do have adblock plus plugin/extension on my firefox, have for years, is it possible one just got through somehow and it was a rarity? i can't remember the last time it happened and hasnt happened again since or have these advertisers found a way to get round adblock plus or something?
jscher2000
  • Top 10 Contributor
8797 solutions 71968 answers

Dayne2015 said

ok is there anyway to see what my plugins are doing/downloading?

I don't know.

you said earlier that advertisers have found a way to divert my page to their website... i do have adblock plus plugin/extension on my firefox, have for years, is it possible one just got through somehow and it was a rarity? i can't remember the last time it happened and hasnt happened again since or have these advertisers found a way to get round adblock plus or something?

I've never been redirected to one of these pages, I've only seen the ones users have posted links for, but as far as we can tell, users are just browsing normally when suddenly a new tab pops up. If it's not from an ad, perhaps they were on an evil site??

''Dayne2015 [[#answer-936951|said]]'' <blockquote> ok is there anyway to see what my plugins are doing/downloading? </blockquote> I don't know. <blockquote> you said earlier that advertisers have found a way to divert my page to their website... i do have adblock plus plugin/extension on my firefox, have for years, is it possible one just got through somehow and it was a rarity? i can't remember the last time it happened and hasnt happened again since or have these advertisers found a way to get round adblock plus or something? </blockquote> I've never been redirected to one of these pages, I've only seen the ones users have posted links for, but as far as we can tell, users are just browsing normally when suddenly a new tab pops up. If it's not from an ad, perhaps they were on an evil site??
FredMcD
  • Top 10 Contributor
4272 solutions 59922 answers

Redirect Control 0.1.2 This add-on enables the user to allow or deny redirects from web pages. You can also create rules to allow redirects that you approve of.

[https://addons.mozilla.org/en-US/firefox/addon/redirect-control/ Redirect Control 0.1.2] This add-on enables the user to allow or deny redirects from web pages. You can also create rules to allow redirects that you approve of.