X
Tap here to go to the mobile version of the site.
Your Firefox is out of date and may contain a security risk! Upgrade Firefox

Support Forum

WARNING FBI LOCKED BROWSER!!!

Posted

I was surfing the web, when somehow I landed on the web page below. The web page displayed a so-called message from the FBI (you know the one), and Firefox was locked. I shut down FF via the Windows Task Manager. When I tried to restart FF, FBI was back. I shut FF down. Then, using the Open New Window option, I was able to get FF up. Here is the web address. If you have site blocking or pop-up add-ons, add this in.


http://fbi.gov.====REMOVE===


id561073976-7652854433.===REMOVE===


v886341'.'com

de linkified v886341 dot com J99

Modified by John99

Chosen solution

Preventative Measure

See /questions/981475#answer-516884 downthread

Using the sample site John99 mentioned, I created a script to defang that page and others that use similar techniques. You can add it to your Bookmarks Toolbar for future use in the unfortunate event that you run into one of these pages. 
http://dev.jeffersonscher.com/bookmarklets.html#escape  
Also see explanation and screenshots  /questions/981475#answer-516977 

Advice on what to do if you get this sort of attack. Speaking from looking at the page I got from the now removed link in the Original post.

BTW the site exists still from the link in the OP it is however not showing in Google searches that I tried.


Here is the fix dead simple solution

  • You may want to carefully note the full information in the address bar .
  1. Try to close the tab once only
  2. You will get a popup use the mouse to select the [Leave Page] button but do NOT left click.
  3. Now use the keyboard key [Enter] (or [Return]) after a second or so it should auto repeat hopefully rapidly enough to clear the problem in a few seconds. The rogue tab will then close
  4. It may then be a good idea to clear the rogue site from the History. Use the forget option.
    Remove websites from the Awesome Bar suggestions_clearing-all-items-for-a-single-site

  • Note the rogue site is likely to identify your country and send information appearing to come from your country or a multi country official body. Europol EC3 or FBI for example
  • You may wish to copy and paste the address from the location bar. It may be useful if you wish to report the problem. Should you report this on a site replace all dots with the word dot.
    (for instance v88634.com as v886341(dot)com and s845340.com as s845340(dot)com )

For info a current one I see is

http://europol.europe.eu.id974784510-4458260206.s845340.com/?flow_id=8614&414304=33302/case_id=46449  


The site does

  • Scare people using some information that looks correct and some that is plausible. Impersonating police or similar sites.
  • Appears to lock up the browser
  • Demands and presumably collects money with a 12 hr deadline.
  • Does do some sort of validity check on the cash voucher

What does NOT work

  • Following most of the advice about Malware.
    Because you do not have malware installed on your computer.
  • Resetting or re installing Firefox
    Resetting and reinstall normally leave the session store information alone.

What is not worth trying

  • Reinstalling the Operating System
    That is overkill
  • Blocking the fbi site
    https://www.fbi.gov/ or https://www.fbi.gov/ They are genuine. Firefox may give you a warning, as they have security issues !!
    (A known problem Bug 863517 - https://www.fbi.gov/ has active mixed content (JS and CSS) that are blocked by the mixed content blocker )
    Or the Europol site
  • Using the popups and clicking one at a time. The popup floats over your browser and will disappear with each single click. The file I have takes over 70 clicks.

CARE
Some superficially similar warnings may be from malware that does encrypt your files, or otherwise damages your System

I will mark this as the solution to this problem as it will solve the issue.

Read this answer in context 5
Post a Reply

Additional System Details

Installed Plug-ins

  • Shockwave Flash 11.9 r900
  • VLC media player Web Plugin 2.1.0
  • GEPlugin
  • Adobe PDF Plug-In For Firefox and Netscape 11.0.05
  • 5.1.20913.0
  • The Hulu Desktop Plugin allows Hulu.com to integrate with the Hulu Desktop application.
  • The plug-in allows you to open and edit files using Microsoft Office applications

Application

  • Firefox 26.0
  • User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0
  • Support URL: https://support.mozilla.org/1/firefox/26.0/WINNT/en-US/

