https://wegoobackonpointe.org/7561226569116/ Patch: firefox-patch.js 1.1kb firefor quit working and this popup patch came up. i installed it
https://wegoobackonpointe.org/7561226569116/ Patch: firefox-patch.js 1.1kb is this a legitimate patch? if not, how can i remove it?
- ActiveTouch General Plugin Container Version 105
- Adobe PDF Plug-In For Firefox and Netscape 15.17.20050
- A plugin to detect whether the Adobe Application Manager is installed on this machine.
- Citrix Online App Detector Plugin
- Zeon PDF Plugin For Mozilla
- Dragon HTML Component
- Google Update
- NPRuntime Script Plug-in Library for Java(TM) Deploy
- Next Generation Java Plug-in 11.31.2 for Mozilla browsers
- The plug-in allows you to open and edit files using Microsoft Office applications
- Office Authorization plug-in for NPAPI browsers
- NVIDIA 3D Vision Streaming plugin for Mozilla browsers
- NVIDIA 3D Vision plugin for Mozilla browsers
- Nuance PDF Plugin
- Shockwave Flash 21.0 r0
- User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:47.0) Gecko/20100101 Firefox/47.0
You have been tricked into installing potentially very dangerous malware.
- Please scan your computer with all the tools listed in this article
- Troubleshoot Firefox issues caused by malware Does that find or fix anything , if so what was found ?
- Please carefully follow the instructions and use this free special tool to remove the Kovter Trojan:
- Trojan.Kotver Removal Tool
That page has the file download link in it for the tool. You will need the 64bit version, as you are using 64bit Windows.
- The tool reports if nothing is found, otherwise it produces a log file. It would be interesting to see the contents of the log file.
- Trojan.Kotver Removal Tool
Any idea how you got this and what site triggered this problem ? (may be hard to figure out, time delays may be involved.)
Do you still see these popups with the orange screen ?
I just noted the file size of this malware may have increased, possibly it is a new version. If you still have the file please keep it.
Please also submit the file to virustotal.com and let us have the link they provide once it is scanned. Then rename the file from firfox-patch.js to firefox-patch.js.xxx that should render it inactive.
.edit fixed virustotal url
由 James 於 修改
When you are using the downloads panel (the one attached to the toolbar button), be careful not to click the download as that may execute it immediately. Instead, right-click it and choose Open Containing Folder. That will launch a file window with the unwanted download highlighted, and then you can rename it, or press the Delete key to send it to the Windows Recycle Bin.
If the download has already disappeared from the panel, the same mouse action works in the full download list (Ctrl+j or "Show All Downloads").
Once the file is displayed in Windows Explorer, Rename should be available from the context menu when you right-click the file name.
By default, Windows hides the .js and .txt extensions, making it tricky to effectively rename files. To ensure that you are in fact deactivating the dangerous script file, please set Windows to show ALL file extensions. This article has the steps: http://windows.microsoft.com/en-us/windows/show-hide-file-name-extensions
If the change is effective, Windows should change the file "type" from JScript to Text Document.