X
Tocca qui per la versione per piattaforma mobile del sito.

Forum di supporto

Questa discussione è archiviata. Inserire una nuova richiesta se occorre aiuto.

Strange pop-up asking to download JavaScript File

Inserita

I'm using Firefox 47.0 and this is the second time I've been on a normal site (this time was walmart.com) that the screen turns into an ad for Firefox and a pop-up comes up asking me to save the file for "firefox-patch.js" The rest of the pop-up says "javaScript File (609 bytes) from oazeispettegola.net" I have malwarebytes and Norton installed on my computer, and neither scan shows anything. I'm guessing it's not an actual JavaScript installation, so if anyone has experienced this and can help me out, I'd really appreciate it.

I'm using Firefox 47.0 and this is the second time I've been on a normal site (this time was walmart.com) that the screen turns into an ad for Firefox and a pop-up comes up asking me to save the file for "firefox-patch.js" The rest of the pop-up says "javaScript File (609 bytes) from oazeispettegola.net" I have malwarebytes and Norton installed on my computer, and neither scan shows anything. I'm guessing it's not an actual JavaScript installation, so if anyone has experienced this and can help me out, I'd really appreciate it.

Soluzione scelta

It's malware. Unfortunately, once you release an image into the world, it can be used for evil (in violation of trademark law, but obviously they don't care).

If you downloaded that .js file:

Do not open it, it uses a Windows administrative script tool to install malware.

When you are using the downloads panel (the one attached to the toolbar button), be careful not to click anything as that may run it. Instead, right-click it and choose Open Containing Folder. That will launch a file window with the unwanted download highlighted, and then you can press the Delete key to send it to the Windows Recycle Bin.

If the download has already disappeared from the panel, the same mouse action works in the full download list (Ctrl+j or "Show All Downloads").

Leggere questa risposta nel contesto 1

Dettagli aggiuntivi sul sistema

Plugin installati

  • Adobe PDF Plug-In For Firefox and Netscape 11.0.13
  • Coupons, Inc. Coupon Printer 5.0.2.8
  • NPRuntime Script Plug-in Library for Java(TM) Deploy
  • Next Generation Java Plug-in 11.91.2 for Mozilla browsers
  • A component of your photo software powered by RocketLife
  • Shockwave Flash 22.0 r0
  • 5.1.50428.0
  • iTunes Detector Plug-in

Applicazione

  • Firefox 47.0
  • User Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:47.0) Gecko/20100101 Firefox/47.0
  • URL per il supporto: https://support.mozilla.org/1/firefox/47.0/WINNT/en-US/

Estensioni

  • Firefox Hello 1.3.2 (loop@mozilla.org)
  • Multi-process staged rollout 1.0 (e10srollout@mozilla.org)
  • Pocket 1.0.2 (firefox@getpocket.com)
  • YesScript 2.1.1-signed.1-signed (yesscript@userstyles.org)
  • Norton Identity Safe 2016.7.0.62 ({C1A2A613-35F1-4FCF-B27F-2840527B6556}) (Inattiva)

Javascript

  • incrementalGCEnabled: True

Grafica

  • adapterDescription: AMD Radeon(TM) R7 Graphics
  • adapterDescription2:
  • adapterDeviceID: 0x1313
  • adapterDeviceID2:
  • adapterDrivers: aticfx64 aticfx64 aticfx64 amdxc64 aticfx32 aticfx32 aticfx32 amdxc32 atiumd64 atidxx64 atidxx64 atiumdag atidxx32 atidxx32 atiumdva atiumd6a atitmm64
  • adapterDrivers2:
  • adapterRAM: 1024
  • adapterRAM2:
  • adapterSubsysID: 36a017aa
  • adapterSubsysID2:
  • adapterVendorID: 0x1002
  • adapterVendorID2:
  • direct2DEnabled: True
  • directWriteEnabled: True
  • directWriteVersion: 10.0.10586.494
  • driverDate: 11-29-2015
  • driverDate2:
  • driverVersion: 15.300.1025.1001
  • driverVersion2:
  • info: {u'AzureCanvasAccelerated': 0, u'AzureCanvasBackend': u'direct2d 1.1', u'AzureFallbackCanvasBackend': u'cairo', u'AzureContentBackend': u'direct2d 1.1'}
  • isGPU2Active: False
  • numAcceleratedWindows: 1
  • numTotalWindows: 1
  • supportsHardwareH264: Yes
  • webglRenderer: Google Inc. -- ANGLE (AMD Radeon(TM) R7 Graphics Direct3D11 vs_5_0 ps_5_0)
  • windowLayerManagerRemote: True
  • windowLayerManagerType: Direct3D 11

Preferenze modificate

Varie

  • User JS: No
  • Accessibilità: No
FredMcD
  • Top 10 Contributor
4396 soluzioni 61654 risposte

Risposta utile

. Whenever you get a message / popup that software / files need to be updated;

DO NOT USE ANY OF THE PROVIDED LINKS

While this may be a legitimate message, it could also be Malware or a Virus. Any time you want or need to check for upgrades, go to the website of the True Owner of the program in question. For example, to check out Firefox, go to https://www.mozilla.org {web link}

You can report such a site at; Google Report Phishing Page {web link} which is the same when done while on site by going to Help > Report Web Forgery

