Phishing With Firefox
I am constantly getting a web page that opens telling me to upgrade Firefox to V 17.2, which I don't even think exists. The URL is http://freshbrowserupdate.com/. Obviously this is some sort of phishing scam. Why hasn't Mozilla stopped this (at the very least they are using their trademark without permission). And how are they able to pirate the browser to go to this page?
All Replies (16)
Sometimes a problem with Firefox may be a result of malware installed on your computer, that you may not be aware of.
You can try some of the following programs to scan for malware:
- MalwareBytes' Anti-Malware
- TDSSKiller - AntiRootkit Utility
- Microsoft Security Essentials (A good permanent anti-virus if you don't already have one)
Further information can be found in the Troubleshoot Firefox issues caused by malware article.
Did this fix your problems? Please report back to us!
I have Norton Security Suite and Windows Defender running. I think they would block any download, but maybe not whatever is putting up the page. This has been going on for awhile. It would seem like Mozilla would want to take some action.
thanks for reporting, i've filed a fraud/trademark-violation report for this site with mozilla & reported a web forgery with google's anti-malware-list which is also used as safe-browsing-filter in firefox.
& just to be sure - when you go to firefox > help > troubleshooting information, what kind of extensions are listed there? because when the site is opening repeatedly without any interaction by you this sounds indead like some malware that is active on your computer. maybe also try a scan with the other tools Jan has already recommended in addition.
This is something we are currently actively investigating, so I'd be interested if you can give me the following info:
- When do you get this website appearing? Does it only show up when you do certain steps, or does it just show up randomly?
- Can you please go to about:support in your Firefox address bar, and copy and paste the info there into this thread?
- If you run malwarebytes, does it remove anything, and does this website still appear after running malwarebytes?
The only extensions are ones I'm familiar with.
It appears to be random. It just suddenly appears as a new tab. It often automatically tries to initiate a download (there's a standard pop-up permission message that comes up).
17.0 (I've done a select all and copy and that's all the gets copied to clipboard)
When the page first appeared I was using V16 and the pitch was to update to some other V16.X. Since I've updated to 17.0, it now asks me to update to 17.X, so it's obviously reading the version of the browser.
I don't have Malwarebytes. Just Norton Security Suite and Windows Defender.
Do the following please:
on about:support please click the "copy text to clipboard" then paste the information here.
Install malwarebytes from http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html, update it, and run a full scan.
There is nothing labelled "support" on the About Mozillla Firefox page. Just the version number (17.0), that it's up to date and that I'm on the release channel.
I'm a little leery about downloading other "protection" software. Shouldn't Norton be flagging this?
I didn't say the about Firefox Dialog, I said to type about:support into your address bar, and press Enter. That will give you a different page.
No, honestly Norton is a pretty poor anti-virus. Malwarebytes isn't anti-virus, but is a malware scanner that will remove alot of nasties that Norton never even sees.
Reset Firefox to its default state
If you're having major problems which you can't resolve, start fresh with only your essential information.
Troubleshooting Information
This page contains technical information that might be useful when you're trying to solve a problem. If you are looking for answers to common questions about Firefox, check out our support website.
