X
Tap here to go to the mobile version of the site.

Support Forum

Dangerous upgrade

Posted

I keep getting a Firefox upgrade. Norton stops it, but is there anyway to block it? Here is the information from Norton


Filename: ack+hyhd.js.part Threat name: JS.DownloaderFull Path: c:\users\jane\appdata\local\temp\ack+hyhd.js.part

____________________________

____________________________


On computers as of  4/23/2017 at 9:09:22 PM

Last Used  4/23/2017 at 9:11:23 PM

Startup Item  No

Launched  No

Threat type: Virus. Programs that infect other programs, files, or areas of a computer by inserting themselves or attaching themselves to that medium.


____________________________


ack+hyhd.js.part Threat name: JS.Downloader Locate


Very Few Users Fewer than 5 users in the Norton Community have used this file.

Very New This file was released less than 1 week  ago.

High This file risk is high.


____________________________


Source: External Media

Source File: ack+hyhd.js.part

____________________________

File Actions

File: c:\users\jane\appdata\local\temp\ ack+hyhd.js.part Removed ____________________________


File Thumbprint - SHA: e289442245e02e7824dc7e08e14a0ee077a11edc10f0a5192e4916b3e1a96013 File Thumbprint - MD5: 1428f1a2ae9cfa5a8dbf89a9bd435112

I keep getting a Firefox upgrade. Norton stops it, but is there anyway to block it? Here is the information from Norton Filename: ack+hyhd.js.part Threat name: JS.DownloaderFull Path: c:\users\jane\appdata\local\temp\ack+hyhd.js.part ____________________________ ____________________________ On computers as of  4/23/2017 at 9:09:22 PM Last Used  4/23/2017 at 9:11:23 PM Startup Item  No Launched  No Threat type: Virus. Programs that infect other programs, files, or areas of a computer by inserting themselves or attaching themselves to that medium. ____________________________ ack+hyhd.js.part Threat name: JS.Downloader Locate Very Few Users Fewer than 5 users in the Norton Community have used this file. Very New This file was released less than 1 week  ago. High This file risk is high. ____________________________ Source: External Media Source File: ack+hyhd.js.part ____________________________ File Actions File: c:\users\jane\appdata\local\temp\ ack+hyhd.js.part Removed ____________________________ File Thumbprint - SHA: e289442245e02e7824dc7e08e14a0ee077a11edc10f0a5192e4916b3e1a96013 File Thumbprint - MD5: 1428f1a2ae9cfa5a8dbf89a9bd435112

Additional System Details

Installed Plug-ins

  • Shockwave Flash 25.0 r0

Application

  • Firefox 52.0.2
  • User Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0
  • Support URL: https://support.mozilla.org/1/firefox/52.0.2/WINNT/en-US/

Extensions

  • Amazon Assistant for Firefox 10.1701.20.543 (abb@amazon.com)
  • Application Update Service Helper 2.0 (aushelper@mozilla.org)
  • Disable Prefetch 1.0 (disable-prefetch@mozilla.org)
  • Disable TLS Certificate Transparency 1.0 (disable-cert-transparency@mozilla.org)
  • Ebates Cash Back 4.14.0.3 ({35d6291e-1d4b-f9b4-c52f-77e6410d1326})
  • LastPass 3.3.4 (support@lastpass.com)
  • Multi-process staged rollout 1.12 (e10srollout@mozilla.org)
  • Norton Security Toolbar 2017.9.1.7 ({C1A2A613-35F1-4FCF-B27F-2840527B6556})
  • Pocket 1.0.5 (firefox@getpocket.com)
  • Site Deployment Checker 1.0 (deployment-checker@mozilla.org)
  • Web Compat 1.0 (webcompat@mozilla.org)

Javascript

  • incrementalGCEnabled: True

Graphics

  • adapterDescription: Intel(R) HD Graphics 4600
  • adapterDescription2:
  • adapterDeviceID: 0x0412
  • adapterDeviceID2:
  • adapterDrivers: igdumdim64 igd10iumd64 igd10iumd64 igd12umd64 igdumdim32 igd10iumd32 igd10iumd32 igd12umd32
  • adapterDrivers2:
  • adapterRAM: Unknown
  • adapterRAM2:
  • adapterSubsysID: 06111028
  • adapterSubsysID2:
  • adapterVendorID: 0x8086
  • adapterVendorID2:
  • crashGuards: [{u'prefName': u'gfx.crash-guard.status.d3d9video', u'type': u'd3d9video'}]
  • currentAudioBackend: wasapi
  • direct2DEnabled: True
  • directWriteEnabled: True
  • directWriteVersion: 10.0.14393.953
  • driverDate: 9-29-2016
  • driverDate2:
  • driverVersion: 20.19.15.4531
  • driverVersion2:
  • featureLog: {u'fallbacks': [], u'features': [{u'status': u'available', u'description': u'Compositing', u'log': [{u'status': u'available', u'type': u'default'}], u'name': u'HW_COMPOSITING'}, {u'status': u'available', u'description': u'Direct3D11 Compositing', u'log': [{u'status': u'available', u'type': u'default'}], u'name': u'D3D11_COMPOSITING'}, {u'status': u'disabled', u'description': u'Direct3D9 Compositing', u'log': [{u'status': u'disabled', u'message': u'Disabled by default', u'type': u'default'}], u'name': u'D3D9_COMPOSITING'}, {u'status': u'available', u'description': u'Direct2D', u'log': [{u'status': u'available', u'type': u'default'}], u'name': u'DIRECT2D'}, {u'status': u'available', u'description': u'Direct3D11 hardware ANGLE', u'log': [{u'status': u'available', u'type': u'default'}], u'name': u'D3D11_HW_ANGLE'}]}
  • info: {u'AzureCanvasAccelerated': 0, u'AzureCanvasBackend': u'direct2d 1.1', u'AzureFallbackCanvasBackend': u'cairo', u'AzureContentBackend': u'direct2d 1.1'}
  • isGPU2Active: False
  • numAcceleratedWindows: 1
  • numTotalWindows: 1
  • supportsHardwareH264: Yes; Using D3D11 API
  • webgl2Renderer: WebGL is currently disabled.
  • webglRenderer: WebGL is currently disabled.
  • windowLayerManagerRemote: True
  • windowLayerManagerType: Direct3D 11

