What's Firefox Update Center Security Warning (url http://227.hsq.couferedphp.net/e7ebb804fad4ff8d7b477f17ad28d7b3.html) with popup to download FirefoxPatch.exe
Firefox Update Center without warning replaced my website with a "Firefox Security Warning: Your network segment is vulnerable to malware injections. Vulnerability level: 93%." Attached is a download & Install Now window "Firefox Patch setup: Your update is ready...Firefox patch version: 1.2 Build release date: 11/07/2015. No restart is required." The download FirefoxPatch.exe which is: Binary File (300KB) from http://227.hsq.couferedphp.net...Save file or cancel option. Is this from Firefox?
Chosen solution
I don't know, but I don't like it...
To update Firefox 41 to Firefox 42, the safest way is to use the built-in updater. You can activate it using the Help menu. Either:
- "3-bar" menu button > "?" button > About Firefox
- (menu bar) Help > About Firefox
You might also want to supplement your regular security software with the scanning/cleaning tools listed in our support article: Troubleshoot Firefox issues caused by malware. These on-demand scanners are free and take considerable time to run. If they finish quickly and especially if they require payment, you may have a serious infection. I suggest the specialized forums listed in the article in that case.
Read this answer in context 👍 12All Replies (20)
Chosen Solution
I don't know, but I don't like it...
To update Firefox 41 to Firefox 42, the safest way is to use the built-in updater. You can activate it using the Help menu. Either:
- "3-bar" menu button > "?" button > About Firefox
- (menu bar) Help > About Firefox
You might also want to supplement your regular security software with the scanning/cleaning tools listed in our support article: Troubleshoot Firefox issues caused by malware. These on-demand scanners are free and take considerable time to run. If they finish quickly and especially if they require payment, you may have a serious infection. I suggest the specialized forums listed in the article in that case.
By the way, Firefox updates are much bigger than 300K, so whatever that is, it is NOT Firefox.
Such messages are always a scam to try to seduce you to install malware, sop you should never respond to such a message.
If you get a pop-up message asking to update Firefox or plugins or scanning for malware then such a message is likely a scam and you should never respond to such an alert to avoid getting infected with malware.
- Only update Firefox via "Help > About" or by downloading and installing Firefox from the Mozilla server and never via a pop-up or link on a web page.
- Plugins should only be updated via the plugin itself or by visiting the home page of the plugin.
You can find the full version of the current Firefox release (42.0) in all languages and all operating systems here:
Thanks so much. I thought it might be malware. I'll update as suggested.
While I was reading a newspaper online, all of a sudden, a "Firefox Security Warning" took over current tab window. It also Included a not movable "Firefox patch setup" with a green check marked and a download "FirefoxPatch.exe" pop up outside the tab window. This has happened twice within a week.
Something is obviously wrong: 1. I have current version (V 42.0). 2. I have never seen Firefox offers a patch, usually a new release updated when I launch the browser. 3. I have never seen Firefox send download. I usually go to Mozilla to download current version of Firefox if I need one. 4. The URL is not from Mozilla, but a strange https://haesophoto-dictionary.net/1fcb994b7785a23657a04bdb3cf30a00.html. Interestingly enough, I went back to this link to find it is a valid link but now has no content. 5. Why is "haesophoto-dictionary.net" has anything to do with Firefox patch? It doesn't make sense. 6. I downloaded the FirefoxPatch.exe to look into further, but did NOT install it. 7. I checked this Mozilla forum, and found someone mentioned this is a fake, so I delete the download just like I did the first time.
Next morning, MalwareBytes revealed the mystery that FirefoxPatch.exe in the $Recycle.Bin had a hidden trojan, Trojan.Agent.MSH.
It never hurts to stay alert.
gtw888 said
While I was reading a newspaper online, all of a sudden, a "Firefox Security Warning" took over current tab window. It also Included a not movable "Firefox patch setup" with a green check marked and a download "FirefoxPatch.exe" pop up outside the tab window. This has happened twice within a week. Something is obviously wrong: It never hurts to stay alert.
Did you read the post above, by Cor-el ?
gtw888 said
6. I downloaded the FirefoxPatch.exe to look into further, but did NOT install it. 7. I checked this Mozilla forum, and found someone mentioned this is a fake, so I delete the download just like I did the first time.
You say you did not install the bogus file, but the unfortunate news about malware is that its code does not play by the rules.
