Urgent Fire Fox Update Notice
I keep getting a screen popping up that says "Urgent Firefox Update". My protection software is blocking it, saying it's a Trojan. When I go to Mozilla, it says my Firefox is up to date. Is there an Urget Update or not?
Valitud lahendus
Hi
We are aware of this issue are are working to resolve it. From what you are saying this is almost certainly malware.
Firefox will always update from within the browser and not from a random web page. If you ever unsure of whether you are using the most recent version, this page will walk you through how to check.
Comment added by a forum moderator Please also see our help article
If you do see one of these fake updates please as a reply to this thread post the web address of the fake orange page and if possible the address of the genuine website it appears to have come from - the back arrow on the address bar of the orange page may sometimes help find that.
Loe vastust kontekstis 👍 236All Replies (20)
This is happening to me mostly while on wunderground.com. It also just happened on instructables.com. Recent URLs of the fake update page are ieraidreamland.org, iixaebrokerforex.net, and papoimidori-japan.org. I keep adding these to BlockSite but it doesn't help - seems to be a new URL each time.
Vmtr said
seems to be a new URL each time.
They seem to get registered the day before and then get reported here for a day then never mentioned again except as one of the older sites the poster has encountered.
https://support.mozilla.org/en-US/forums/contributors/712164 https://support.mozilla.org/en-US/forums/contributors/712056/
https://papoimidori-japan.org/821847985650/d67c2c9853b501dc1ea8c862c38fb4fa.html
Right after logging into Ebay.
I have been getting this popup too. My one main question is do I have to worry about having my bank or other sensitive info stolen? I have not run the patch.
Thanks to this forum, I have just added Ublock origin. I'm hoping that helps.
McAfee found problems and removed them. One was a youtube downloader program which I figured was the problem, but the popups kept coming. I downloaded malwarebytes and it found some adware but nothing that looked serious. Hitman found something that I was sure was the problem, but it just keeps happening. It's maybe every few days.
I assumed it was tied to the registry? and reinstalled on each reboot? The thread here suggests that it comes from the browser and from many different sites? My only idea (remembering that I know nothing) was to wipe the drive and reinstall windows and everything else.
Advice would be appreciated. Having this thing still on my computer worries me. Should I be worried? Thanks, Bob
Muudetud
Bob Condon said
Thanks to this forum, I have just added Ublock origin. I'm hoping that helps.
Well Done !!! It should do the trick (fingers crossed).
Having this thing still on my computer worries me. Should I be worried?
Not as long as you keep ignoring these and not download or click on anything.
I hope you took a look at those links that James provided (?)
You may also find this article interesting:
'Avoid and report Mozilla tech support scams': http://mzl.la/1N46GnS
Bob Condon said
do I have to worry about having my bank or other sensitive info stolen? I have not downloaded the phony patch. The thread here suggests that it comes from the browser and from many different sites?
Bob, I worry about near everything which happens without my knowledge, control or consent on my computer, including sudden disk activity.
The "it/suggestion" is not entirely correct nor technically complete but more info is needed to help determine HOW did this happen.
cliffontheroad said
Bob, I worry about near everything which happens without my knowledge, control or consent on my computer, including sudden disk activity.
And rightfully so, cause, unfortunately, scammers will continue to 'do their thing', until we can find a way to stop them for good.
Ignoring them and not falling for their fake notifications and pop-ups is a good start.
Thanks for your kind replies. The two main things that I get from them are 1. Don't worry because I didn't click and enable the virus, and 2. Worry about everything.
Should I take the nuclear option and wipe the drive, or would you more knowledgeable users go back to using online banking and other sensitive uses ?
Thanks,
Bob
Bob Condon said
Should I take the nuclear option and wipe the drive, or would you more knowledgeable users go back to using online banking and other sensitive uses ?
I'm sticking to my earlier reply to you.
Now, stop worrying so much and put a smile on your face !
