Firefox uncontrollably opens new windows telling me I have malware. This happens after quit and re-open.
I copied and pasted a plain text url from a website into the address bar. I thought it was iconmoon.com that I pasted, but I'm not sure because immediately Firefox started spawning new windows saying that I had malware, and to call a 1-8XXX number. I tried to close the windows, but doing so just spawned more. Trying to quit Firefox using Command+Q also resulted in more spawned windows. I immediately did a Force Quit of Firefox (I'm on an iMac).
When I reopened Firefox, it started spawning windows again. So I did another Force Quit. Each time I open Firefox it immediately starts spawning new windows, all the same as shown in my screenshot.
I managed to do a screen shot before quitting, but I can't upload it from Safari. Here it is: https://www.dropbox.com/s/c7ahlsf6uembl4l/Screen%20Shot%202016-02-17%20at%2011.42.17%20AM.png?dl=0
Please help!!!! I never clicked on anything on the website, nor did I click the OK button in the alert on the popup pages.
Is it possible that I now have malware? I'm wondering what I should do to protect my computer and restore my Firefox.
Thanks,
Dave
edit: malicious number removed (philipp)
Modifié le par philipp
Toutes les réponses (5)
hello dave, do not call this number - this site/popup is caused by something malicious in your configuration. could you go to the firefox menu ≡ > help ? > troubleshooting information, copy the contents of that page and paste them here into a reply on the forum? this might give us a clue what is going on...
Philipp,
Here it is:
Application Basics
Name: Firefox Version: 44.0.2 Build ID: 20160210153822 Update Channel: release User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:44.0) Gecko/20100101 Firefox/44.0 Multiprocess Windows: 0/7 (default: false) Safe Mode: false
Crash Reports for the Last 3 Days
All Crash Reports
Extensions
Name: Buffer for Firefox Version: 2.13.13 Enabled: true ID: firefox@buffer
Name: Disconnect Version: 3.15.3.1-signed Enabled: true ID: 2.0@disconnect.me
Name: Firebug Version: 2.0.14 Enabled: true ID: firebug@software.joehewitt.com
Name: Web Developer Version: 1.2.5.1-signed Enabled: true ID: {c45c406e-ab73-11d8-be73-000a95be3b12}
Name: Adobe Acrobat - Create PDF Version: 1.1 Enabled: false ID: web2pdfextension@web2pdf.adobedotcom
Name: Page Speed Version: 1.12.9.2 Enabled: false ID: {e3f6c2cc-d8db-498c-af6c-499fb211db97}
Name: Pin It button Version: 1.37.9 Enabled: false ID: jid1-YcMV6ngYmQRA2w@jetpack
Name: YSlow Version: 3.1.8.1-signed Enabled: false ID: yslow@yahoo-inc.com
Graphics
Asynchronous Pan/Zoom: none Device ID: 0x68a1 GPU Accelerated Windows: 7/7 OpenGL (OMTC) Supports Hardware H264 Decoding: No; Vendor ID: 0x1002 WebGL Renderer: ATI Technologies Inc. -- ATI Radeon HD 5750 OpenGL Engine windowLayerManagerRemote: true AzureCanvasBackend: skia AzureContentBackend: quartz AzureFallbackCanvasBackend: none AzureSkiaAccelerated: 1
Important Modified Preferences
accessibility.typeaheadfind.flashBar: 0 browser.cache.disk.capacity: 358400 browser.cache.disk.filesystem_reported: 1 browser.cache.disk.hashstats_reported: 1 browser.cache.disk.smart_size_cached_value: 358400 browser.cache.disk.smart_size.first_run: false browser.cache.disk.smart_size.use_old_max: false browser.cache.frecency_experiment: 4 browser.download.importedFromSqlite: true browser.download.manager.closeWhenDone: true browser.download.manager.retention: 0 browser.download.useDownloadDir: false browser.places.smartBookmarksVersion: 7 browser.search.useDBForOrder: true browser.sessionstore.upgradeBackup.latestBuildID: 20160210153822 browser.startup.homepage: http://lds.org/ browser.startup.homepage_override.buildID: 20160210153822 browser.startup.homepage_override.mstone: 44.0.2 browser.tabs.autoHide: true browser.urlbar.suggest.searches: true dom.apps.reset-permissions: true dom.disable_open_during_load: false dom.mozApps.used: true dom.w3c_touch_events.expose: false extensions.lastAppVersion: 44.0.2 font.internaluseonly.changed: false gfx.blacklist.direct2d: 3 gfx.blacklist.layers.direct3d9: 3 gfx.crash-guard.glcontext.appVersion: 44.0.2 