Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

How can I restore a previous version of Firefox? From 64.0.1 to 64.0

  • 9 replies
  • 1 has this problem
  • 2 views
  • Last reply by user633449

more options

I have no (okay, most of us have plenty, but that's a well known and wide spread grievance) problems with Firefox 64.0 However, I upgraded to 64.0.1 a couple days ago. HUGE mistake.

First, Kaspersky warned me that Firefox was no longer able to be protected by anti-virus. That should have been a clue.

Second, when I open certain websites, Kaspersky has a wonder portal called "Safe Money". Websites entered for it should automatically open in Safe Money, which provides an additional firewall as well as enhanced encryption of any data sent AND a means to enter data without using the keyboard, to avoid key loggers. Something for the more paranoid. Like me. (But I also use NoScript... because... I'm not paranoid. Just really really cautious)

Third... and what really made me realize that Firefox 64.0.1 is malware infected... about every third search on Google redirects to a website. Specifically, to search323892.xyz, which is, of course, a malware/hijack search engine. This ONLY happens on Google searches and ONLY when using Firefox and it ONLY started after the "upgrade" to the new version of Firefox.

Now... please keep reading. Because I am kinda impatient on folks that suggest stupid obvious things that are ALREADY noted as having been done or checked.

I checked the registry. I searched on "search323892", on "search323892.xyz" and on "xyz". (which is a pain in the...) There are entries for any of them. I also checked installed programs... just in case. But the only program that has been installed in the past month is... drum roll... Firefox. I double checked to ensure the Firefox installer I used was legit. It was. Came directly form the Firefox website. And I virus checked it with Kaspersky before I used the installer. (paranoid, remember) I also checked two other browsers I use. Neither of them are affected in any way. Just Firefox. Just on Google.com. Bing searches "work" just fine. Internet Exploder works just fine. Chrome works just fine. Further , both of them correctly open my financial sites in Safe Money. Exactly as they should. It is ONLY Firefox that is completely incompatible. Oh.. and before I forget to note... I also made sure there are no addons or extensions in Mozilla for anything trying to sneak in. And... just for safety... I added that blasted site to my HOSTS file. So it pops up a "can't access this page" rather than going to their sicko site.

Going on. I've also started a FULL deep scan and will be using Malwarbytes after that. (which might be finished later tomorrow, if I am lucky.) Then I'll consider doing a safe mode rootkit and deep scan, if I must, Because those could take another day or two. However, I am relatively certain that this issue is ONLY affecting Firefox and ONLY with the recent install. Partly because I have TWO Firefox profiles. And the other profile is working just fine. But it is on a VERY old version of Firefox. Like pre "let's screw up all the best features of FireFox and force users to use crappy addons that don't work" version. You know... that one I mentioned above... pre 57.


So... finally to my two questions.

Is there something I can use to search in my Firefox profile to find where this blasted thing might be hiding? I'm 85% certain it's buried in my Firefox profile. What can I use or do to search my profile for it? (digging viruses out of the registry is easy. Sifting through a Firefox profile is like learning Aramaic. From a blind man. When you're deaf. And no one knows it.)

The 15% part thinks it is in the Firefox 64.0.1 install itself. Mainly because Kaspersky detected a SERIOUS flaw in it. And because Safe Money is not compatible with this version. And because Firefox has a rather well known history of sometimes totally screwing up their "updates". So... if there's no way to really dig through the Firefox profile for this... is there a way (you know, the feature that has been the #1 request since Version 6) of rolling back the version of Firefox to the previously installed version? (a feature every civilized software maker includes... because, hey, mistakes happen)

Thanks in advance!!