Hi Bob, you should not
take the nuclear option and wipe the drive
unless you are experiencing very serious problems with your system or have an uncleanable infection.
Hi Bob, You mention wiping the drive, and that could solve potential malware issues, but unfortunately you will inevitably then need to start restoring things and the problem then is that If instead of using clean original programs you restore previous copies you risk re-introducing malware.
If you have not clicked on the fake update that is good, and you may have avoided being infected by that. If you did run or click on that malware you would quite likely be hit by some sort of malware. One problem being that the initial infection could then result in further malware being installed.
It appears you are aware you have already had malware on your computer. It would be prudent to scan with all the tools mentioned in the article
If there is any chance the Fake update was run it may also be worth checking for this particularly dangerous and well hidden Trojan We have reason to believe the kovter trojan is being spread by fake updates so it would be a good idea to run this special removal tool.
- Notes & tool link: "Symantec Official Blog Kovter malware learns from Poweliks with persistent fileless registry update"
- Instructions for Trojan.Kotver Removal Tool use With download links
- It is against forum policy to post links to executables in the forum. Please use the link in the Instructions page. Note if your computer is using Windows 64 bit and the standard 32 bit Firefox, you should use the 64bit version of the tool.
If you run that tool please say what the result is, it should either confirm you have no infection or produce a log file to indicate what was discovered..
I'm really starting to think this is connected to AdChoices. The sites it happens on to me, 5 times, appear to be totally random with the only thing in common is AdChoices. I also let Amazon know since it happened twice on their site and I also get their ads in AdChoices.
What's the best way to stop AdChoices ads from appearing without disrupting any other aspect of my browsing experience?
Muudetud
Logical assumption about AdChoices except (forgive me) wrong. Use DuckDuckGo on AdChoices and read the top description. However, I have opted out of a few of their choices, so expect a PM from me. I may have disabled Active-x (or was that on IE) and I haven't be able to get an orange screen in a while. There are a number of analysis sub-routines (google, for one) to determine who the user is, but I haven't found a pattern strong enough, yet. Is it always Amazon you were on?
Muudetud
Pardon if this offending url is already listed. Hope someone busts their chops!
Received "Urgent Firefox Update" from: schoonclicksubmit.org
Was in Ebay.com when I got it.
Muudetud
Got another one, also while in ebay:
Muudetud
Should any of you be seeing this reproducibly and wish to try to help then the information developers are after is explained in my post
Saving the page that pops up the fake update screen (not the markup of the update screen, but of the page that creates it) using ctrl-s (cmd-s on osx) and saving it once as "web page, complete" and once as "web page, HTML only", and uploading both of those as zip files (including the <pagename-you-enter-in-save-dialog>_files directory) onto this bug might help. It's hard to be sure or give detailed instructions when we don't know how exactly how the webpage is opening the window. If the update thing is now redirecting the main tab as loaded (which seems to be what some users are suggesting/experiencing) then the only thing that'll really help make sense of what's happening is a network trace from wireshark, or detailed screenshots of the firefox network console that provide similar information.
I disabled all my firefox plug-ins and extensions, except java, which I updated and have ran for over a week without a problem. I just enabled flash, and will run it for at least a week. I will just keep doing this with all the plug-ins, then extensions, and see if the thing pops up again after enabling a specific add-on.
Follow up. enabling Ublock Origin stopped the pop ups. It worked like magic.
that is a good result. Do try it first thing tomorrow, since the orange page tends to be only once per day. Please identify the page you were ON (via page-back from the orange screen.) I have not looked at the ebay site for several reasons: what screen URL, with or without logging in? (for example) I'd like someone to try something (remembering the OS will not reappear that day) From the page which was linked to intentionally, Top of screen, Tools, then 'page info' then 'media' and see if an item with the key of 'z.moatads.com' is there. If so, check the box "Block images ...". Then try the site tomorrow.