X
Tap here to go to the mobile version of the site.

Support Forum

Malicious Extensions

Posted

I downloaded a malicious add-ons extension called "YouTube to MP3 Convert Button" by "Firefox user 6248547". All it did was open a video conversion website, which worked for the first video I tried (with alot of popups) but the second video I tried, it redirected me to a fake Firefox update page. As soon as I tried to cancel it, a login popup kept appearing and all my open tabs immediately went haywire trying to do some kind of redirect, and I it would not let me click on anything. I quickly ended the process to force close the browser, restarted Firefox and cleared my cache and uninstalled the extension. I am concerned about what kind of malware this may have installed on my machine. I reported this user over a month ago, but it is still available on the add-on page, and other people also commented about it having malware. Any suggestions?

I downloaded a malicious add-ons extension called "YouTube to MP3 Convert Button" by "Firefox user 6248547". All it did was open a video conversion website, which worked for the first video I tried (with alot of popups) but the second video I tried, it redirected me to a fake Firefox update page. As soon as I tried to cancel it, a login popup kept appearing and all my open tabs immediately went haywire trying to do some kind of redirect, and I it would not let me click on anything. I quickly ended the process to force close the browser, restarted Firefox and cleared my cache and uninstalled the extension. I am concerned about what kind of malware this may have installed on my machine. I reported this user over a month ago, but it is still available on the add-on page, and other people also commented about it having malware. Any suggestions?

Chosen solution

Yes I just reinstalled and created a new Firefox profile in case there was anything still hidden within Firefox.

Thank you for the link to the article about the Malware, I tried three of them and the Microsoft Safety Scanner was the one that found the "VirTool:Win32/DefenderTamperingRestore" infection. I am almost 100% certain that this was what was loaded on my computer because of this malicious extension.

From what I found about this infection is it that is a new type of nasty Trojan Malware that installs automatically. It infiltrates Firefox and other browsers running Windows OS, and can cause all kinds of issues including installing ransomware and stealing personal info. It also disables Windows Defender Anti-Virus (which I was using).

Hopefully it did not do any damage to my system, I think it was just sitting dormant as I have not noticed any symptoms of this infection.

Read this answer in context 0
Quote

Additional System Details

Application

  • User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0

More Information

FredMcD
  • Top 10 Contributor
4271 solutions 59904 answers

Helpful Reply

Where did you get the link from?


You may have ad/mal-ware. Further information can be found in this article; https://support.mozilla.org/en-US/kb/troubleshoot-firefox-issues-caused-malware?cache=no

Run most or all of the listed malware scanners. Each works differently. If one program misses something, another may pick it up.

Where did you get the link from? You may have ad/mal-ware. Further information can be found in this article; https://support.mozilla.org/en-US/kb/troubleshoot-firefox-issues-caused-malware?cache=no Run most or all of the listed malware scanners. Each works differently. If one program misses something, another may pick it up.
Was this helpful to you? 1
Quote

Question owner

This was the add-on link where I found the extension. When you use it, it opens a tab to a conversion website that loads the malware with the fake Firefox update. It only did it on the second file I tried to convert.

https://addons.mozilla.org/en-US/firefox/addon/youtube-to-mp3-convert-button/?src=search

This was the add-on link where I found the extension. When you use it, it opens a tab to a conversion website that loads the malware with the fake Firefox update. It only did it on the second file I tried to convert. https://addons.mozilla.org/en-US/firefox/addon/youtube-to-mp3-convert-button/?src=search
Was this helpful to you?
Quote

Question owner

I know better than to download suspicious files like fake updates, so I clicked cancel when it asked to save the file, but it still executed some kind of drive-by download. It then had a login credentials window popup (asking for username and password), and when I hit cancel on that, It immediately caused Firefox to be unresponsive and all my open tabs changed showing that they were redirecting to something else. This was when I had to end the windows process to close Firefox.

I ran Microsoft Safety Scanner and it detected and removed: VirTool:Win32/DefenderTamperingRestore

I know better than to download suspicious files like fake updates, so I clicked cancel when it asked to save the file, but it still executed some kind of drive-by download. It then had a login credentials window popup (asking for username and password), and when I hit cancel on that, It immediately caused Firefox to be unresponsive and all my open tabs changed showing that they were redirecting to something else. This was when I had to end the windows process to close Firefox. I ran Microsoft Safety Scanner and it detected and removed: VirTool:Win32/DefenderTamperingRestore
Was this helpful to you?
Quote
FredMcD
  • Top 10 Contributor
4271 solutions 59904 answers

I sent a message to the add-on site. I checked the reviews. Many give it 5 stars. But others report malware.

Did you remove this?

I sent a message to the add-on site. I checked the reviews. Many give it 5 stars. But others report malware. Did you remove this?
Was this helpful to you?
Quote

Chosen Solution

Yes I just reinstalled and created a new Firefox profile in case there was anything still hidden within Firefox.

Thank you for the link to the article about the Malware, I tried three of them and the Microsoft Safety Scanner was the one that found the "VirTool:Win32/DefenderTamperingRestore" infection. I am almost 100% certain that this was what was loaded on my computer because of this malicious extension.

From what I found about this infection is it that is a new type of nasty Trojan Malware that installs automatically. It infiltrates Firefox and other browsers running Windows OS, and can cause all kinds of issues including installing ransomware and stealing personal info. It also disables Windows Defender Anti-Virus (which I was using).

Hopefully it did not do any damage to my system, I think it was just sitting dormant as I have not noticed any symptoms of this infection.

Yes I just reinstalled and created a new Firefox profile in case there was anything still hidden within Firefox. Thank you for the link to the article about the Malware, I tried three of them and the Microsoft Safety Scanner was the one that found the "VirTool:Win32/DefenderTamperingRestore" infection. I am almost 100% certain that this was what was loaded on my computer because of this malicious extension. From what I found about this infection is it that is a new type of nasty Trojan Malware that installs automatically. It infiltrates Firefox and other browsers running Windows OS, and can cause all kinds of issues including installing ransomware and stealing personal info. It also disables Windows Defender Anti-Virus (which I was using). Hopefully it did not do any damage to my system, I think it was just sitting dormant as I have not noticed any symptoms of this infection.
Was this helpful to you?
Quote
FredMcD
  • Top 10 Contributor
4271 solutions 59904 answers

If you are sure the issue is gone,

That was very good work. Well Done. Please flag your last post as Solved Problem as this can help others with similar problems.

If you are sure the issue is gone, That was very good work. Well Done. Please flag your last post as '''Solved Problem''' as this can help others with similar problems.
Was this helpful to you?
Quote
Ask a question

You must log in to your account to reply to posts. Please start a new question, if you do not have an account yet.