I have no (okay, most of us have plenty, but that's a well known and wide spread grievance) problems with Firefox 64.0 However, I upgraded to 64.0.1 a couple days ago. HUGE mistake. First, Kaspersky warned me that Firefox was no longer able to be protected by anti-virus. That should have been a clue. Second, when I open certain websites, Kaspersky has a wonder portal called "Safe Money". Websites entered for it should automatically open in Safe Money, which provides an additional firewall as well as enhanced encryption of any data sent AND a means to enter data without using the keyboard, to avoid key loggers. Something for the more paranoid. Like me. (But I also use NoScript... because... I'm not paranoid. Just really really cautious) Third... and what really made me realize that Firefox 64.0.1 is malware infected... about every third search on Google redirects to a website. Specifically, to search323892.xyz, which is, of course, a malware/hijack search engine. This ONLY happens on Google searches and ONLY when using Firefox and it ONLY started after the "upgrade" to the new version of Firefox. Now... please keep reading. Because I am kinda impatient on folks that suggest stupid obvious things that are ALREADY noted as having been done or checked. I checked the registry. I searched on "search323892", on "search323892.xyz" and on "xyz". (which is a pain in the...) There are entries for any of them. I also checked installed programs... just in case. But the only program that has been installed in the past month is... drum roll... Firefox. I double checked to ensure the Firefox installer I used was legit. It was. Came directly form the Firefox website. And I virus checked it with Kaspersky before I used the installer. (paranoid, remember) I also checked two other browsers I use. Neither of them are affected in any way. Just Firefox. Just on Google.com. Bing searches "work" just fine. Internet Exploder works just fine. Chrome works just fine. Further , both of them correctly open my financial sites in Safe Money. Exactly as they should. It is ONLY Firefox that is completely incompatible. Oh.. and before I forget to note... I also made sure there are no addons or extensions in Mozilla for anything trying to sneak in. And... just for safety... I added that blasted site to my HOSTS file. So it pops up a "can't access this page" rather than going to their sicko site. Going on. I've also started a FULL deep scan and will be using Malwarbytes after that. (which might be finished later tomorrow, if I am lucky.) Then I'll consider doing a safe mode rootkit and deep scan, if I must, Because those could take another day or two. However, I am relatively certain that this issue is ONLY affecting Firefox and ONLY with the recent install. Partly because I have TWO Firefox profiles. And the other profile is working just fine. But it is on a VERY old version of Firefox. Like pre "let's screw up all the best features of FireFox and force users to use crappy addons that don't work" version. You know... that one I mentioned above... pre 57. So... finally to my two questions. Is there something I can use to search in my Firefox profile to find where this blasted thing might be hiding? I'm 85% certain it's buried in my Firefox profile. What can I use or do to search my profile for it? (digging viruses out of the registry is easy. Sifting through a Firefox profile is like learning Aramaic. From a blind man. When you're deaf. And no one knows it.) The 15% part thinks it is in the Firefox 64.0.1 install itself. Mainly because Kaspersky detected a SERIOUS flaw in it. And because Safe Money is not compatible with this version. And because Firefox has a rather well known history of sometimes totally screwing up their "updates". So... if there's no way to really dig through the Firefox profile for this... is there a way (you know, the feature that has been the #1 request since Version 6) of rolling back the version of Firefox to the previously installed version? (a feature every civilized software maker includes... because, hey, mistakes happen) Thanks in advance!!

All Replies (9)

more options

Usually what happens is that you are already infected and when a update comes and something changes it sets it free in Firefox.

I tend to see this a lot after a update.

Have you done a quick scan with Malwarbytes/AdwCleaner as might be faster if it finds it.

As we are not Virus Company it is best to let the Pros handle things I have posted here myself :

ftp site only goes up to 62.0.9b can not read stuff for Nightly.