Extensions

  • Abduction! 3.5.0 ({b0e1b4a6-2c6f-4e99-94f2-8e625d7ae255})
  • About Add-ons 0.6.20110718 ({DF3074AA-1298-95DF-4315-72E3C22B503C})
  • about:addons Launcher 1.1 (aboutaddons@about-addons-launcher.org)
  • AboutPlug 1.5 ({C49B68AC-0D21-40A7-9EE0-77D822273103})
  • Adblock Plus 2.4 ({d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d})
  • Adblock Plus Pop-up Addon 0.9.1 (adblockpopups@jessehakanen.net)
  • Add to Search Bar 2.2 (add-to-searchbox@maltekraus.de)
  • Add-on Compatibility Reporter 2.0.1 (compatibility@addons.mozilla.org)
  • Add-ons Manager Context Menu 0.4.2 (amcontextmenu@loucypher)
  • Addons Manager Hilite 2.0 (addonsmgrhilte@cfl)
  • Auto Shutdown NG 0.9.16 (jid0-HZ5UvAEiWWAxT9TKLuhEgUCARqo@jetpack)
  • Autofill 3.6 (firefox-autofill@googlegroups.com)
  • Automatic Save Folder 1.0.4 (asf@mangaheart.org)
  • Back to Top 7.0 ({3C9A65A6-9563-4485-BA4A-4BCD698BCFB4})
  • Block site 1.1.8 ({dd3d7613-0246-469d-bc65-2a3cc1668adc})
  • Bookmarks Checker - check for bad links 2.3.0 (firefoxbookmarkchecker@everhelper.me)
  • Caret Out 1.1 (caret-out@blogram.net)
  • Clean Links 2.4.5 ({158d7cb3-7039-4a75-8e0b-3bd0a464edd2})
  • Cleanest Addon Manager 7.0 (cam@sdrocking.com)
  • CLEO 5.0.1 (CLEO@guid.customsoftwareconsult.com)
  • Close Tab By Double Click 1.14 (close@doubleclick)
  • Come back "Block image from ad.sites" 0.6 (come.back.block.image.from@cat-in-136.blogspot.com)
  • Config Descriptions 1.0 ({1823e248-6bf4-f6f1-7901-65a68e8b6c1e})
  • Context Search 0.6.2 ({902D2C4A-457A-4EF9-AD43-7014562929FF})
  • Customizable Shortcuts 0.5.11.1 (customizable-shortcuts@timtaubert.de)
  • Disable Anti-Adblock 3.1 ({d49a148e-817e-4025-bee3-5d541376de3b})
  • dlTracker 1.0 ({8f194e42-1d89-4395-b867-2275787b4ec3})
  • Download Status Bar 1.9.9 ({6c28e999-e900-4635-a39d-b1ec90ba0c0f})
  • DownloadHelper 4.9.21 ({b9db16a4-6edc-47ec-a1f4-b86292ed211d})
  • Element Hiding Helper for Adblock Plus 1.2.3 (elemhidehelper@adblockplus.org)
  • Empty Cache Button 2.5 ({4cc4a13b-94a6-7568-370d-5f9de54a9c7f})
  • ErrorZilla Plus 1.2.3 ({03651b2d-eb7d-4be7-af1b-dc0cd162dd54})
  • Expire history by days 1.1 (expire-history-by-days@bonardo.net)
  • Extension Options Menu 2.7 ({1feca320-6b4d-11df-a08a-0800200c9a66})
  • External Application Buttons 2 0.11 (externalappbutton@teo.pl)
  • Fast Translation 1.10.1 (fasttrans@kemot)
  • FEBE 7.3 ({4BBDD651-70CF-4821-84F8-2B918CF89CA3})
  • FindBar Tweak 1.4.14 (fbt@quicksaver)
  • Flash Video Downloader 4.0.8 (artur.dubovoy@gmail.com)
  • Flashblock 1.5.17 ({3d7eb24f-2740-49df-8937-200b1cc08f8a})
  • Forecastfox 2.2.2 ({0538E3E3-7E9B-4d49-8831-A227C80A7AD3})
  • Gesture Translate 0.5.9 (gesture-translate@pablocantero.com)
  • gui:config 1.2.2 (guiconfig@slosd.net)
  • Hide Add-on-Bar-Close-Button 0.3.0 (hide-add-on-bar-close-button@mauricioid.com)
  • Hide Plugin Notifications 0.2 (suppress-plugin-infobar@benjamin.smedbergs.us)
  • Hotmail Watcher 1.61 (hotmailwatcher@sonthakit)
  • Image Preview 0.0.7 ({D0A81AC1-3B12-4cec-AA8D-40EBDC4241EA})