Modified Preferences

Misc

  • User JS: No
  • Accessibility: No
James
  • Moderator
1594 solutions 11232 answers

if you mean a so called firefox-patch.js file from a random site claiming to have a urgent Firefox update.

This is not from Mozilla or the Firefox web browser as it is Fake. https://support.mozilla.org/en-US/kb/i-found-fake-firefox-update

The is due to malvertising Ads on some sites. If you keep getting this then a ad blocking extension like https://addons.mozilla.org/firefox/addon/ublock-origin/ can help.

if you mean a so called firefox-patch.js file from a random site claiming to have a urgent Firefox update. '''This is not from Mozilla or the Firefox web browser as it is Fake'''. https://support.mozilla.org/en-US/kb/i-found-fake-firefox-update The is due to malvertising Ads on some sites. If you keep getting this then a ad blocking extension like https://addons.mozilla.org/firefox/addon/ublock-origin/ can help.
FredMcD
  • Top 10 Contributor
4228 solutions 59015 answers

. Whenever you get a message / popup that software / files need to be updated;

DO NOT USE ANY OF THE PROVIDED LINKS

While this may be a legitimate message, it could also be Malware or a Virus. Anytime you want or need to check for upgrades, go to the website of the True Owner of the program in question. For example, to check out Firefox, go to https://www.mozilla.org

You can report such a site at; http://www.google.com/safebrowsing/report_phish/ Google Report Phishing Page which is the same when done while on site by going to Help > Report Web Forgery

http://www.mozilla.org/en-US/legal/fraud-report/ Help us safeguard Mozilla’s trademarks by reporting misuse

For almost a year, an epidemic of Fake Update Notices have been popping up all over the place. https://support.mozilla.org/en-US/kb/forum-response-i-found-fake-firefox-update

. Whenever you get a message / popup that software / files need to be updated; '''DO NOT USE ANY OF''' '''THE PROVIDED LINKS''' While this may be a legitimate message, it could also be '''Malware or a Virus.''' Anytime you want or need to check for upgrades, go to the website of the '''True Owner''' of the program in question. For example, to check out Firefox, go to '''https://www.mozilla.org''' You can report such a site at; http://www.google.com/safebrowsing/report_phish/ Google Report Phishing Page which is the same when done while on site by going to '''Help > Report Web Forgery''' http://www.mozilla.org/en-US/legal/fraud-report/ Help us safeguard Mozilla’s trademarks by reporting misuse For almost a year, an epidemic of '''Fake Update Notices''' have been popping up all over the place. https://support.mozilla.org/en-US/kb/forum-response-i-found-fake-firefox-update
James
  • Moderator
1594 solutions 11232 answers

If it is a site serving the fake firefox-patch.js file there is no point reporting those sites since they are only used for a day or so in a disposable fashion so there is no point to tell people to do so as nobody else has done so for months now.

Also I already posted that I found a fake update link.

If it is a site serving the fake firefox-patch.js file there is no point reporting those sites since they are only used for a day or so in a disposable fashion so there is no point to tell people to do so as nobody else has done so for months now. Also I already posted that I found a fake update link.
John99 971 solutions 13138 answers

I note Norton mentions the file is new less than a week old, so it may change on a regular basis, but the fact Norton , and presumably other security software identifies it as malware is good as many users will have protection against this.

Of course something like this has wide reach and even if only a small percentage of users have no active, or outdated, security software the bad guys could still affect millions of users.

These help article are some more general advice

I note Norton mentions the file is new less than a week old, so it may change on a regular basis, but the fact Norton , and presumably other security software identifies it as malware is good as many users will have protection against this. Of course something like this has wide reach and even if only a small percentage of users have no active, or outdated, security software the bad guys could still affect millions of users. These help article are some more general advice * [[How to stay safe on the web]] * [[Tips for safe online shopping]] * [[How does built-in Phishing and Malware Protection work?]]