X
點擊此處開啟此網站的行動版。

技術支援討論區

Is "firefox-patch.js" from "nichufreevectordownload.net" legitimate?

已張貼

This was in a pop-up window which stated "You have chosen to open:"..."Would you like to save this file?" It is a JAvaScript File of 353 bytes. I was afraid to save it.

This was in a pop-up window which stated "You have chosen to open:"..."Would you like to save this file?" It is a JAvaScript File of 353 bytes. I was afraid to save it.

額外的系統細節

已安裝的外掛程式

  • Coupons, Inc. Coupon Printer 5.0.2.0
  • The plugin allows you to have a better experience with Microsoft SharePoint
  • NPWLPG
  • Shockwave Flash 22.0 r0
  • 5.1.50428.0
  • VLC media player Web Plugin 2.0.0-rc

應用程式

  • Firefox 47.0
  • 使用者代理:Mozilla/5.0 (Windows NT 10.0; WOW64; rv:47.0) Gecko/20100101 Firefox/47.0
  • 技術支援網址:https://support.mozilla.org/1/firefox/47.0/WINNT/en-US/

擴充套件

  • Firefox Hello 1.3.2 (loop@mozilla.org)
  • Multi-process staged rollout 1.0 (e10srollout@mozilla.org)
  • Norton Identity Safe 2016.7.0.62 ({C1A2A613-35F1-4FCF-B27F-2840527B6556})
  • Pocket 1.0.2 (firefox@getpocket.com)

JavaScript

  • incrementalGCEnabled: True

圖形

  • adapterDescription: AMD Radeon HD 8400 / R3 Series
  • adapterDescription2:
  • adapterDeviceID: 0x9830
  • adapterDeviceID2:
  • adapterDrivers: aticfx64 aticfx64 aticfx64 amdxc64 aticfx32 aticfx32 aticfx32 amdxc32 atiumd64 atidxx64 atidxx64 atiumdag atidxx32 atidxx32 atiumdva atiumd6a atitmm64
  • adapterDrivers2:
  • adapterRAM: 512
  • adapterRAM2:
  • adapterSubsysID: 2b05103c
  • adapterSubsysID2:
  • adapterVendorID: 0x1002
  • adapterVendorID2:
  • direct2DEnabled: True
  • directWriteEnabled: True
  • directWriteVersion: 10.0.10586.0
  • driverDate: 3-21-2016
  • driverDate2:
  • driverVersion: 16.150.2211.0
  • driverVersion2:
  • failures: [u'[GFX1-]: DXVA2D3D9 video decoding is disabled due to a previous crash.']
  • indices: [0]
  • info: {u'AzureCanvasAccelerated': 0, u'AzureCanvasBackend': u'direct2d 1.1', u'AzureFallbackCanvasBackend': u'cairo', u'AzureContentBackend': u'direct2d 1.1'}
  • isGPU2Active: False
  • numAcceleratedWindows: 2
  • numTotalWindows: 2
  • supportsHardwareH264: No; DXVA2D3D9 crashes detected in the past
  • webglRenderer: Google Inc. -- ANGLE (AMD Radeon HD 8400 / R3 Series Direct3D11 vs_5_0 ps_5_0)
  • windowLayerManagerRemote: True
  • windowLayerManagerType: Direct3D 11

修改過的偏好設定

其他

  • User JS: 否
  • 輔助功能: 否
John99 971 個解決方法 13138 個答案

有幫助的回覆

No this is fake and malware. Do not open or run that file.

Thanks for reporting this. If possible can you help us out further ?

Recently the malware has been using files with names ending in .exe this seems to be anew one.

It would help us trying to fight this if you downlad and save that file but do not run it. Could you then

  • Keep the file for a while, one of our Admins or engineers may be interested in the file
  • Can you yourself submit the file for scanning at virustotal.com then report back with the link that uses

Note these links ar often personalised. The malware designer presumably does that to evade scrutiny. I can not see the site nichufreevectordownload.net So I am unable to catch the file myself.

Can you also try to make ascreenshot of any pages related to this. Is this using an orange splashscreen with a Firefox logo.

It is a Monday so with Mozilla staff back at work I will see if I can find out what help they would like.

Thanks again. Note we have a contributors thread where we are discussing this issue

No this is fake and malware. Do not open or run that file. Thanks for reporting this. If possible can you help us out further ? Recently the malware has been using files with names ending in .exe this seems to be anew one. It would help us trying to fight this if you downlad and save that file but do not run it. Could you then * Keep the file for a while, one of our Admins or engineers may be interested in the file * Can you yourself submit the file for scanning at virustotal.com then report back with the link that uses Note these links ar often personalised. The malware designer presumably does that to evade scrutiny. I can not see the site nichufreevectordownload.net So I am unable to catch the file myself. Can you also try to make ascreenshot of any pages related to this. Is this using an orange splashscreen with a Firefox logo. It is a Monday so with Mozilla staff back at work I will see if I can find out what help they would like. Thanks again. Note we have a contributors thread where we are discussing this issue * https://support.mozilla.org/en-US/forums/contributors/712056?last=69556

提出問題者

Before I save this file, is there ANY possibility that it can "auto-run" after downloading?