Application Basics
Name
Firefox
Version
17.0
User Agent
Mozilla/5.0 (Windows NT 6.1; rv:17.0) Gecko/17.0 Firefox/17.0
Profile Folder
Enabled Plugins
about:plugins
Build Configuration
about:buildconfig
Crash Reports
about:crashes
Memory Use
about:memory
Extensions
Name Version Enabled ID LogMeIn, Inc. Remote Access Plugin1.0.0.972trueLogMeInClient@logmein.comWebSlingPlayer1.5.12.732true{9EB34849-81D3-4841-939D-666D522B889A}Yahoo! Toolbar2.5.1.20121012015120true{635abd67-4fe9-1b23-4f01-e679fa7484c1}HP Smart Web Printing4.60falsesmartwebprinting@hp.comKeynote Connector Extension17.0.28.0falsefirefoxextensions@keynote.comMicrosoft .NET Framework Assistant1.2.1false{20a82645-c095-46ed-80e3-08825760534b}Norton Toolbar2011.7.13.2false{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}Symantec Intrusion Prevention11.1.1.5 - 3false{BBDA0591-3099-440a-AA10-41764D9DB4DB}
Important Modified Preferences
Name
Value
accessibility.typeaheadfindtrueaccessibility.typeaheadfind.casesensitive1accessibility.typeaheadfind.flashBar0browser.cache.disk.capacity358400browser.cache.disk.smart_size.first_runfalsebrowser.cache.disk.smart_size.use_old_maxfalsebrowser.cache.disk.smart_size_cached_value358400browser.display.background_color#C0C0C0browser.display.use_system_colorstruebrowser.history_expire_days.mirror180browser.places.importBookmarksHTMLfalsebrowser.places.importDefaultsfalsebrowser.places.leftPaneFolderId-1browser.places.migratePostDataAnnotationsfalsebrowser.places.smartBookmarksVersion4browser.places.updateRecentTagsUrifalsebrowser.search.suggest.enabledfalsebrowser.search.useDBForOrdertruebrowser.startup.homepagehttp://mypoints-startpage.aol.com/?mtmhp=emlblstusaolp00000008browser.startup.homepage_override.buildID20121119183901browser.startup.homepage_override.mstone17.0dom.max_script_run_time1800extensions.lastAppVersion17.0font.size.fixed.x-western16general.useragent.extra.microsoftdotnet( .NET CLR 3.5.30729; .NET4.0C)network.cookie.prefsMigratedtrueplaces.database.lastMaintenance1353683766places.history.expiration.transient_current_max_pages78666places.history.expiration.transient_optimal_database_size125865328places.last_vacuum1298946165print.print_printerHP Photosmart C7100 seriesprint.printer_Adobe_PDF.print_bgcolorfalseprint.printer_Adobe_PDF.print_bgimagesfalseprint.printer_Adobe_PDF.print_commandprint.printer_Adobe_PDF.print_downloadfontsfalseprint.printer_Adobe_PDF.print_edge_bottom0print.printer_Adobe_PDF.print_edge_left0print.printer_Adobe_PDF.print_edge_right0print.printer_Adobe_PDF.print_edge_top0print.printer_Adobe_PDF.print_evenpagestrueprint.printer_Adobe_PDF.print_footercenterprint.printer_Adobe_PDF.print_footerleft&PTprint.printer_Adobe_PDF.print_footerright&Dprint.printer_Adobe_PDF.print_headercenterprint.printer_Adobe_PDF.print_headerleft&Tprint.printer_Adobe_PDF.print_headerright&Uprint.printer_Adobe_PDF.print_in_colortrueprint.printer_Adobe_PDF.print_margin_bottom0.5print.printer_Adobe_PDF.print_margin_left0.5print.printer_Adobe_PDF.print_margin_right0.5print.printer_Adobe_PDF.print_margin_top0.5print.printer_Adobe_PDF.print_oddpagestrueprint.printer_Adobe_PDF.print_orientation0print.printer_Adobe_PDF.print_pagedelay500print.printer_Adobe_PDF.print_paper_data1print.printer_Adobe_PDF.print_paper_height 11.00print.printer_Adobe_PDF.print_paper_size_type0print.printer_Adobe_PDF.print_paper_size_unit0print.printer_Adobe_PDF.print_paper_width 8.50print.printer_Adobe_PDF.print_reversedfalseprint.printer_Adobe_PDF.print_scaling 