X
Tap here to go to the mobile version of the site.

Support Forum

addonbrowser.com/video-flash-download-manager, hijacked tabs. How do I remove it?

Posted

Upon starting Firefox. (64.0 (64-bit), Ubuntu 16.04), an Addon, which I thought I had -but is not listed in my addons-, "{link to malware removed} , asked to send notifications. I usually deny, but as I mentioned, I thought I had this add-on installed, so I accepted. It then opened these tabs:

     1.  https://win-big-bonus-here.com/?u=7pfk605&o=e93bvvr&t=1577914_proads_gambling.
     2.  https://www.amazon.com/s/ref=nb_sb_ss_c_1_20?url=search-alias%3Daps&field-                keywords=Genius+surface+pro+3+charger&sprefix=surface+pro+3+charger.

I don't have this addon listed, either in my installed addons, or as an available addon. Where did it come from? And how do I get rid of it?

Upon starting Firefox. (64.0 (64-bit), Ubuntu 16.04), an Addon, which I thought I had -but is not listed in my addons-, "{link to malware removed} , asked to send notifications. I usually deny, but as I mentioned, I thought I had this add-on installed, so I accepted. It then opened these tabs: 1. https://win-big-bonus-here.com/?u=7pfk605&o=e93bvvr&t=1577914_proads_gambling. 2. https://www.amazon.com/s/ref=nb_sb_ss_c_1_20?url=search-alias%3Daps&field- keywords=Genius+surface+pro+3+charger&sprefix=surface+pro+3+charger. I don't have this addon listed, either in my installed addons, or as an available addon. Where did it come from? And how do I get rid of it?

Modified by Matt

Chosen solution

Thank you all for your replies. Cor-el, a couple of those "abouts"- were a little over my head. Hopefully, I can learn how to use those "serviceworkers" and "websockets" things.

  But, yes, I did get those notifications again, but only 2 more times upon starting Firefox.  After that it's not happened any more.   Totally baffles me!  If it re-occurs, I will definitely post again.  Again, thank you all.

-Apeman

apeman said

Upon starting Firefox. (64.0 (64-bit), Ubuntu 16.04), an Addon, which I thought I had -but is not listed in my addons-, "{link to malware removed} , asked to send notifications. I usually deny, but as I mentioned, I thought I had this add-on installed, so I accepted. It then opened these tabs: 1. https://win-big-bonus-here.com/?u=7pfk605&o=e93bvvr&t=1577914_proads_gambling. 2. https://www.amazon.com/s/ref=nb_sb_ss_c_1_20?url=search-alias%3Daps&field- keywords=Genius+surface+pro+3+charger&sprefix=surface+pro+3+charger. I don't have this addon listed, either in my installed addons, or as an available addon. Where did it come from? And how do I get rid of it?
Read this answer in context 0

Additional System Details

Installed Plug-ins

  • Shockwave Flash 32.0 r0

Application

  • User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:64.0) Gecko/20100101 Firefox/64.0

More Information

FredMcD
  • Top 10 Contributor
4225 solutions 58987 answers

I tried the link you posted, and my anti-virus sounded off;

Category: Intrusion Prevention Date & Time,Risk,Activity,Status,Recommended Action,IPS Alert Name,Default Action,Action Taken,Attacking Computer,Destination Address,Source Address,Traffic Description 12/13/2018 6:42:03 PM,High,An intrusion attempt by reddleops.pro was blocked.,Blocked,No Action Required,Web Attack: Fake Tech Support Domains 2,No Action Required,No Action Required,"reddleops.pro (199.80.54.115, 443)","FRED-PC (172.16.40.148, 62819)",reddleops.pro (199.80.54.115),"TCP, https" Network traffic from reddleops.pro matches the signature of a known attack. The attack was resulted from \DEVICE\HARDDISKVOLUME3\PROGRAM FILES (X86)\MOZILLA FIREFOX 54\FIREFOX.EXE.

I tried the link you posted, and my anti-virus sounded off; Category: Intrusion Prevention Date & Time,Risk,Activity,Status,Recommended Action,IPS Alert Name,Default Action,Action Taken,Attacking Computer,Destination Address,Source Address,Traffic Description 12/13/2018 6:42:03 PM,High,An intrusion attempt by reddleops.pro was blocked.,Blocked,No Action Required,Web Attack: Fake Tech Support Domains 2,No Action Required,No Action Required,"reddleops.pro (199.80.54.115, 443)","FRED-PC (172.16.40.148, 62819)",reddleops.pro (199.80.54.115),"TCP, https" Network traffic from <b>reddleops.pro</b> matches the signature of a known attack. The attack was resulted from \DEVICE\HARDDISKVOLUME3\PROGRAM FILES (X86)\MOZILLA FIREFOX 54\FIREFOX.EXE.
FredMcD
  • Top 10 Contributor
4225 solutions 58987 answers

I called for more help. Go to your programs folder and remove anything newly installed.