Before I save this file, is there ANY possibility that it can "auto-run" after downloading?

由 Gramps25kids 於 修改

John99 971 個解決方法 13138 個答案

有幫助的回覆

Thanks for the reply. I understand your concerns.

I would not expect it to be able to auto run.

Even the .exe files that are executable will not run on Windows normally unless they are opened or run either by clicking them or taking some other action such as using a run dialogue.

Unfortunately I can not give any categorical assurance of that. Because I do not know for certain what exactly the file is or whether your computer may already have malware on it.

It's ok not to save the file, if you are worried about the risks involved. Please however keep your eye on this thread in case we have other questions to ask you that are less risky.


Sometimes security software is installed on a computer and that may quarantine malware files safely, however these files may well be too new to be detected as malware, that is why we try to submit them to virustotal, and mozilla staff.

As I said I just am not able to access the download that you are offered, or even the site it comes from.

Thanks for the reply. I understand your concerns. I would not expect it to be able to auto run. Even the .exe files that are executable will not run on Windows normally unless they are opened or run either by clicking them or taking some other action such as using a run dialogue. '''Unfortunately''' I can not give any categorical assurance of that. Because I do not know for certain what exactly the file is or whether your computer may already have malware on it. It's ok not to save the file, if you are worried about the risks involved. Please however keep your eye on this thread in case we have other questions to ask you that are less risky. Sometimes security software is installed on a computer and that may quarantine malware files safely, however these files may well be too new to be detected as malware, that is why we try to submit them to virustotal, and mozilla staff. As I said I just am not able to access the download that you are offered, or even the site it comes from.

提出問題者

I can't risk downloading that file. FYI - it appeared on an orange splashscreen with a Firefox logo.

I can't risk downloading that file. FYI - it appeared on an orange splashscreen with a Firefox logo.
John99 971 個解決方法 13138 個答案

Any idea where you caught the malvertisment from.

  • When this happened Were you surfing or using any particular site ?

I have not yet managed to catch any of these files or splashscreens myself even when I turn off any blockers I have.

Are you still able to open that page at will by the way or has it disappeared now.

Any idea where you caught the malvertisment from. * When this happened Were you surfing or using any particular site ? I have not yet managed to catch any of these files or splashscreens myself even when I turn off any blockers I have. Are you still able to open that page at will by the way or has it disappeared now.
James
  • Top 25 Contributor
  • Moderator
1603 個解決方法 11348 個答案

Gramps25kids said

Is "firefox-patch.js" from "nichufreevectordownload.net" legitimate? This was in a pop-up window which stated "You have chosen to open:"..."Would you like to save this file?" It is a JAvaScript File of 353 bytes. I was afraid to save it.

Hmm normally the fake file is firefox-patch.exe as you can see in this thread https://support.mozilla.org/en-US/forums/contributors/712056

''Gramps25kids [[#question-1130586|said]]'' <blockquote> Is "firefox-patch.js" from "nichufreevectordownload.net" legitimate? This was in a pop-up window which stated "You have chosen to open:"..."Would you like to save this file?" It is a JAvaScript File of 353 bytes. I was afraid to save it. </blockquote> Hmm normally the fake file is firefox-patch.exe as you can see in this thread https://support.mozilla.org/en-US/forums/contributors/712056
jscher2000
  • Top 10 Contributor
8873 個解決方法 72607 個答案

It is impotant to be cautious with .js files because if you were to open or double-click it after saving it, Windows would execute it in the Windows Script Host, which could be dangerous to your system.

If you have Firefox set to ask you where to save files, you can make a file non-executable when you save it by adding .txt at the end of the file name. To make sure Windows displays the file name accurately, you also would want to turn on display of ALL file extensions (normally .js and .txt are hidden). Although this particular download is probably history, you could change these settings now so you have full control of download file names from this point forward.

It is impotant to be cautious with .js files because if you were to open or double-click it after saving it, Windows would execute it in the Windows Script Host, which could be dangerous to your system. If you have Firefox set to ask you where to save files, you can make a file non-executable when you save it by adding .txt at the end of the file name. To make sure Windows displays the file name accurately, you also would want to turn on display of ALL file extensions (normally .js and .txt are hidden). Although this particular download is probably history, you could change these settings now so you have full control of download file names from this point forward. * http://windows.microsoft.com/en-us/windows/show-hide-file-name-extensions * [[Startup, home page, tabs, and download settings]]