1.00print.printer_Adobe_PDF.print_shrink_to_fittrueprint.printer_Adobe_PDF.print_to_filefalseprint.printer_Adobe_PDF.print_unwriteable_margin_bottom0print.printer_Adobe_PDF.print_unwriteable_margin_left0print.printer_Adobe_PDF.print_unwriteable_margin_right0print.printer_Adobe_PDF.print_unwriteable_margin_top0print.printer_HP_Photosmart_C7100_series.print_bgcolortrueprint.printer_HP_Photosmart_C7100_series.print_bgimagestrueprint.printer_HP_Photosmart_C7100_series.print_commandprint.printer_HP_Photosmart_C7100_series.print_downloadfontsfalseprint.printer_HP_Photosmart_C7100_series.print_edge_bottom0print.printer_HP_Photosmart_C7100_series.print_edge_left0print.printer_HP_Photosmart_C7100_series.print_edge_right0print.printer_HP_Photosmart_C7100_series.print_edge_top0print.printer_HP_Photosmart_C7100_series.print_evenpagestrueprint.printer_HP_Photosmart_C7100_series.print_footercenterprint.printer_HP_Photosmart_C7100_series.print_footerleft&PTprint.printer_HP_Photosmart_C7100_series.print_footerright&Dprint.printer_HP_Photosmart_C7100_series.print_headercenterprint.printer_HP_Photosmart_C7100_series.print_headerleft&Tprint.printer_HP_Photosmart_C7100_series.print_headerright&Uprint.printer_HP_Photosmart_C7100_series.print_in_colortrueprint.printer_HP_Photosmart_C7100_series.print_margin_bottom0.5print.printer_HP_Photosmart_C7100_series.print_margin_left0.5print.printer_HP_Photosmart_C7100_series.print_margin_right0.5print.printer_HP_Photosmart_C7100_series.print_margin_top0.5print.printer_HP_Photosmart_C7100_series.print_oddpagestrueprint.printer_HP_Photosmart_C7100_series.print_orientation0print.printer_HP_Photosmart_C7100_series.print_page_delay50print.printer_HP_Photosmart_C7100_series.print_pagedelay500print.printer_HP_Photosmart_C7100_series.print_paper_data1print.printer_HP_Photosmart_C7100_series.print_paper_height 11.00print.printer_HP_Photosmart_C7100_series.print_paper_size_type0print.printer_HP_Photosmart_C7100_series.print_paper_size_unit0print.printer_HP_Photosmart_C7100_series.print_paper_width 8.50print.printer_HP_Photosmart_C7100_series.print_reversedfalseprint.printer_HP_Photosmart_C7100_series.print_scaling 0.60print.printer_HP_Photosmart_C7100_series.print_shrink_to_fitfalseprint.printer_HP_Photosmart_C7100_series.print_to_filefalseprint.printer_HP_Photosmart_C7100_series.print_unwriteable_margin_bottom0print.printer_HP_Photosmart_C7100_series.print_unwriteable_margin_left0print.printer_HP_Photosmart_C7100_series.print_unwriteable_margin_right0print.printer_HP_Photosmart_C7100_series.print_unwriteable_margin_top0privacy.item.cachetrueprivacy.item.downloadsfalseprivacy.item.formdatafalseprivacy.item.historyfalseprivacy.item.passwordsfalseprivacy.sanitize.migrateFx3Prefstrueprivacy.sanitize.promptOnSanitizefalseprivacy.sanitize.timeSpan4security.enable_ssl2truesecurity.enable_tlsfalsesecurity.warn_viewing_mixedfalse
Graphics
Adapter DescriptionMobile Intel(R) 4 Series Express Chipset FamilyVendor ID0x8086Device ID0x2a42Adapter RAMUnknownAdapter Driversigdumdx32 igd10umd32Driver Version8.15.10.2302Driver Date2-11-2011Direct2D EnabledtrueDirectWrite Enabledtrue (6.1.7601.17789)ClearType ParametersGamma: 2200 Pixel Structure: RGB ClearType Level: 100 Enhanced Contrast: 100 WebGL RendererGoogle Inc. -- ANGLE (Mobile Intel(R) 4 Series Express Chipset Family) -- OpenGL ES 2.0 (ANGLE 1.0.0.1242)GPU Accelerated Windows1/1 Direct3D 10
AzureCanvasBackenddirect2dAzureFallbackCanvasBackendcairoAzureContentBackenddirect2d
JavaScript
Incremental GC
1
Accessibility
Activated
1 Prevent Accessibility
0
Library Versions
Expected minimum versionVersion in useNSPR4.9.24.9.2NSS3.13.6.0 Basic ECC3.13.6.0 Basic ECCNSS Util3.13.6.03.13.6.0NSS SSL3.13.6.0 Basic ECC3.13.6.0 Basic ECCNSS S/MIME3.13.6.0 Basic ECC3.13.6.0 Basic ECC
Note that you also can access the about:support page via Help > Troubleshooting Information
I have also been having issues with this. It happens when I am in a program and click on something to go to another screen on that website. I also have been having issues with a screen stating I am the lucky winner of something.... This also appears when I'm in a program like a Facebook game and am going to a different screen in the game...but not only in Facebook.