I called for more help. Go to your programs folder and remove anything newly installed.
James
  • Moderator
1594 solutions 11232 answers

Fred, this is Linux and not the Windows you use.

apeman, what Extensions do you have listed as installed in Firefox even though you say none seem to have a similar name.

I do not use Ubuntu but I would think Ubuntu would not include such an extension with their Firefox package or separate Firefox related packages in package manager.

Firefox from www.mozilla.org/firefox/all certainly does not come with this video download extension.

Fred, this is '''Linux''' and not the Windows you use. apeman, what Extensions do you have listed as installed in Firefox even though you say none seem to have a similar name. I do not use Ubuntu but I would think Ubuntu would not include such an extension with their Firefox package or separate Firefox related packages in package manager. Firefox from www.mozilla.org/firefox/all certainly does not come with this video download extension.

Modified by James

cor-el
  • Top 10 Contributor
  • Moderator
17418 solutions 157376 answers

Do you keep getting tabs or was this a one time action?

You can check the Notifications under "Options/Preferences -> Privacy & Security -> Permissions".

Do you keep getting tabs or was this a one time action? You can check the Notifications under "Options/Preferences -> Privacy & Security -> Permissions".
cor-el
  • Top 10 Contributor
  • Moderator
17418 solutions 157376 answers

You can see all registered service workers on these pages: about:serviceworkers and about:debugging#workers You can check WebSockets via this page: about:networking#websockets See also serviceworker.txt in the profile folder.

You can see all registered service workers on these pages: <b>about:serviceworkers</b> and <b>about:debugging#workers</b> You can check WebSockets via this page: <b>about:networking#websockets</b> See also serviceworker.txt in the profile folder.

Chosen Solution

Thank you all for your replies. Cor-el, a couple of those "abouts"- were a little over my head. Hopefully, I can learn how to use those "serviceworkers" and "websockets" things.

  But, yes, I did get those notifications again, but only 2 more times upon starting Firefox.  After that it's not happened any more.   Totally baffles me!  If it re-occurs, I will definitely post again.  Again, thank you all.

-Apeman

apeman said

Upon starting Firefox. (64.0 (64-bit), Ubuntu 16.04), an Addon, which I thought I had -but is not listed in my addons-, "{link to malware removed} , asked to send notifications. I usually deny, but as I mentioned, I thought I had this add-on installed, so I accepted. It then opened these tabs: 1. https://win-big-bonus-here.com/?u=7pfk605&o=e93bvvr&t=1577914_proads_gambling. 2. https://www.amazon.com/s/ref=nb_sb_ss_c_1_20?url=search-alias%3Daps&field- keywords=Genius+surface+pro+3+charger&sprefix=surface+pro+3+charger. I don't have this addon listed, either in my installed addons, or as an available addon. Where did it come from? And how do I get rid of it?
Thank you all for your replies. Cor-el, a couple of those "abouts"- were a little over my head. Hopefully, I can learn how to use those "serviceworkers" and "websockets" things. But, yes, I did get those notifications again, but only 2 more times upon starting Firefox. After that it's not happened any more. Totally baffles me! If it re-occurs, I will definitely post again. Again, thank you all. -Apeman ''apeman [[#question-1243654|said]]'' <blockquote> Upon starting Firefox. (64.0 (64-bit), Ubuntu 16.04), an Addon, which I thought I had -but is not listed in my addons-, "{link to malware removed} , asked to send notifications. I usually deny, but as I mentioned, I thought I had this add-on installed, so I accepted. It then opened these tabs: 1. https://win-big-bonus-here.com/?u=7pfk605&o=e93bvvr&t=1577914_proads_gambling. 2. https://www.amazon.com/s/ref=nb_sb_ss_c_1_20?url=search-alias%3Daps&field- keywords=Genius+surface+pro+3+charger&sprefix=surface+pro+3+charger. I don't have this addon listed, either in my installed addons, or as an available addon. Where did it come from? And how do I get rid of it? </blockquote>