Others will know. What was the URL you got it from ?

more options

What's What in the Profile :

  • bookmarks and history: places.sqlite
  • bookmark backups: compressed .jsonlz4 JSON backups in the bookmarkbackups folder
  • cookies.sqlite for the Cookies
  • formhistory.sqlite for saved autocomplete Form Data
  • logins.json (passwords) and key4.db (58+) or key3.db (57 and older) (decryption key) for Passwords saved in the Password Manager
  • if you only have key3.db then make sure to remove an existing key4.db
  • cert9.db (58+) or cert8.db (57 and older) for (intermediate) certificates stored in the Certificate Manager
  • if you only have cert8.db then make sure to remove an existing cert9.db
  • persdict.dat for words you added to the spelling checker dictionary
  • permissions.sqlite for Permissions and possibly content-prefs.sqlite for other website specific data (Site Preferences)
  • sessionstore.jsonlz4 for open tabs and pinned tabs (see also the sessionstore-backups folder)
more options

So... update.... I found the "add-on" that was causing the search issue. It is a version of jetpack.xpi. I verified by timestamp it was installed with the official version of Firefox that I obtained from ==> https : // support.mozilla.org/en-US/kb/update-firefox-latest-version The installed file from there is called Firefox Installer.exe and is digitally signed by Mozilla. It is as authentic as it can be. The add-on was installed by Mozilla. This add-on is what was causing the search engine problems.

The add-on, thankfully, did not appear anywhere in the registry. I removed it from my profile, under "extensions" and TA DA... no more search engine redirection.

However, I still have the issue that 64.0.1 is not compatible with Kaspersky. Specifically, I have to manually open Safe Money and the webpage I want to use in secure mode. It SHOULD work with Firefox. It DID work with 64.0. It still works with my other browsers. So... it might be possible that a new new new new new update/"upgrade" might fix this issue... as many Firefox "upgrades" are often not compatible with Kaspersky and other virus protection software... and that's why Firefox has weekly, daily, and sometimes hourly updates. Because they do not bother to verify their newest version is going to work with anti-virus software.

Anyways... I've gotten half way to the solution. And I don't suppose it'll be too horrible to use Chrome for all my important security worrying things. But it would be nice if Firefox could release a version that is compatible with anti-virus software BEFORE they have to fix it.

more options

Pkshadow said

What's What in the Profile :
  • bookmarks and history: places.sqlite
  • bookmark backups: compressed .jsonlz4 JSON backups in the bookmarkbackups folder
  • cookies.sqlite for the Cookies
  • formhistory.sqlite for saved autocomplete Form Data
  • logins.json (passwords) and key4.db (58+) or key3.db (57 and older) (decryption key) for Passwords saved in the Password Manager
  • if you only have key3.db then make sure to remove an existing key4.db
  • cert9.db (58+) or cert8.db (57 and older) for (intermediate) certificates stored in the Certificate Manager
  • if you only have cert8.db then make sure to remove an existing cert9.db
  • persdict.dat for words you added to the spelling checker dictionary
  • permissions.sqlite for Permissions and possibly content-prefs.sqlite for other website specific data (Site Preferences)
  • sessionstore.jsonlz4 for open tabs and pinned tabs (see also the sessionstore-backups folder)

So.... would Kaspersky need to be added to permissions.sqlite or content-prefs.sqlite? Does it require a separate entry for Safe Money?

Or is there some other place where Kaspersky and other anti-virus programs need to be entered for addition to functionality for Firefox?

I'm not a programmer, so sorry if I might be shaky on how that works. I can dig viruses out of the registry. I can even do a bit of playing with Windows source code. But Firefox is written in something way beyond my ability to understand.

Thanks!!!

more options

Only Volunteer so I know enough to be dangerous but this should be reported to some one... file a bug report. https://bugzilla.mozilla.org/ Bug Writing Guidelines : https://developer.mozilla.org/en-US/docs/Mozilla/QA/Bug_writing_guidelines

Actually it is the Virus companies that have to keep up with Firefox and others.

Well glad you found the issue. That is the main good news.

more options

Pkshadow said

Usually what happens is that you are already infected and when a update comes and something changes it sets it free in Firefox. I tend to see this a lot after a update. Have you done a quick scan with Malwarbytes/AdwCleaner as might be faster if it finds it. As we are not Virus Company it is best to let the Pros handle things I have posted here myself : ftp site only goes up to 62.0.9b can not read stuff for Nightly. Others will know. What was the URL you got it from ?


