X
Thinta lapha ukuze uye kuveshini yamakhalekhukhwini kusayithi.

Isithangami Sabeseki

Malicious Extensions

Kuphostiwe

I downloaded a malicious add-ons extension called "YouTube to MP3 Convert Button" by "Firefox user 6248547". All it did was open a video conversion website, which worked for the first video I tried (with alot of popups) but the second video I tried, it redirected me to a fake Firefox update page. As soon as I tried to cancel it, a login popup kept appearing and all my open tabs immediately went haywire trying to do some kind of redirect, and I it would not let me click on anything. I quickly ended the process to force close the browser, restarted Firefox and cleared my cache and uninstalled the extension. I am concerned about what kind of malware this may have installed on my machine. I reported this user over a month ago, but it is still available on the add-on page, and other people also commented about it having malware. Any suggestions?

I downloaded a malicious add-ons extension called "YouTube to MP3 Convert Button" by "Firefox user 6248547". All it did was open a video conversion website, which worked for the first video I tried (with alot of popups) but the second video I tried, it redirected me to a fake Firefox update page. As soon as I tried to cancel it, a login popup kept appearing and all my open tabs immediately went haywire trying to do some kind of redirect, and I it would not let me click on anything. I quickly ended the process to force close the browser, restarted Firefox and cleared my cache and uninstalled the extension. I am concerned about what kind of malware this may have installed on my machine. I reported this user over a month ago, but it is still available on the add-on page, and other people also commented about it having malware. Any suggestions?

Isisombululo esikhethiwe

Yes I just reinstalled and created a new Firefox profile in case there was anything still hidden within Firefox.

Thank you for the link to the article about the Malware, I tried three of them and the Microsoft Safety Scanner was the one that found the "VirTool:Win32/DefenderTamperingRestore" infection. I am almost 100% certain that this was what was loaded on my computer because of this malicious extension.

From what I found about this infection is it that is a new type of nasty Trojan Malware that installs automatically. It infiltrates Firefox and other browsers running Windows OS, and can cause all kinds of issues including installing ransomware and stealing personal info. It also disables Windows Defender Anti-Virus (which I was using).

Hopefully it did not do any damage to my system, I think it was just sitting dormant as I have not noticed any symptoms of this infection.

Funda le mpendulo ngokuhambisana nalesi sihloko 0
Isicaphuno

Eminye Imininingwane Yohlelo

Isisebenziso

  • I-ejenti Engumsebenzisi: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0

Eminye Imininingwane

FredMcD
  • Top 10 Contributor
4314 izisombululo 60601 izimpendulo
Kuphostiwe

Impendulo Ewusizo

Where did you get the link from?


You may have ad/mal-ware. Further information can be found in this article; https://support.mozilla.org/en-US/kb/troubleshoot-firefox-issues-caused-malware?cache=no

Run most or all of the listed malware scanners. Each works differently. If one program misses something, another may pick it up.

Where did you get the link from? You may have ad/mal-ware. Further information can be found in this article; https://support.mozilla.org/en-US/kb/troubleshoot-firefox-issues-caused-malware?cache=no Run most or all of the listed malware scanners. Each works differently. If one program misses something, another may pick it up.
Ingabe lokhu kube usizo kuwena? 1
Isicaphuno

Umnikazi wombuzo

This was the add-on link where I found the extension. When you use it, it opens a tab to a conversion website that loads the malware with the fake Firefox update. It only did it on the second file I tried to convert.

https://addons.mozilla.org/en-US/firefox/addon/youtube-to-mp3-convert-button/?src=search

This was the add-on link where I found the extension. When you use it, it opens a tab to a conversion website that loads the malware with the fake Firefox update. It only did it on the second file I tried to convert. https://addons.mozilla.org/en-US/firefox/addon/youtube-to-mp3-convert-button/?src=search
Ingabe lokhu kube usizo kuwena?
Isicaphuno

Umnikazi wombuzo

I know better than to download suspicious files like fake updates, so I clicked cancel when it asked to save the file, but it still executed some kind of drive-by download. It then had a login credentials window popup (asking for username and password), and when I hit cancel on that, It immediately caused Firefox to be unresponsive and all my open tabs changed showing that they were redirecting to something else. This was when I had to end the windows process to close Firefox.

I ran Microsoft Safety Scanner and it detected and removed: VirTool:Win32/DefenderTamperingRestore

I know better than to download suspicious files like fake updates, so I clicked cancel when it asked to save the file, but it still executed some kind of drive-by download. It then had a login credentials window popup (asking for username and password), and when I hit cancel on that, It immediately caused Firefox to be unresponsive and all my open tabs changed showing that they were redirecting to something else. This was when I had to end the windows process to close Firefox. I ran Microsoft Safety Scanner and it detected and removed: VirTool:Win32/DefenderTamperingRestore
Ingabe lokhu kube usizo kuwena?
Isicaphuno
FredMcD
  • Top 10 Contributor
4314 izisombululo 60601 izimpendulo
Kuphostiwe

I sent a message to the add-on site. I checked the reviews. Many give it 5 stars. But others report malware.

Did you remove this?

I sent a message to the add-on site. I checked the reviews. Many give it 5 stars. But others report malware. Did you remove this?
Ingabe lokhu kube usizo kuwena?
Isicaphuno

Isisombululo Esikhethiwe

Yes I just reinstalled and created a new Firefox profile in case there was anything still hidden within Firefox.

Thank you for the link to the article about the Malware, I tried three of them and the Microsoft Safety Scanner was the one that found the "VirTool:Win32/DefenderTamperingRestore" infection. I am almost 100% certain that this was what was loaded on my computer because of this malicious extension.

From what I found about this infection is it that is a new type of nasty Trojan Malware that installs automatically. It infiltrates Firefox and other browsers running Windows OS, and can cause all kinds of issues including installing ransomware and stealing personal info. It also disables Windows Defender Anti-Virus (which I was using).

Hopefully it did not do any damage to my system, I think it was just sitting dormant as I have not noticed any symptoms of this infection.

Yes I just reinstalled and created a new Firefox profile in case there was anything still hidden within Firefox. Thank you for the link to the article about the Malware, I tried three of them and the Microsoft Safety Scanner was the one that found the "VirTool:Win32/DefenderTamperingRestore" infection. I am almost 100% certain that this was what was loaded on my computer because of this malicious extension. From what I found about this infection is it that is a new type of nasty Trojan Malware that installs automatically. It infiltrates Firefox and other browsers running Windows OS, and can cause all kinds of issues including installing ransomware and stealing personal info. It also disables Windows Defender Anti-Virus (which I was using). Hopefully it did not do any damage to my system, I think it was just sitting dormant as I have not noticed any symptoms of this infection.
Ingabe lokhu kube usizo kuwena?
Isicaphuno
FredMcD
  • Top 10 Contributor
4314 izisombululo 60601 izimpendulo
Kuphostiwe

If you are sure the issue is gone,

That was very good work. Well Done. Please flag your last post as Solved Problem as this can help others with similar problems.

If you are sure the issue is gone, That was very good work. Well Done. Please flag your last post as '''Solved Problem''' as this can help others with similar problems.
Ingabe lokhu kube usizo kuwena?
Isicaphuno
Buza umbuzo

Kufanele ulogele ukungena ku-akhawunti yakho ukuze uphendule amaphosti. Uyacelwauqale umbuzo omusha, uma ungekabi nayo i-akhawunti namanje.