Here is the info from about:support:
Application Basics
Name Firefox
Version 16.0.2
User Agent Mozilla/5.0 (Windows NT 5.1; rv:16.0) Gecko/20100101 Firefox/16.0
Profile Folder
Show Folder
Enabled Plugins
about:plugins
Build Configuration
about:buildconfig
Crash Reports
about:crashes
Memory Use
about:memory
Extensions
Name
Version
Enabled
ID
Advanced SystemCare Surfing Protection 1.0 true ascsurfingprotection@iobit.com
AniWeather 0.8.36 true {4176DFF4-4698-11DE-BEEB-45DA55D89593}
Easy YouTube Video Downloader 6.5 true {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
LastPass 2.0.0 true support@lastpass.com
Memonic Web Clipper 1.2.1 true {D0AD45D6-8518-11DF-8AD2-3F67DFD72085}
Personas 1.6.2 true personas@christopher.beard
Personas Rotator 6.3 true {6e73f6b7-b9ab-44b8-b744-6393e3c2e351}
Quick Maps 1.9.0 true map@quickmaps.me
Zynga Community Toolbar 3.16.0.3 true {7b13ec3e-999a-4b70-b9cb-2617b8323822}
McAfee ScriptScan for Firefox 14.4.1 false {D19CA586-DD6C-4a0a-96F8-14644F340D60}
McAfee SiteAdvisor 3.4.0 false {4ED1F68A-5463-4931-9384-8FFF5ED91D92}
Microsoft .NET Framework Assistant 0.0.0 false {20a82645-c095-46ed-80e3-08825760534b}
RealPlayer Browser Record Plugin 15.0.5 false {C3949AC2-4B17-43ee-B4F1-D26B9D42404D}
Important Modified Preferences
Name
Value
accessibility.browsewithcaret true
accessibility.typeaheadfind.flashBar 0
browser.cache.disk.capacity 1048576
browser.cache.disk.smart_size.first_run false
browser.cache.disk.smart_size_cached_value 911360
browser.cache.memory.capacity 65536
browser.display.show_image_placeholders true
browser.places.smartBookmarksVersion 4
browser.startup.homepage http://my.yahoo.com/;_ylt=AmLCw3gYYXKr2z570Dtbq_J5b6U5;_ylu=X3oDMTBwOWc4bWhoBHNlYwNVSCBOZXR3b3JrIE5hdmlnYXRpb24-;_ylg=X3…
browser.startup.homepage_override.buildID 20121024073032
browser.startup.homepage_override.mstone 16.0.2
extensions.lastAppVersion 16.0.2
network.cookie.prefsMigrated true
network.http.max-connections 48
network.http.max-connections-per-server 16
network.http.max-persistent-connections-per-proxy 16
network.http.max-persistent-connections-per-server 8
network.http.pipelining.maxrequests 8
network.http.request.max-start-delay 0
places.database.lastMaintenance 1353912944
places.history.expiration.transient_current_max_pages 80480
plugin.expose_full_path true
privacy.sanitize.migrateFx3Prefs true
security.warn_viewing_mixed false
Graphics
Adapter Description ATI Mobility Radeon X1400
Vendor ID 0x1002
Device ID 0x7145
Adapter RAM Unknown
Adapter Drivers ati2dvag
Driver Version 8.512.0.0
Driver Date 7-3-2008
WebGL Renderer Blocked for your graphics driver version. Try updating your graphics driver to version 10.6 or newer.
GPU Accelerated Windows 0. Blocked for your graphics driver version. Try updating your graphics driver to version 10.6 or newer.
JavaScript
Incremental GC 1
Accessibility
Activated 0
Prevent Accessibility 0
Library Versions
Expected minimum version
Version in use
NSPR 4.9.2 4.9.2
NSS 3.13.6.0 Basic ECC 3.13.6.0 Basic ECC
NSS Util 3.13.6.0 3.13.6.0
NSS SSL 3.13.6.0 Basic ECC 3.13.6.0 Basic ECC
NSS S/MIME 3.13.6.0 Basic ECC 3.13.6.0 Basic ECC
I currently use McAfee for anti-virus and both Advanced System Care and Super Anti-Spyware. I scan several times a day and this has not been caught. I will try the one you suggested and let you know if if happens again.
Modified
Try to disable any suspicious extensions that add toolbars in Firefox.
You can create a new profile as a test to check if your current profile is causing the problems.
See "Creating a profile":
- https://support.mozilla.org/kb/profile-manager-create-and-remove-firefox-profiles
- http://kb.mozillazine.org/Standard_diagnostic_-_Firefox#Profile_issues
If the new profile works then you can transfer some files from the old profile to that new profile, but be careful not to copy corrupted files.
Do a malware check with some malware scanning programs on the Windows computer.
You need to scan with all programs because each program detects different malware.
Make sure that you update each program to get the latest version of their databases before doing a scan.
- http://www.malwarebytes.org/mbam.php - Malwarebytes' Anti-Malware
- http://www.superantispyware.com/ - SuperAntispyware
- http://www.microsoft.com/security/scanner/en-us/default.aspx - Microsoft Safety Scanner
- http://www.microsoft.com/windows/products/winfamily/defender/default.mspx - Windows Defender: Home Page
- http://www.safer-networking.org/en/index.html - Spybot Search & Destroy
You can also do a check for a rootkit infection with TDSSKiller.
See also:
- "Spyware on Windows": http://kb.mozillazine.org/Popups_not_blocked
I ran Malwarebytes for over two hours. Sometime after that it crashed my computer. When I rebooted and restarted it there was nothing in the Quarantine, so I'm assuming it found nothing.
My scan was about 2 hours also. Then it required a be-boot (a couple of times LOL). It found 8 PUPS mostly mwebsearch and funmoods. I know I've removed both of them multiple times. Then I ran Advanced SystemCare Pro and it found another 31 "malware"..I don't know if it worked, will see.