  • Image Zoom Scroll 0.2.1 (imagezoomscroll@lucida.net)
  • KillSpinners 1.1.1 (killspinners@byo.co.il)
  • Link Toggler 0.3 ({CFC31648-F870-11DF-80F3-9B4EDFD72085})
  • More About 0.0.0.6m (MoreAbout@schuzak.jp)
  • Multirow Bookmarks Toolbar Plus 1.2 ({4c7097f7-08f2-4ef2-9b9f-f95fa4cbb064})
  • NewScrollbars (aka NoiaScrollbars) 1.2.1 (NoiaScrollbars@ArisT2_Noia4dev)
  • No Sleep Download 2.0 (nosleepdl@august8.net)
  • NoRedirect 1.3.2.13 ({c1970c0d-dbe6-4d91-804f-c9c0de643a57})
  • NoSquint 2.1.9 (nosquint@urandom.ca)
  • Open about:permissons 1.2 (open.about.permissions@jasnapaka.com)
  • OPIE 4.2 (OPIE@guid.customsoftwareconsult.com)
  • Places Maintenance 1.3 (places-maintenance@bonardo.net)
  • ProgressMeter 1.2 (progress-meter@bgoluboff.org)
  • Quick Dictionary Lookup 2.0 (lexilook@lexiology.com)
  • Quick Options 0.1a5 (quick-options@loucypher)
  • Quick Translator 1.0 ({5C655500-E712-41e7-9349-CE462F844B19})
  • Remember Passwords 1.1 (remember-passwords@stanimir-stamenkov.addons.mozilla.org)
  • Re-Pagination 2013.03.18 ({6072cb90-a0bd-11da-a746-0800200c9a66})
  • Restartless Restart 9 (restartless.restart@erikvold.com)
  • RightToClick 2.9.5 ({cd617375-6743-4ee8-bac4-fbf10f35729e})
  • Saved Password Editor 2.7.1 (savedpasswordeditor@daniel.dawson)
  • Searchbar Autosizer 2.1.0 ({655397ca-4766-496b-b7a8-3a5b176ee4c2})
  • SearchThisSite 0.37 ({c71ff04d-f001-1fc1-1fc1-c71ff04df002})
  • Send Tab URLs 2.1 ({4aebcd37-f454-4928-9233-174a026ed367})
  • Show Location 0.7.2 ({10228D1E-6D25-4ccc-903E-272D66EEC763})
  • SkipScreen 0.7.2 (SkipScreen@SkipScreen)
  • Space Next 0.33 ({c71ff04d-f001-1fc1-1fc1-c71ff04df005})
  • StatusbarEx 0.3.5 (doudehou@gmail.com)
  • SuperStop 0.1 (superstop@gavinsharp.com)
  • Tabs Always In Titlebar 1.2 (TabsAlwaysInTitlebar@SoapyBrew)
  • Thumbnail Zoom Plus 2.6 (thumbnailZoom@dadler.github.com)
  • Torrent Scan 1.0 ({2e13d283-97ed-4b67-a006-43a81c909863})
  • Troubleshooter 1.1a (troubleshooter@mozilla.org)
  • Vertical Toolbar 1.0.4 (verticaltoolbar@xuldev.org)
  • ViewAbout 2.0.1 (viewabout@rumblingedge.com)
  • Webutation 2.0.8 ({15fe27f3-e5ab-2d59-4c5c-dadc7945bdbd})
  • ZZGif 1.0.rev163 (jid0-AsEtBwC86O2aYN7hqMefrquv9ls@jetpack)
  • About support button 0.0.2 (aboutsupportbutton@firefox) (Inactive)
  • Add-on Update Checker 2.4 ({891f0410-aaa2-11e0-9f1c-0800200c9a66}) (Inactive)
  • FireFox Tweak 3.0 (firefoxtweak@pribic.am) (Inactive)
  • Motive Extension 1.0 (mcciwbch@motive.com) (Inactive)
  • Real Player Converter Free 1.5.8 ({7311288b-b9b2-43e8-ae93-9fef33ee5fb7}) (Inactive)
  • Saved Passwords Button 1.2.4 (savedpasswords@adamfranco.com) (Inactive)
  • Toolbar Autohide 6.4.1 (fullscreentoolbarhover@com.sppad) (Inactive)
  • Torrent Finder Toolbar 1.3.1 (TFToolbarX@torrent-finder) (Inactive)
  • Video Myxa 1.9.91 ({0C07EECD-53B6-4748-BB2B-4395BF51DD8B}) (Inactive)
  • YouTube Caption Downloader 2.3 (captiondownloader@hiephm.com) (Inactive)
  • Youtube Subscriptions Grid 1.7 (jid1-PmCaAQKMFABjHg@jetpack) (Inactive)
  • YouTube Unblocker 0.5.0 (youtubeunblocker@unblocker.yt) (Inactive)