By merely "downloading" the file, you may have installed important parts of the malware code.
Suggestions--
- Perform a Malwarebytes update, and run a full system scan once more.
On an infected system I encountered, the same bogus update notice had three locations-- two in the registry and one file. Your experience may vary.
- When you get a screen pop-up in the future, never click on anything in the notice panel.
When you see a malware pop-up, the malware is typically resident already in system memory, so you should clear all memory caches on Firefox--
- Under Tools / Clear Caches
- Under Tools / Options / Advanced / Cached Web Content
- Restart the system, to complete the process
Modified
alphaa100 said
gtw888 saidWhile I was reading a newspaper online, all of a sudden, a "Firefox Security Warning" took over current tab window. It also Included a not movable "Firefox patch setup" with a green check marked and a download "FirefoxPatch.exe" pop up outside the tab window. This has happened twice within a week. Something is obviously wrong: It never hurts to stay alert.Did you read the post above, by Cor-el ?
No I did not, somehow I missed it. But I do the same way as he suggested.
alphaa100 said
gtw888 said6. I downloaded the FirefoxPatch.exe to look into further, but did NOT install it. 7. I checked this Mozilla forum, and found someone mentioned this is a fake, so I delete the download just like I did the first time.You say you did not install the bogus file, but the unfortunate news about malware is that its code does not play by the rules.
By merely "downloading" the file, you may have installed important parts of the malware code.
Suggestions--
- Perform a Malwarebytes update, and run a full system scan once more.
On an infected system I encountered, the same bogus update notice had three locations-- two in the registry and one file. Your experience may vary.
- When you get a screen pop-up in the future, never click on anything in the notice panel.
When you see a malware pop-up, the malware is typically resident already in system memory, so you should--
- clear all memory caches on Firefox-- under Tools / Clear Caches and under Tools / Options / Advanced / Cached Web Content, you clear that cache, as well, for good measure)
- Restart the system, for good measure
Thanks, this is very helpful.
If you had installed this Fake FirefoxPatch ,exe it would likely have installed Cryptolocker which can lock files for ransom on Windows.
James said
If you had installed this Fake FirefoxPatch ,exe it would likely have installed Cryptolocker which can lock files for ransom on Windows.
That would be the worst scenario to deal with.
I have also been redirected to this fake Firefox Security Warning a couple of times. The URL and file size of "FirefoxPatch.exe" were different each time. Firefox fans might be somewhat relieved to know that there is a virtually identical Internet Explorer Security Warning (see attached). Malwarebytes is an old favorite of mine, but I regret to report that it has found no threats on my PC since the first Security Warning appeared. (Of course salvation could be just a database update away.) In fact the list of security software that reports my PC to be clean is growing rather lengthy. AdwCleaner removed a few items, but clearly not the right items because the Security Warning has reappeared since then. I will certainly post if I find a real solution.
Abzyx said
I have also been redirected to this fake Firefox Security Warning a couple of times. The URL and file size of "FirefoxPatch.exe" were different each time... Malwarebytes is an old favorite of mine, but I regret to report that it has found no threats on my PC... In fact the list of security software that reports my PC to be clean is growing rather lengthy. AdwCleaner removed a few items, but clearly not the right items because the Security Warning has reappeared since then.
Finding a security warning on your screen means the pathogen occupies some of your system memory. The agent involved may be a worm, and that kind of pathogen does not leave a file trail unless, of course, someone tries to "download" a file offered as bait. In which case, there may be an actual file in the Downloads folder.
Even without a file body, however, the worm has teeth, and these go to work changing the registry and whatever other mayhem their code payload has been intended to do on activation. All this means the original agent may have morphed since "download" began, and can be found in multiple places and under different (even random) file names and byte counts. Any signature scanner which is out of date (sometimes, by only a few hours) may be completely ineffectual.
Your discovery of varied results after scanning would match the after- effects of a worm running riot through a system. Malwarebytes is very good at rescue from ransomware, but it misses a few.
Another course is to go online to Trend Micro, Kaspersky, or another major security scanner, and let their deepest resources scan your system for the latest, with the latest signatures. The risk is there is still something on your system, and all you can do is to eradicate it before risking any more of your data.