Help us safeguard Mozilla’s trademarks by reporting misuse {web link}

. '''Whenever you get a message / popup that''' '''software / files need to be updated;''' <u>'''DO NOT USE ANY OF'''</u> <u>'''THE PROVIDED LINKS'''</u> While this may be a legitimate message, it could also be <u>'''Malware or a Virus'''</u>. Any time you want or need to check for upgrades, go to the website of the <u>'''True Owner'''</u> of the program in question. For example, to check out Firefox, go to '''https://www.mozilla.org''' {web link} You can report such a site at; '''[http://www.google.com/safebrowsing/report_phish/ Google Report Phishing Page]''' {web link} which is the same when done while on site by going to '''Help > Report Web Forgery''' '''[http://www.mozilla.org/en-US/legal/fraud-report/ Help us safeguard Mozilla’s trademarks by reporting misuse]''' {web link}
jscher2000
  • Top 10 Contributor
8958 soluzioni 73399 risposte

Soluzione scelta

It's malware. Unfortunately, once you release an image into the world, it can be used for evil (in violation of trademark law, but obviously they don't care).

If you downloaded that .js file:

Do not open it, it uses a Windows administrative script tool to install malware.

When you are using the downloads panel (the one attached to the toolbar button), be careful not to click anything as that may run it. Instead, right-click it and choose Open Containing Folder. That will launch a file window with the unwanted download highlighted, and then you can press the Delete key to send it to the Windows Recycle Bin.

If the download has already disappeared from the panel, the same mouse action works in the full download list (Ctrl+j or "Show All Downloads").

It's malware. Unfortunately, once you release an image into the world, it can be used for evil (in violation of trademark law, but obviously they don't care). '''If you downloaded that .js file:''' Do not open it, it uses a Windows administrative script tool to install malware. When you are using the downloads panel (the one attached to the toolbar button), be careful not to click anything as that may run it. Instead, right-click it and choose Open Containing Folder. That will launch a file window with the unwanted download highlighted, and then you can press the Delete key to send it to the Windows Recycle Bin. If the download has already disappeared from the panel, the same mouse action works in the full download list (Ctrl+j or "Show All Downloads").
jscher2000
  • Top 10 Contributor
8958 soluzioni 73399 risposte

Risposta utile

If you ran the file, most likely Malwarebytes or Symantec's Kovter tool can clean it:

If you ran the file, most likely Malwarebytes or Symantec's Kovter tool can clean it: * https://www.malwarebytes.com/mwb-download/ * https://www.symantec.com/security_response/writeup.jsp?docid=2015-092321-2230-99 (here spelled Kotver)

Utente che ha posto la domanda

Thanks guys! I thankfully didn't download anything, I just hit cancel instead of 'save file.' So is it just a random malware ad, or is it a sign that my computer is infected? Nothing else seems to indicate anything is wrong with the PC

Thanks guys! I thankfully didn't download anything, I just hit cancel instead of 'save file.' So is it just a random malware ad, or is it a sign that my computer is infected? Nothing else seems to indicate anything is wrong with the PC
jscher2000
  • Top 10 Contributor
8958 soluzioni 73399 risposte

It's not you, it's the internet. Some ad blockers (or more specifically, some ad blocker filter sets) are preventing users from seeing these fake update pages, but other users may see them numerous times on particular sites.

It's not you, it's the internet. Some ad blockers (or more specifically, some ad blocker filter sets) are preventing users from seeing these fake update pages, but other users may see them numerous times on particular sites.

Utente che ha posto la domanda

Oh I see. Thanks so much!

Oh I see. Thanks so much!
jlzibell 1 soluzioni 28 risposte

I keep getting this page also. I've never downloaded anything from it. Is there any way to prevent this appearing? All I've been able to do is close the browser so I've lost where I was.

I keep getting this page also. I've never downloaded anything from it. Is there any way to prevent this appearing? All I've been able to do is close the browser so I've lost where I was.
the-edmeister
  • Top 25 Contributor
  • Moderator
5433 soluzioni 40564 risposte

This blocks that garbage for me: https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/

But using the Back button has worked for me when I was testing a version of Firefox that didn't use uBlock Origin - it allowed to go "back" to the page that sent me to the page with that garbage.

This blocks that garbage for me: https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/ But using the '''Back''' button has worked for me when I was testing a version of Firefox that didn't use uBlock Origin - it allowed to go "back" to the page that sent me to the page with that garbage.
jlzibell 1 soluzioni 28 risposte

Thanks for the link and information. I've tried the back button but it hasn't worked for me. I'll try the ad on.

Thanks for the link and information. I've tried the back button but it hasn't worked for me. I'll try the ad on.
the-edmeister
  • Top 25 Contributor
  • Moderator
5433 soluzioni 40564 risposte

Maybe the .js variation of that exploit doesn't "go back", I forgot to mention that my experimentation happened before we started hearing about the .js file being "offered".

Maybe the '''.js''' variation of that exploit doesn't "go back", I forgot to mention that my experimentation happened before we started hearing about the '''.js''' file being "offered".
jscher2000
  • Top 10 Contributor
8958 soluzioni 73399 risposte

Sometimes using Back triggers a new load of the page you just left. In that case, it often helps to right-click the Back button and go further back in history.

Sometimes using Back triggers a new load of the page you just left. In that case, it often helps to right-click the Back button and go further back in history.