Javascript

  • incrementalGCEnabled: True

Graphics

  • adapterDescription: Intel(R) HD Graphics 4000
  • adapterDescription2:
  • adapterDeviceID: 0x0166
  • adapterDeviceID2:
  • adapterDrivers: igdumd64 igd10umd64 igd10umd64 igdumd32 igd10umd32 igd10umd32
  • adapterDrivers2:
  • adapterRAM: Unknown
  • adapterRAM2:
  • adapterVendorID: 0x8086
  • adapterVendorID2:
  • clearTypeParameters: Gamma: 2200 Pixel Structure: RGB ClearType Level: 100 Enhanced Contrast: 50
  • direct2DEnabled: False
  • direct2DEnabledMessage: [u'']
  • directWriteEnabled: False
  • directWriteVersion: 6.2.9200.16571
  • driverDate: 3-26-2012
  • driverDate2:
  • driverVersion: 8.15.10.2712
  • driverVersion2:
  • info: {u'AzureContentBackend': u'none', u'AzureCanvasBackend': u'skia', u'AzureFallbackCanvasBackend': u'cairo', u'AzureSkiaAccelerated': 0}
  • isGPU2Active: False
  • numAcceleratedWindows: 0
  • numAcceleratedWindowsMessage: [u'']
  • numTotalWindows: 2
  • webglRenderer: Google Inc. -- ANGLE (Intel(R) HD Graphics 4000 Direct3D9Ex vs_3_0 ps_3_0)
  • windowLayerManagerRemote: False
  • windowLayerManagerType: Basic

Modified Preferences

  • accessibility.browsewithcaret: True
  • accessibility.typeaheadfind: True
  • accessibility.typeaheadfind.flashBar: 0
  • browser.cache.disk.capacity: 358400
  • browser.cache.disk.smart_size.first_run: False
  • browser.cache.disk.smart_size.use_old_max: False
  • browser.cache.disk.smart_size_cached_value: 358400
  • browser.fixup.alternate.enabled: False
  • browser.link.open_newwindow: 2
  • browser.link.open_newwindow.override.external: 2
  • browser.newtab.url: about:home
  • browser.places.smartBookmarksVersion: 4
  • browser.search.openintab: True
  • browser.search.useDBForOrder: True
  • browser.sessionstore.upgradeBackup.latestBuildID: 20131205075310
  • browser.startup.homepage: about:home
  • browser.startup.homepage_override.buildID: 20131205075310
  • browser.startup.homepage_override.mstone: 26.0
  • browser.tabs.animate: False
  • browser.tabs.closeWindowWithLastTab: False
  • browser.tabs.loadBookmarksInBackground: True
  • browser.tabs.loadInBackground: False
  • browser.tabs.tabClipWidth: 40
  • browser.zoom.siteSpecific: False
  • dom.ipc.plugins.processLaunchTimeoutSecs: 25
  • dom.ipc.plugins.timeoutSecs: 25
  • dom.max_chrome_script_run_time: 30
  • dom.mozApps.used: True
  • extensions.checkCompatibility: True
  • extensions.lastAppVersion: 26.0
  • gfx.3d_video.enabled: False
  • gfx.direct2d.disabled: True
  • gfx.direct3d.last_used_feature_level_idx: 0
  • html5.enable: True
  • layers.acceleration.disabled: True
  • mousewheel.withcontrolkey.action: 3
  • network.cookie.prefsMigrated: True
  • network.http.max-connections-per-server: 2
  • places.database.lastMaintenance: 1388001608
  • places.history.expiration.transient_current_max_pages: 104858
  • plugin.disable_full_page_plugin_for_types: application/pdf
  • plugin.importedState: True
  • plugin.state.npgoogleupdate: 0
  • plugin.state.npmotive: 0
  • plugin.state.npmotiverequest: 0
  • plugin.state.npnokiasuiteenabler: 0
  • plugin.state.nppl: 0
  • plugin.state.nprpplugin: 0
  • plugin.state.npwlpg: 0
  • privacy.clearOnShutdown.cookies: False
  • privacy.clearOnShutdown.downloads: False
  • privacy.clearOnShutdown.formdata: False
  • privacy.clearOnShutdown.history: False
  • privacy.sanitize.migrateFx3Prefs: True
  • privacy.sanitize.promptOnSanitize: False
  • privacy.sanitize.sanitizeOnShutdown: True
  • security.dialog_enable_delay: 0
  • security.disable_button.openCertManager: False
  • security.disable_button.openDeviceManager: False
  • storage.vacuum.last.index: 1
  • storage.vacuum.last.places.sqlite: 1386551001
  • svg.smil.enabled: False
  • webgl.enabled_for_all_sites: False

