On Aug 14th 11 PM ET/Aug 15th 03:00 UTC, due to scheduled Firefox Account server maintenance, users may not be able to sign in or create a new subscription. This is expected to last approximately 30 minutes. Status updates can be found at https://status.vpn.mozilla.org or https://status.relay.firefox.com.

Tìm kiếm hỗ trợ

Tránh các lừa đảo về hỗ trợ. Chúng tôi sẽ không bao giờ yêu cầu bạn gọi hoặc nhắn tin đến số điện thoại hoặc chia sẻ thông tin cá nhân. Vui lòng báo cáo hoạt động đáng ngờ bằng cách sử dụng tùy chọn "Báo cáo lạm dụng".

Learn More

Malwarebytes reports Firefox.exe as a trojan attempting to contact a separately reported bad IP address

  • 11 trả lời
  • 3 gặp vấn đề này
  • 5 lượt xem
  • Trả lời mới nhất được viết bởi the-edmeister

more options

Malwarebytes interrupted with a pop-up alert saying Firefox was trying to connect to IP address

167.71.99.170 (https://urlhaus.abuse.ch/url/348428/),

which apparently might be bad?

Interestingly, the above urlhaus link initially reported the hit on the IP address per a Pascal Geenens (@geenensp on twitter) who writes for a security blog at

Thanks to any and all who might be able to help!

-Log Details- Protection Event Date: 6/4/20 Protection Event Time: 4:18 PM Log File: 920f76a0-a6a0-11ea-9633-00ffc7e81200.json

-Software Information- Version: 4.1.0.56 Components Version: 1.0.920 Update Package Version: 1.0.25022 License: Premium

-System Information- OS: Windows 10 (Build 18362.836) CPU: x64 File System: NTFS User: System

-Blocked Website Details- Malicious Website: 1 , C:\Program Files (x86)\Mozilla Firefox\firefox.exe, Blocked, -1, -1, 0.0.0

-Website Data- Category: Trojan Domain: IP Address: 167.71.99.170 Port: 443 Type: Outbound File: C:\Program Files (x86)\Mozilla Firefox\firefox.exe


(end)

Malwarebytes interrupted with a pop-up alert saying Firefox was trying to connect to IP address 167.71.99.170 (https://urlhaus.abuse.ch/url/348428/), which apparently might be bad? Interestingly, the above urlhaus link initially reported the hit on the IP address per a Pascal Geenens (@geenensp on twitter) who writes for a security blog at Thanks to any and all who might be able to help! -Log Details- Protection Event Date: 6/4/20 Protection Event Time: 4:18 PM Log File: 920f76a0-a6a0-11ea-9633-00ffc7e81200.json -Software Information- Version: 4.1.0.56 Components Version: 1.0.920 Update Package Version: 1.0.25022 License: Premium -System Information- OS: Windows 10 (Build 18362.836) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , C:\Program Files (x86)\Mozilla Firefox\firefox.exe, Blocked, -1, -1, 0.0.0 -Website Data- Category: Trojan Domain: IP Address: 167.71.99.170 Port: 443 Type: Outbound File: C:\Program Files (x86)\Mozilla Firefox\firefox.exe (end)

Tất cả các câu trả lời (11)

more options

Please ignore   wimhelp201's   post and don't call that number   -   it's a scam !

more options

Thanks! I hadn't planned on it :) I reported the wimhelp201 account.

more options

wimphelp201 is a scammer. Please do not call the number. I've deactivated their account.

more options

Thanks Andrew.

What about firefox and sketchy IP's ? :)

more options

First, let's check your system.

You may have ad/mal-ware. Further information can be found in this article;
https://support.mozilla.org/en-US/kb/troubleshoot-firefox-issues-caused-malware?cache=no

Run most or all of the listed malware scanners. Each works differently. If one program misses something, another may pick it up.

more options

Hi FredMcD Ran both Malwarebytes and Microsoft Security with no results (full scan of all files including rootkit search). No add ons or extensions install.

Is there some way to dig into what firefox was doing at the time the request was made to the IP?

more options

Not that I know of. I called for more help.

more options

Awesome. Thank you.

more options

Malwarbytes detects FirefoxPC installer file as malware. Please advise. see attached.

more options

pcendeavorsny, Your screenshot did not shoe FirefoxPC installer.
At any rate, quarantine everything listed and let us know what happens.

more options

pcendeavorsny said

Malwarbytes detects FirefoxPC installer file as malware. Please advise. see attached.

Those 6 PUPOptio...|Conduit lines aren't part of Firefox. Could be related to an Add-on for Firefox, as Conduit has been known for many years as a "bad player" with their Firefox Add-ons. But AFAIK they have been banned from the Mozilla / Firefox Add-ons website, so they may have been installed from some other website; but even that would surprise me, as far as even being "digitally signed" to be allowed to install in Firefox.

Beyond that, it would be nice to see the full "Location" of the Registry Keys and Values. Like maybe a screenshot of the Save Results ... contents or the text of same. Hard to provide advice with the posted screenshot information.