I am getting a page to update firefox with a .js ending what is it.
Every so often I receive a page saying I need to upgrade my Firefox software. It appears as a new page covering up what I am looking at and unless I am fast it starts a download. I can not catch the address except that it has .js as the end instead of a .com.
- 3DVIA player(18.104.22.168). For more information, visit the 3DVIA player web site.
- Adobe PDF Plug-In For Firefox and Netscape 15.17.20050
- Cortona3D Plug-in for Mozilla-based Browsers (7, 0, 0, 188)
- DivX Web Player version 22.214.171.124
- DivX VOD Helper Plug-in
- Google Update
- The QuickTime Plugin allows you to view a wide variety of multimedia content in Web pages. For more information, visit the QuickTime Web site.
- Shockwave Flash 22.0 r0
- Adobe Shockwave for Director Netscape plug-in, version 126.96.36.199
- VLC media player Web Plugin
- iTunes Detector Plug-in
- User Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:47.0) Gecko/20100101 Firefox/47.0
Malware, do not open or run that file. I am not even sure it is safe to download the file although quite possibly we are still looking for copies of this. However you do mention it has previously started downloads. (There are suggestions it can infect computers with no or minimal user interaction)
I or someone else will post more information later.
If you do already have downloads please look for therm and before deleting them please submit to virustotal.com and record the link for their report and paste it in your next reply.
After doing that it is probably worthwhile scanning your computer with all the tools listed in
Use the latest version of all those tools, because the files used by this malware keep changing.
Oner piece of malware used by this fake update is particularly dangerous, because the malware is very sophisticated and able to hide in the memory and Registry without making a conventional file that security software can detect and remove, but there is a specific tool to detect and remove that.
- Downloads and instructions for use of Kotver removal tool (This is a well respected site) https://www.symantec.com/security_response/writeup.jsp?docid=2015-092321-2230-99
Sorry if it is slightly complicated to use. Please note that the removal tool generates a log file if it finds anything. Please make a copy of any log file it generates, we would like to see the copy of that log files comments.
Thanks for reporting this, and lets hope it has not yet caused any damage to your system or data.
You can follow some of our efforts to investigate this menace at contributors thread /forums/contributors/712056
由 John99 於 修改
My advice is to install uBlock Origin. https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/
I haven't seen that crap when using it. And I have seen it in a version where I don't use uBlock Origin when I was able to catch one of those URL's quick enough before it was shutdown to compare with and without that extension. So I am fairly confident that it does work, but YMMV.