Malwarebytes reports Firefox.exe as a trojan attempting to contact a separately reported bad IP address
Malwarebytes interrupted with a pop-up alert saying Firefox was trying to connect to IP address
167.71.99.170 (https://urlhaus.abuse.ch/url/348428/),
which apparently might be bad?
Interestingly, the above urlhaus link initially reported the hit on the IP address per a Pascal Geenens (@geenensp on twitter) who writes for a security blog at
Thanks to any and all who might be able to help!
-Log Details- Protection Event Date: 6/4/20 Protection Event Time: 4:18 PM Log File: 920f76a0-a6a0-11ea-9633-00ffc7e81200.json
-Software Information- Version: 4.1.0.56 Components Version: 1.0.920 Update Package Version: 1.0.25022 License: Premium
-System Information- OS: Windows 10 (Build 18362.836) CPU: x64 File System: NTFS User: System
-Blocked Website Details- Malicious Website: 1 , C:\Program Files (x86)\Mozilla Firefox\firefox.exe, Blocked, -1, -1, 0.0.0
-Website Data- Category: Trojan Domain: IP Address: 167.71.99.170 Port: 443 Type: Outbound File: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(end)
All Replies (11)
Please ignore wimhelp201's post and don't call that number - it's a scam !
Thanks! I hadn't planned on it :) I reported the wimhelp201 account.
wimphelp201 is a scammer. Please do not call the number. I've deactivated their account.
Thanks Andrew.
What about firefox and sketchy IP's ? :)
First, let's check your system.
You may have ad/mal-ware.
Further information can be found in this article;
https://support.mozilla.org/en-US/kb/troubleshoot-firefox-issues-caused-malware?cache=no
Run most or all of the listed malware scanners. Each works differently. If one program misses something, another may pick it up.
Hi FredMcD Ran both Malwarebytes and Microsoft Security with no results (full scan of all files including rootkit search). No add ons or extensions install.
Is there some way to dig into what firefox was doing at the time the request was made to the IP?
Not that I know of. I called for more help.
Awesome. Thank you.
Malwarbytes detects FirefoxPC installer file as malware. Please advise. see attached.
pcendeavorsny, Your screenshot did not shoe FirefoxPC installer.
At any rate, quarantine everything listed and let us know what happens.
pcendeavorsny said
Malwarbytes detects FirefoxPC installer file as malware. Please advise. see attached.
Those 6 PUPOptio...|Conduit lines aren't part of Firefox. Could be related to an Add-on for Firefox, as Conduit has been known for many years as a "bad player" with their Firefox Add-ons. But AFAIK they have been banned from the Mozilla / Firefox Add-ons website, so they may have been installed from some other website; but even that would surprise me, as far as even being "digitally signed" to be allowed to install in Firefox.
Beyond that, it would be nice to see the full "Location" of the Registry Keys and Values. Like maybe a screenshot of the Save Results ... contents or the text of same. Hard to provide advice with the posted screenshot information.