No this is fake and malware. Do not open or run that file.

Thanks for reporting this. If possible can you help us out further ?

Recently the malware has been using files with names ending in .exe this seems to be anew one.

It would help us trying to fight this if you downlad and save that file but do not run it. Could you then

• Keep the file for a while, one of our Admins or engineers may be interested in the file
• Can you yourself submit the file for scanning at virustotal.com then report back with the link that uses

Note these links ar often personalised. The malware designer presumably does that to evade scrutiny. I can not see the site nichufreevectordownload.net So I am unable to catch the file myself.

Can you also try to make ascreenshot of any pages related to this. Is this using an orange splashscreen with a Firefox logo.

It is a Monday so with Mozilla staff back at work I will see if I can find out what help they would like.

Thanks again. Note we have a contributors thread where we are discussing this issue

• https://support.mozilla.org/en-US/forums/contributors/712056?last=69556

Before I save this file, is there ANY possibility that it can "auto-run" after downloading?

Thanks for the reply. I understand your concerns.

I would not expect it to be able to auto run.

Even the .exe files that are executable will not run on Windows normally unless they are opened or run either by clicking them or taking some other action such as using a run dialogue.

Unfortunately I can not give any categorical assurance of that. Because I do not know for certain what exactly the file is or whether your computer may already have malware on it.

It's ok not to save the file, if you are worried about the risks involved. Please however keep your eye on this thread in case we have other questions to ask you that are less risky.

Sometimes security software is installed on a computer and that may quarantine malware files safely, however these files may well be too new to be detected as malware, that is why we try to submit them to virustotal, and mozilla staff.

As I said I just am not able to access the download that you are offered, or even the site it comes from.

I can't risk downloading that file. FYI - it appeared on an orange splashscreen with a Firefox logo.

Any idea where you caught the malvertisment from.

• When this happened Were you surfing or using any particular site ?

I have not yet managed to catch any of these files or splashscreens myself even when I turn off any blockers I have.

Are you still able to open that page at will by the way or has it disappeared now.

Gramps25kids said

Is "firefox-patch.js" from "nichufreevectordownload.net" legitimate? This was in a pop-up window which stated "You have chosen to open:"..."Would you like to save this file?" It is a JAvaScript File of 353 bytes. I was afraid to save it.

Hmm normally the fake file is firefox-patch.exe as you can see in this thread https://support.mozilla.org/en-US/forums/contributors/712056

It is impotant to be cautious with .js files because if you were to open or double-click it after saving it, Windows would execute it in the Windows Script Host, which could be dangerous to your system.

If you have Firefox set to ask you where to save files, you can make a file non-executable when you save it by adding .txt at the end of the file name. To make sure Windows displays the file name accurately, you also would want to turn on display of ALL file extensions (normally .js and .txt are hidden). Although this particular download is probably history, you could change these settings now so you have full control of download file names from this point forward.

• http://windows.microsoft.com/en-us/windows/show-hide-file-name-extensions
• Startup, home page, tabs, and download settings