gfx.crash-guard.glcontext.deviceID: 0x68a1 gfx.crash-guard.status.glcontext: 2 media.gmp-gmpopenh264.abi: x86_64-gcc3-u-i386-x86_64 media.gmp-gmpopenh264.lastUpdate: 1451639841 media.gmp-gmpopenh264.version: 1.5.3 media.gmp-manager.buildID: 20160210153822 media.gmp-manager.lastCheck: 1455733845 media.youtube-ua.override.to: 43 network.auth.allow-subresource-auth: 2 network.cookie.prefsMigrated: true network.predictor.cleaned-up: true places.database.lastMaintenance: 1455234160 places.history.expiration.transient_current_max_pages: 104858 places.history.expiration.transient_optimal_database_size: 167772160 plugin.disable_full_page_plugin_for_types: application/pdf plugin.importedState: true plugin.state.scorch: 0 print.print_bgcolor: false print.print_bgimages: false print.print_colorspace: print.print_command: print.print_downloadfonts: false print.print_duplex: 0 print.print_evenpages: true print.print_in_color: true print.print_margin_bottom: 0.5 print.print_margin_left: 0.5 print.print_margin_right: 0.5 print.print_margin_top: 0.5 print.print_oddpages: true print.print_orientation: 0 print.print_page_delay: 50 print.print_paper_data: 0 print.print_paper_height: 11.00 print.print_paper_name: print.print_paper_size_type: 1 print.print_paper_size_unit: 0 print.print_paper_width: 8.50 print.print_plex_name: print.print_resolution: 0 print.print_resolution_name: print.print_reversed: false print.print_scaling: 1.00 print.print_shrink_to_fit: true print.print_to_file: false print.print_unwriteable_margin_bottom: 56 print.print_unwriteable_margin_left: 13 print.print_unwriteable_margin_right: 13 print.print_unwriteable_margin_top: 13 privacy.cpd.cookies: false privacy.cpd.downloads: false privacy.cpd.formdata: false privacy.cpd.history: false privacy.cpd.sessions: false privacy.donottrackheader.enabled: true privacy.sanitize.migrateClearSavedPwdsOnExit: true privacy.sanitize.migrateFx3Prefs: true privacy.sanitize.timeSpan: 0 security.enable_java: true security.warn_viewing_mixed: false storage.vacuum.last.index: 1 storage.vacuum.last.places.sqlite: 1455320595
Important Locked Preferences
JavaScript
Incremental GC: true
Accessibility
Activated: false Prevent Accessibility: 0
Library Versions
NSPR Expected minimum version: 4.11 Version in use: 4.11
NSS Expected minimum version: 3.21 Basic ECC Version in use: 3.21 Basic ECC
NSSSMIME Expected minimum version: 3.21 Basic ECC Version in use: 3.21 Basic ECC
NSSSSL Expected minimum version: 3.21 Basic ECC Version in use: 3.21 Basic ECC
NSSUTIL Expected minimum version: 3.21 Version in use: 3.21
Experimental Features
ok, that looks all clean. so i guess the culprit is to be found elsewhere on the system - please run a scan with malwarebytes for mac: https://www.malwarebytes.org/antimalware/mac/
Philipp,
I succeeded at opening Firefox, the expected page asking if I wanted to restore previous session came up and I chose "NO".
Does this mean I am safe to continue using Firefox?
Can a website install anything malicious just by visiting it? (I didn't click on anything, or or install anything).
Thank you for your help!
Dave
Do a malware check with several malware scanning programs on the Windows computer.
Please scan with all programs because each program detects different malware. All these programs have free versions.
Make sure that you update each program to get the latest version of their databases before doing a scan.
- Malwarebytes' Anti-Malware:
http://www.malwarebytes.org/mbam.php - AdwCleaner:
http://www.bleepingcomputer.com/download/adwcleaner/
http://www.softpedia.com/get/Antivirus/Removal-Tools/AdwCleaner.shtml - SuperAntispyware:
http://www.superantispyware.com/ - Microsoft Safety Scanner:
http://www.microsoft.com/security/scanner/en-us/default.aspx - Windows Defender:
http://windows.microsoft.com/en-us/windows/using-defender - Spybot Search & Destroy:
http://www.safer-networking.org/en/index.html - Kasperky Free Security Scan:
http://www.kaspersky.com/security-scan
You can also do a check for a rootkit infection with TDSSKiller.
- Anti-rootkit utility TDSSKiller:
http://support.kaspersky.com/5350?el=88446
See also:
- "Spyware on Windows": http://kb.mozillazine.org/Popups_not_blocked