X
Kliknite sem pre prechod na mobilnú verziu webu.

Fórum podpory

It's 12:30 EDT 7/18/16 -- did Firefox just send out a Patch to be downloaded and installed?

Pridané

I was just interrupted in my browsing by a "flash screen" which had the Firefox logo and a dialogue asking me to download a Patch. I've downloaded by not opened the patch to install it. This is the first time in decades of computer work that I've every seen anything like this. Is this a legit Firefox patch? Or some sort of hack?

I was just interrupted in my browsing by a "flash screen" which had the Firefox logo and a dialogue asking me to download a Patch. I've downloaded by not opened the patch to install it. This is the first time in decades of computer work that I've every seen anything like this. Is this a legit Firefox patch? Or some sort of hack?

Ďalšie informácie o systéme

Nainštalované zásuvné moduly

  • Adobe PDF Plug-In For Firefox and Netscape 10.1.16
  • Google Update
  • Intel web components for Intel® Identity Protection Technology
  • Intel web components updater - Installs and updates the Intel web components
  • NPRuntime Script Plug-in Library for Java(TM) Deploy
  • Next Generation Java Plug-in 11.91.2 for Mozilla browsers
  • MindSpark Toolbar Platform Plugin Stub for 32-bit Windows
  • NPWLPG
  • Picasa plugin
  • ScorchPlugin
  • Shockwave Flash 22.0 r0

Aplikácie

  • Identifikácia prehliadača: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:47.0) Gecko/20100101 Firefox/47.0

Viac informácií

John99 971 riešení 13138 odpovedí

Užitočné odpovede

Probably malware do not open or run that.

I will post more details later.

Probably malware do not open or run that. I will post more details later.
John99 971 riešení 13138 odpovedí

Užitočné odpovede

As you say this is malware. Do not run or open the file. What is the name of the file you received and is it a .js or .exe type: Bothe are executable and will run if you are not careful.

We are trying to find our more about this. The trojan could be particularly dangerous and possibly able to reside in the memory and registry without using files, that makes it dificult to detect and remove.

There are two things you could do.

  1. First just in case you are infected with this malware use a specific removal tool. (That's only necessary if the file may have run)
  2. Second if you would like to help us see if you can catch the actual advert and its details. (The orange splash screen in a full page of its own does not help as the malware keeps changing the site it uses for that)

Note the removal tool will tell you if you if it does not find anything. If it does find something it will generate a log file. It would be interesting to see the content of the log file if one is generated. It is probably safer and good policy not to use an Admin account for day to day computer work and ordinary Browsing, however note you do need to run the removal tool from an Admin account.

These are the instructions for catching the ad information

{#c16}If ... affected users) could tell us what the ad URLs are, that would be helpful.
They would need to right-click on the ad image, choose "This Frame -> View Frame Info", and copy/paste the following info:
General tab: Address (URL)
Media tab: Location (URL) of each item in the list of media in that frame.
This will help us isolate the affected ad networks so we can contact them and inform them of the malware.
Thanks!
As you say this is malware. Do not run or open the file. What is the name of the file you received and is it a .js or .exe type: Bothe are executable and will run if you are not careful. We are trying to find our more about this. The trojan could be particularly dangerous and possibly able to reside in the memory and registry without using files, that makes it dificult to detect and remove. There are two things you could do. #First just in case you are infected with this malware use a specific removal tool. (That's only necessary if the file may have run) #Second if you would like to help us see if you can catch the actual advert and its details. (The orange splash screen in a full page of its own does not help as the malware keeps changing the site it uses for that) Note the removal tool will tell you if you if it does not find anything. If it does find something it will generate a log file. It would be interesting to see the content of the log file if one is generated. It is probably safer and good policy not to use an Admin account for day to day computer work and ordinary Browsing, however note you do need to run the removal tool from an Admin account. * Notes & tool link: ''"Symantec Official Blog Kovter malware learns from Poweliks with persistent fileless registry update''" http://www.symantec.com/connect/blogs/kovter-malware-learns-poweliks-persistent-fileless-registry-update **Instructions for Trojan.Kotver Removal Tool https://www.symantec.com/security_response/writeup.jsp?docid=2015-092321-2230-99 ** https://www.symantec.com/content/en/us/global/removal_tool/threat_writeups/'''FixToolKotver64'''''.''exe https://www.symantec.com/content/en/us/enterprise/media/security_response/tools/'''FixToolKotver32'''''.''exe ***I have deliberately broken those links as it is against forum policy to post links to executables ln the forum. Please use the link in the Instructions page, OR copy and paste the address into your addressbar These are the instructions for catching the ad information <blockquote> {[https://bugzilla.mozilla.org/show_bug.cgi?id=1282106#c16 #c16]}If ... affected users) could tell us what the ad URLs are, that would be helpful. <br/> They would need to right-click on the ad image, choose "This Frame -> View Frame Info", and copy/paste the following info: <br/>General tab: Address (URL) <br/>Media tab: Location (URL) of each item in the list of media in that frame.<br/>This will help us isolate the affected ad networks so we can contact them and inform them of the malware. <br/>Thanks!</blockquote>

Autor otázky

Did NOT run. It's a .js file. As soon as I saw the non-Firefox "logo" on the file it looked suspicious so I did not run. Will delete now.

Did NOT run. It's a .js file. As soon as I saw the non-Firefox "logo" on the file it looked suspicious so I did not run. Will delete now.
cliffontheroad 2 riešení 57 odpovedí

hope a solution is found soon.

hope a solution is found soon.

Upravil(a) cliffontheroad dňa