Not yet. My computer is roughly 10 years old. AMD X2 220 processor. Not ancient. Well, kinda ancient. So, the Kaspersky scan is running and will hopefully complete tomorrow sometime. Then I can do the Malwarebytes scan.

But, I suspect neither will find anything. It's not in the registry. And I suspect that the extension added by Firefox is to blame. I got the Firefox upgrade directly from the Firefox website (see the other post) and I verified it by running a scan on it first. And checking the certificate. (paranoid me) It's legitimate. Well, sort of. It added that jetpack extension. The timestamp was right on with the upgrade to 64.0.1.

That's also when Kaspersky gave me the warning... when Firefox started after the upgrade. And it's when the issue of Safe Money not working started. And the search engine redirect. So I solved one problem. But the Kasperky compatibility will need someone a lot more experienced in programming than I will ever be.

Thanks!!!

more options

Any Kaspersky extension you have was added by Kaspersky. Mozilla the maker of the Firefox web browser does not make or maintain any Kaspersky extensions so it was not added by Firefox as you said in last post.

Also the Firefox web browser is not made to be compatible with insert any antivirus clients or their extensions as it is the other way.

Just gotta chime in to say I believe you are referring to Firefox 61.0.1 (sixty-one) and not to 64.0.1 (sixty-four).

Firefox 64.0 does not even exist in development on any development channel including Nightly channel yet as it currently has 63.0a1 on it. The 64.0a1 will start on Nightly channel on week of Sept 4.

gotta go.

more options

James said

Any Kaspersky extension you have was added by Kaspersky. Mozilla the maker of the Firefox web browser does not make or maintain any Kaspersky extensions so it was not added by Firefox as you said in last post. Also the Firefox web browser is not made to be compatible with insert any antivirus clients or their extensions as it is the other way. Just gotta chime in to say I believe you are referring to Firefox 61.0.1 (sixty-one) and not to 64.0.1 (sixty-four). Firefox 64.0 does not even exist in development on any development channel including Nightly channel yet as it currently has 63.0a1 on it. The 64.0a1 will start on Nightly channel on week of Sept 4. gotta go.


You are correct, my apologies... it is version 61.0.1 (64-bit). Not 64. I probably just mixed up 64 bit versus 61 version. Jeez. 61. 61 versions. That's a lot of fixes. Oh well.

But it is not a Kaspersky extension hat was causing the problem. It was something called jid1-YcMV6ngYmQRA2w@jetpack.xpi I believe this to be a virus. Several variations are known viruses. Or, to be more accurate, search engine hijack. This extension was loaded with the Firefox 61.0.1 update. I did not have anything called Jetpack and it did not show up in the list of extensions or add-ons. It also was not in the other profile of Firefox that I have. And when I removed this file from my Extensions folder in my profile... the search engine hijack stopped.

So I'm relatively certain this file, added by Firefox during it's update, is the cause of the search engine hijack.


On the other note... yes, I am aware that Firefox does not maintain nor coordinate with ANY virus protection software. That's sort of a point, there, isn't it? Why not. That should be the question any sane user would want to know. Why DOESN'T Firefox care one whit about protecting its users from potential risk? If there are major virus manufacturers out there working tirelessly to keep up with the threats to users... shouldn't Firefox also have at least a tiny little bit of concern to assist in keeping its users safe?

What is the point of having a nearly weekly "fix" of the newest exploits of Firefox's code if they don't bother to even try to keep their product in compatibility with ANY virus programs? Wouldn't that introduce more vulnerability than it solves?

Oh... and how do I roll Firefox back to the 61.0 version that is compatible with my virus protection? That's the question I would like to know an answer for. (and it's not very clear in any of the questions "answered" about how to roll back from last year's decision to remove useful add-ons)

more options

Firefox runs regardless of what anti-virus you have on your computer. I suspect what you re seeing is that the anti-virus extension isn't working, but your actual anti-virus scanner is running in the background, continually protecting you. The extension from your anti-virus does nothing to keep you safer, it just scrapes your history and sends it kaspersky (a shady russian company). Firefox does actively protect user's (which is part of why you need to stay up to date).