Although a complete operating system reinstallation is one frequently offered "cure", few users need to be that extreme. Which makes this also a good time to locate what safe backup images you have, if any, on your USB external hard drive or large memory stick. After you are reasonably sure all malware and marks have been removed from the system, restoring a genuine pre-infection backup of only your registry might help immensely, as a first recovery step. Even if no other file evidence is found, marks might have been left by the agent in your current registry.
Hi, I found out that the automatic re-direct to the fake Firefox Update Center website is caused by "malvertising" from a legitimate webpage that I was browsing on and not caused by a program or virus from the computer. This is how I know:
1. I recently just wiped out my computer and clean installed from an OEM recovery disk. So, I didn't download or install any files or programs from the internet.
2. All I did was browse the Slickdeals Hot Deals forum website as I have done for years and suddenly got redirected to the suspicious Firefox Update Center website .
3. Finally, I found confirmation from other users that had the exact same webpage redirect while browsing Slickdeals.net. These are the two forum threads that helped me confirm the issue was not from my computer:
http://www.bleepingcomputer.com/forum.../page-3
http://slickdeals.net/f/8367367-malware-in-your-advertisemen...
From my online research of the fake Firefox Update Center website, the FirefoxPatch.exe file that it asks the users to download contains a very dangerous malware that will lock up the users' files and demand ransom to unlock them. So, please remember never to trust and download the misleading file from these malvertising websites even though it was redirected from a legitimate website! I hope I am able to help and prevent others from being tricked by this malvertising!
Modified
Actually, I just realized Abzyx who posted here is the same person who helped me on the bleepingcomputer.com website.
Yeah, it's me alright. I hope those registry keys that AdwCleaner and Junkware Removal Tool deleted weren't very important! I have an image from several months ago that I could restore, and there were times when I was sorely tempted to do so, but I resolved to stand my ground. In addition to Slickdeals and Refdesk, Deviantart is another website where redirects to the bogus Firefox Security Warning have been reported. The best defense is probably an effective ad-blocking browser extension. I have now adopted Adblock Plus, which is probably the most well-known. It doesn't seem to slow down Firefox nearly as much as it slows down IE. There are other options for Firefox, some of which are reportedly less resource-intensive. If there is a local infection on our PCs, I still haven't found a product that can detect it. Admittedly I haven't tried Spybot yet. Will run Kaspersky Rescue Disk again with latest definitions tonight, but scans that detect no threats are getting monotonous.
Thanks for another helpful piece of useful info Abzyx!
It makes sense to me now that since I wiped out and clean-installed my whole computer, I haven't installed Adblock Plus when browsing the web. Without the ads being blocked, I got re-directed to the malware site, which I never noticed before when I used Adblock Plus. I'm glad there's an easy way to limit the risk of this malvertising website vulnerability for people who are not too computer savvy.
InFor3 said
Hi, I found out that the automatic re-direct to the fake Firefox Update Center website is caused by "malvertising" from a legitimate webpage that I was browsing on and not caused by a program or virus from the computer. ...So, please remember never to trust and download the misleading file from these malvertising websites even though it was redirected from a legitimate website! I hope I am able to help and prevent others from being tricked by this malvertising!
If you have a pop-up warning which matches the warnings described above, that malware has originated from several sites, at last count.
More to the point, attributing the pop-up warning panel it discusses merely to "malvertising" and a browser redirect overlooks a serious hazard. You are not safe, merely because you have not chosen to download a file-- malware already may be resident in your system memory.
The memory-resident malware payload can vary, but should be expected to have several modifications prepared for you. Among them (as suggested by poster "James", earlier in this thread)-- your "redirect"-- even without download-- is already staged to populate your system with ransomware, or worse (if possible). Malware is sophisticated, and an infected site can have several attack vectors.
The overriding principle is immediately to leave the malware and all its messages "untouched" in your system memory by clearing the browser caches, and-- to be on the safe side-- restarting the Windows session. Presuming that since you have not downloaded any files, your browsing session is safe, can be hazardous.
I just went through this same thing on eBay France.
GET RID OF FAKE SECURITY ALERT TAB(S)
STAY ON THE FAKE SECURITY ALERT PAGE GO TO Tools > Page Info Go TO EACH SECTION> General > Media > Feeds > Permissions > Security BLOCK EVERYTHING [ESPECIALLY EVERYTING UNDER PERMISSIONS] EXIT OUT OF PAGE INFO WINDOW NOW YOU SHOULD BE ABLE TO EXIT OUT OF THE TAB(S)