Mozilla Support में खोजें

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Weird malware affecting FF on Linux

  • कोई प्रतियुत्तर नहीं
  • 0 यह समस्या है
more options

Hi

My GF just rung up, she is running FF 128.0 (64-bit) from Ubuntu snap on Ubuntu Linux 22.04.4 LTS (which I set up for her and use myself)

She complained that whenever she starts up FF she gets a display about "MS Windows Defender" and ringing some allegedly Microsoft number together with a recorded message over and over.

I logged into her machine remotely using the SSH connection I've set up (Fiewalled so only I can do it), killed FF and she tried it again with the same result.

I told her go go onto Chrome for now, which she did without incident. On no account should she ring the number, which is obviously that of a scammer, although they would be confused by a Linux system.

In the meantime I had a look round the files on her machine. I couldn't find anything in particular, but I wasn't very sure where to look.

I tried deleting the contents of .cache/mozilla/firefox/0e35ujgr.default/startupCache and that enabled her to use FF again but I notice it got repopulated, seemingly with stuff relevant to Windows - however I see that exists on my system.

She almost exclusively uses Facebook on the system, I wonder if it is malware from a FB ad?

Has anyone got any idea about what this malware is, where it came from and what files I should remove from her system if it happens again.

Hi My GF just rung up, she is running FF 128.0 (64-bit) from Ubuntu snap on Ubuntu Linux 22.04.4 LTS (which I set up for her and use myself) She complained that whenever she starts up FF she gets a display about "MS Windows Defender" and ringing some allegedly Microsoft number together with a recorded message over and over. I logged into her machine remotely using the SSH connection I've set up (Fiewalled so only I can do it), killed FF and she tried it again with the same result. I told her go go onto Chrome for now, which she did without incident. On no account should she ring the number, which is obviously that of a scammer, although they would be confused by a Linux system. In the meantime I had a look round the files on her machine. I couldn't find anything in particular, but I wasn't very sure where to look. I tried deleting the contents of .cache/mozilla/firefox/0e35ujgr.default/startupCache and that enabled her to use FF again but I notice it got repopulated, seemingly with stuff relevant to Windows - however I see that exists on my system. She almost exclusively uses Facebook on the system, I wonder if it is malware from a FB ad? Has anyone got any idea about what this malware is, where it came from and what files I should remove from her system if it happens again.

You must log in to your account to reply to posts. Please start a new question, if you do not have an account yet.