Misc

  • User JS: No
  • Accessibility: No
John99
  • Top 25 Contributor
  • Moderator
622 solutions 8043 answers

No doubt the first link is genuine and the second is a scam.

Was this helpful to you? 5
Reply
FredMcD
  • Top 25 Contributor

Question owner

When I posted the link, I broke it up to prevent anyone from going there by accident. The FBI part is just part of the address, not to the real web site, I sent a report to the Real FBI via their Internet Crime Complaint Center (IC3)

Was this helpful to you?
Reply
John99
  • Top 25 Contributor
  • Moderator
622 solutions 8043 answers

I tried the domain only v886341 dot com and that itself showed as a link in your post and led to a scam site. In my case displaying my IP Address and the site mentions Europol

As per this report almost identical

Was this helpful to you?
Reply
jscher2000
  • Top 10 Contributor
2368 solutions 20966 answers

Using the Open New Window item on the Windows 7 Task Bar Jump List for the pinned Firefox icon? That's a nice trick. Certainly easier than typing

firefox.exe "about:blank" 

in the search or run box on the Start menu.

If users do not mind losing the rest of the tabs in their previous session, this might be the easiest way to restart.

Was this helpful to you?
Reply
John99
  • Top 25 Contributor
  • Moderator
622 solutions 8043 answers

I reported to Google, a couple of other sites & filed a Bug.

Bug 953147 - Ransomware locks Firefox tab, uses onbeforeunload and catchControlKey

Was this helpful to you?
Reply
FredMcD
  • Top 25 Contributor

Question owner

jscher2000. All they have to do is check their history.

John99. Very nice. BTW, how do I look up a bug report?

Was this helpful to you?
Reply
John99
  • Top 25 Contributor
  • Moderator
622 solutions 8043 answers

Chosen Solution

Preventative Measure

See /questions/981475#answer-516884 downthread

Using the sample site John99 mentioned, I created a script to defang that page and others that use similar techniques. You can add it to your Bookmarks Toolbar for future use in the unfortunate event that you run into one of these pages. 
http://dev.jeffersonscher.com/bookmarklets.html#escape  
Also see explanation and screenshots  /questions/981475#answer-516977 

Advice on what to do if you get this sort of attack. Speaking from looking at the page I got from the now removed link in the Original post.

BTW the site exists still from the link in the OP it is however not showing in Google searches that I tried.


