Avatar for Username

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

This thread was archived. Please ask a new question if you need help.

attempted browser hijack downloaded trojan / linked to FF Block site 4.0.5.2 add-on.

midnightvisions
midnightvisions
more options

My FF was in an attempted hijacking.

I was able to get out of it and report the web site through this menu's Report Deceptive Site. A follow up virus scan did not reveal anything.

Several days later I received an email stating the hijack downloaded a key logger which copied all my contacts and passwords. It then demanded a ransom of more money that I have and instructions on how to bitcoin the money to them, also something I have no idea what they are talking about. The hijackers included one password as evidence of the keylogger. I do not have a camera attached to my computer so the rest of the message was just rubbish.

a virus scan then revealed the Domepidief.A trojan which downloaded the file NSMAIL.PDF.

NSMAIL.PDF was located at c:\Users\your account\Appdata\Local\Temp\nsmail.pdf

NSMAIL.PDF showed as a Videolan VLC extension withthe roadcone icon.

Then FF started to repeatedly try to connect to Adult.yourblocksite.com. through troubleshooting the FF add-on Block site 4.0.5.2 was the source of the pinging.

You need to remove the Block Site add-on as its been hijacked by criminals.

My FF was in an attempted hijacking. I was able to get out of it and report the web site through this menu's Report Deceptive Site. A follow up virus scan did not reveal anything. Several days later I received an email stating the hijack downloaded a key logger which copied all my contacts and passwords. It then demanded a ransom of more money that I have and instructions on how to bitcoin the money to them, also something I have no idea what they are talking about. The hijackers included one password as evidence of the keylogger. I do not have a camera attached to my computer so the rest of the message was just rubbish. a virus scan then revealed the Domepidief.A trojan which downloaded the file NSMAIL.PDF. NSMAIL.PDF was located at c:\Users\your account\Appdata\Local\Temp\nsmail.pdf NSMAIL.PDF showed as a Videolan VLC extension withthe roadcone icon. Then FF started to repeatedly try to connect to Adult.yourblocksite.com. through troubleshooting the FF add-on Block site 4.0.5.2 was the source of the pinging. You need to remove the Block Site add-on as its been hijacked by criminals.

Chosen solution

The email sounds like a variation of one of those blackmail email scams.

https://www.reddit.com/r/Scams/comments/8gsjba/the_blackmail_email_scam/ https://www.kshb.com/money/consumer/dont-waste-your-money/scary-porn-blackmail-scam-knows-your-password

Read this answer in context 👍 1

All Replies (3)

FFus3r
FFus3r
more options

scan your system with:

use malwarebytes in safe mode and normal mode.

James
James
  • Top 25 Contributor
  • Moderator
more options

Chosen Solution

The email sounds like a variation of one of those blackmail email scams.

https://www.reddit.com/r/Scams/comments/8gsjba/the_blackmail_email_scam/ https://www.kshb.com/money/consumer/dont-waste-your-money/scary-porn-blackmail-scam-knows-your-password

midnightvisions
midnightvisions Question owner
more options

Yes, so the old password came from a Linkedin hack in 2012, not an old password hacked from FF.

Thanks for the news. The email threat was rubbish and the info it stated was not correct, but my concern was where the password came from, if it was indeed hacked from firefox or not.

thanks