X
Tap here to go to the mobile version of the site.

Fóram Tacaíochta

Cuireadh an snáithe seo sa chartlann. Cuir ceist nua má tá cabhair uait.

Fake Adobe PDF addon installs with FF updates

Postáilte

Every time FF updates, upon restarting I have a page (URL: https://addonbrowser.com/open-with-adobe-pdf?v=1.2.3&type=install) which looks as if Adobe PDF Reader would be installed. It is trojan malware.

An American female voice invites me to call a phone number to have adware virus removed.

"http://www.ddinbb.ml is requesting your username and password. The site says: “MAC OS is infected with Viruses and other malicious applications. It is necessary to Call Apple Support 0800-404-8452. Viruses must be removed and sys…”"

I have to kill FF and restart again to shut it up.

How can I prevent this page from opening up after every update?

Every time FF updates, upon restarting I have a page (URL: https://addonbrowser.com/open-with-adobe-pdf?v=1.2.3&type=install) which looks as if Adobe PDF Reader would be installed. It is trojan malware. An American female voice invites me to call a phone number to have adware virus removed. "http://www.ddinbb.ml is requesting your username and password. The site says: “MAC OS is infected with Viruses and other malicious applications. It is necessary to Call Apple Support 0800-404-8452. Viruses must be removed and sys…”" I have to kill FF and restart again to shut it up. How can I prevent this page from opening up after every update?

Tuilleadh mionsonraí faoin chóras

Feidhmchlár

  • User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.1 Safari/605.1.15

Tuilleadh Eolais

philipp
  • Top 25 Contributor
  • Moderator
5324 réiteach 23508 freagra

hi, when you enter about:config into the firefox address bar (confirm the info message in case it shows up) & search for the preference named startup.homepage_override_url to check if it has the offending website in it. if so, just right-click and reset this entry to its default value.

hi, when you enter '''about:config''' into the firefox address bar (confirm the info message in case it shows up) & search for the preference named '''startup.homepage_override_url''' to check if it has the offending website in it. if so, just right-click and reset this entry to its default value.

Úinéir na ceiste

Thank you for the suggestion. The preference you refer to has no value (i.e. blank). I searched for "ddinbb" as well but it found nothing :(

Thank you for the suggestion. The preference you refer to has no value (i.e. blank). I searched for "ddinbb" as well but it found nothing :(
James
  • Top 25 Contributor
  • Moderator
1602 réiteach 11343 freagra

Freagra Cabhrach

What Extensions do you have installed as no version of desktop Firefox internal updates or downloads from mozilla.org have ever come with this.

What Extensions do you have installed as no version of desktop Firefox internal updates or downloads from mozilla.org have ever come with this.

Úinéir na ceiste

Good question... and thank you.

I have just found Add-ons Manager and listed there is an extension called Open with Adobe PDF Reader 1.2.3 and a homepage of https://addonbrowser.com/open-with-adobe-pdf

To my untrained eye it looks suspect. Have just Googled and found there's a virus called Browser.addon I've run Malwarebytes before and its come up clean. Will deleting the extension get shot of this damn thing?

Good question... and thank you. I have just found Add-ons Manager and listed there is an extension called Open with Adobe PDF Reader 1.2.3 and a homepage of https://addonbrowser.com/open-with-adobe-pdf To my untrained eye it looks suspect. Have just Googled and found there's a virus called Browser.addon I've run Malwarebytes before and its come up clean. Will deleting the extension get shot of this damn thing?
James
  • Top 25 Contributor
  • Moderator
1602 réiteach 11343 freagra

Uninstalling the extension will be a good start.

Addons.mozilla.org is the place to get Extensions. Check the reviews and what the support/homepage listing is before installing.

Normally extensions hosted at AMO are safe but some can get get through review to public.

The addonbrowser .com now mybrowseraddon .com seems to post extensions from AMO as their own.

A number from that site seemed to have been hosted on addons.mozilla.org but were removed after discovery of this malware or being a (modified) repost of a original extension hosted at AMO.


A extension under a similar name had a coin miner and was blocked months ago.

Coinminer malware in "Open with Adobe PDF Reader" extension https://bugzilla.mozilla.org/show_bug.cgi?id=1426582

Uninstalling the extension will be a good start. Addons.mozilla.org is the place to get Extensions. Check the reviews and what the support/homepage listing is before installing. Normally extensions hosted at AMO are safe but some can get get through review to public. The addonbrowser .com now mybrowseraddon .com seems to post extensions from AMO as their own. A number from that site seemed to have been hosted on addons.mozilla.org but were removed after discovery of this malware or being a (modified) repost of a original extension hosted at AMO. A extension under a similar name had a coin miner and was blocked months ago. Coinminer malware in "Open with Adobe PDF Reader" extension https://bugzilla.mozilla.org/show_bug.cgi?id=1426582

Athraithe ag James ar

Úinéir na ceiste

Thanks yet again. Should I be worried that "Normally extensions hosted at AMO are safe but some can get get through review to public" ... sounds a little unsafe. That said, if one has installed the pukka Adobe Reader then I assume no extension is needed? Apologies, I'm showing my ignorance.

Thanks yet again. Should I be worried that "Normally extensions hosted at AMO are safe but some can get get through review to public" ... sounds a little unsafe. That said, if one has installed the pukka Adobe Reader then I assume no extension is needed? Apologies, I'm showing my ignorance.
WestEnd 60 réiteach 5387 freagra

Just look at the reviews or do a review search on the addons and that should give you more info about it.

Just look at the reviews or do a review search on the addons and that should give you more info about it.
jscher2000
  • Top 10 Contributor
8793 réiteach 71936 freagra

Extensions should never appear mysteriously without explanation, and everything you see listed on the Extensions panel of the Add-ons page is your choice to keep or toss, and your responsibility to manage. Don't let unknown software run on your system.

Most "open with" extensions are designed to connect links automatically to external programs so you don't need to interact with the download dialog. You don't need them, and they require installing non-reviewed external applications, so they are less safe than fully self-contained extensions.

Extensions should never appear mysteriously without explanation, and everything you see listed on the Extensions panel of the Add-ons page is your choice to keep or toss, and your responsibility to manage. Don't let unknown software run on your system. Most "open with" extensions are designed to connect links automatically to external programs so you don't need to interact with the download dialog. You don't need them, and they require installing non-reviewed external applications, so they are less safe than fully self-contained extensions.