Here is the fix dead simple solution

  • You may want to carefully note the full information in the address bar .
  1. Try to close the tab once only
  2. You will get a popup use the mouse to select the [Leave Page] button but do NOT left click.
  3. Now use the keyboard key [Enter] (or [Return]) after a second or so it should auto repeat hopefully rapidly enough to clear the problem in a few seconds. The rogue tab will then close
  4. It may then be a good idea to clear the rogue site from the History. Use the forget option.
    Remove websites from the Awesome Bar suggestions_clearing-all-items-for-a-single-site

  • Note the rogue site is likely to identify your country and send information appearing to come from your country or a multi country official body. Europol EC3 or FBI for example
  • You may wish to copy and paste the address from the location bar. It may be useful if you wish to report the problem. Should you report this on a site replace all dots with the word dot.
    (for instance v88634.com as v886341(dot)com and s845340.com as s845340(dot)com )

For info a current one I see is

http://europol.europe.eu.id974784510-4458260206.s845340.com/?flow_id=8614&414304=33302/case_id=46449  


The site does

  • Scare people using some information that looks correct and some that is plausible. Impersonating police or similar sites.
  • Appears to lock up the browser
  • Demands and presumably collects money with a 12 hr deadline.
  • Does do some sort of validity check on the cash voucher

What does NOT work

  • Following most of the advice about Malware.
    Because you do not have malware installed on your computer.
  • Resetting or re installing Firefox
    Resetting and reinstall normally leave the session store information alone.

What is not worth trying

  • Reinstalling the Operating System
    That is overkill
  • Blocking the fbi site
    https://www.fbi.gov/ or https://www.fbi.gov/ They are genuine. Firefox may give you a warning, as they have security issues !!
    (A known problem Bug 863517 - https://www.fbi.gov/ has active mixed content (JS and CSS) that are blocked by the mixed content blocker )
    Or the Europol site
  • Using the popups and clicking one at a time. The popup floats over your browser and will disappear with each single click. The file I have takes over 70 clicks.

CARE
Some superficially similar warnings may be from malware that does encrypt your files, or otherwise damages your System

I will mark this as the solution to this problem as it will solve the issue.

Modified by John99

Was this helpful to you? 5
Reply
James
  • Top 25 Contributor
  • Moderator
437 solutions 3159 answers

fredmcd-hotmail, there was no need to add the duplicate information you added in Bug 616853 as the information was already in Bug 953147 for example among other duplicate reports of same or other variations. Keep in mind that whenever somebody posts in a bug the people CC'd essentially get spammed with email reports on these comments and bug changes and this along with the fix it fix it fix it comments in a bug can annoy people (who can fix it) enough to well ignore it and look at other bugs in meantime to spend time on. Comment 30 by Boris Zbarsky (bzbarsky) is a example on the annoyance.

Also note that many of the Mozilla people are on vacation still until January 1st or 2nd or so so do not expect things on this bug to happen as quickly until then earliest.


These locked browser scareware or ransomware sites are not new as some may think as they have been floating around for some months if not (with older variants) for years now since 2009 with them popping up in Canada/USA since 2012 as for example the current RCMP locked browser variation had the real RCMP doing a media advisory back in February. http://www.rcmp-grc.gc.ca/on/news-nouvelles/2013/13-02-18-kitchener-eng.htm

And a older one in July 2012. http://cb.rcmp-grc.gc.ca/ViewPage.action?siteNodeId=50&languageId=1&contentId=26058

A article with a examples gif on ones from 2012. http://www.f-secure.com/en/web/labs_global/removal/removing-ransomware


edit: tried to add a image but it does not show. edit2: ok now it does.

Modified by James

Was this helpful to you?
Reply
John99
  • Top 25 Contributor
  • Moderator
622 solutions 8043 answers

James my observation is that what may be new
or documented less is this specific type that does not actually use anything other than the web page itself.

None of the recent Firefox sumo threads I just posted in seem to offer suitable instructions for this particular variant, neither does my local Europol EC3 advice or the link you posted http://www.f-secure.com/en/web/labs_global/removal/removing-ransomware.

I had seen the original Bug 616853 myself before filing Bug 953147 but thought this differed enough that it may possibly be considered separately. One of our few forum threads on fbi bugs has in the order of 9k hits, that's moderately high for this forum.

Was this helpful to you?
Reply
jscher2000
  • Top 10 Contributor
2368 solutions 20966 answers

Helpful Reply

Using the sample site John99 mentioned, I created a script to defang that page and others that use similar techniques. You can add it to your Bookmarks Toolbar for future use in the unfortunate event that you run into one of these pages.

http://dev.jeffersonscher.com/bookmarklets.html#escape


What the script does:

(1) Set various event handlers to null to deactivate them.

(2) Replace the <head> and <body> of the document to remove whatever was there.

Note: You cannot click the bookmarklet button or use any other Firefox features unless you click the Stay on Page button first.

Modified by jscher2000

Was this helpful to you? 2
Reply
John99
  • Top 25 Contributor
  • Moderator
622 solutions 8043 answers

Thanks Jeff.

I did not check this on IE but it is no problem on Google Chrome as it easily closes.

Also not sure about mobile devices.

Your bookmarklet is probably worth mentioning in the bug I filed. Feel free to comment or modify the bug as applicable.

Was this helpful to you?
Reply
FredMcD
  • Top 25 Contributor

Question owner

The bookmark is a good idea. But when I got locked, nothing worked. Would I or other users be able to get at the bookmark?

Was this helpful to you?
Reply
jscher2000
  • Top 10 Contributor
2368 solutions 20966 answers

Hi fredmcd-hotmail, the method of operation would be to click the bookmark on the Bookmarks Toolbar. Or alternately you could do it from the Bookmarks menu. The script runs without unloading the page, so it shouldn't be blocked. I tested on the page that John99 mentioned. Obviously there could be scripting traps in other pages that I haven't addressed.

Was this helpful to you?
Reply
FredMcD
  • Top 25 Contributor

Question owner

Okay, I wanted to be sure. Thank you.

Was this helpful to you?
Reply
jscher2000
  • Top 10 Contributor
2368 solutions 20966 answers

Here are a couple of screen shots showing what the bookmarklet does, for anyone thinking of installing it.

If you encounter this problem and you do not already have the bookmarklet installed, you should be able to install it by first opening a new tab (Ctrl+t) or new window (Ctrl+n) and going to my bookmarklet page from there. Then go back to the extortion page to clear it out.

If you do not normally display the Bookmarks Toolbar, you can add it to (or move it to) the Bookmarks menu. Hopefully you won't need it very often, or perhaps ever again.

Note: You cannot click the bookmarklet button or use any other Firefox features unless you click the Stay on Page button first.

Modified by jscher2000

Was this helpful to you? 1
Reply
John99
  • Top 25 Contributor
  • Moderator
622 solutions 8043 answers

Jeff

Note my sample blocks use of Ctrl and of the new tab button [+].

However the Firefox Button or Austalis menu options still allow new tabs or windows to be opened.

Was this helpful to you?
Reply
James
  • Top 25 Contributor
  • Moderator
437 solutions 3159 answers

A recent thread about another similar variation at http://alert. adsprotectpolice .net/ in https://support.mozilla.org/en-US/questions/981996


Edit ~J99
And another possibly similar

Modified by John99

Was this helpful to you? 2
Reply
ibrown93 0 solutions 2 answers

So I am having this same problem with my Firefox on my Mac. To start off it seems a bit different from most cases where the pop up is there and wont go away but I can still use the internet instead of it having completely locked it up. Now I was reading things earlier about getting rid of it and the first thing I tried was resetting my firefox. I got to the page, clicked the reset button, it asked if I was sure cause it would delete everything, and I said yes anyway. once I pushed the button, I waited for something to happen, but nothing did. The pages and the scam page stayed up. After this I found this feed and I tried your method but yours of pushing the enter button did not work also. I'm at a loss right now aside from the possibility of just completely trashing the firefox app and downloading it again. Any ideas before I do that?

Was this helpful to you?
Reply
philipp
  • Top 10 Contributor
  • Moderator
2046 solutions 8901 answers

hello ibrown93, try to press Command-Option-K in order to open the web console, and click on the settings icon on the top left. there click on the checkbox next to disable javascript, which should allow you to leave the page immediately...

Was this helpful to you?
Reply
FredMcD
  • Top 25 Contributor

Question owner

Another thing is to force Firefox to close. After, use a link to open FF. That should start the browser with the new page.

Was this helpful to you?
Reply
Ask a question

You must log in to your account to reply to posts. Please start a new question, if you do not have an account yet.