attempted browser hijack downloaded trojan / linked to FF Block site 4.0.5.2 add-on.
My FF was in an attempted hijacking.
I was able to get out of it and report the web site through this menu's Report Deceptive Site. A follow up virus scan did not reveal anything.
Several days later I received an email stating the hijack downloaded a key logger which copied all my contacts and passwords. It then demanded a ransom of more money that I have and instructions on how to bitcoin the money to them, also something I have no idea what they are talking about. The hijackers included one password as evidence of the keylogger. I do not have a camera attached to my computer so the rest of the message was just rubbish.
a virus scan then revealed the Domepidief.A trojan which downloaded the file NSMAIL.PDF.
NSMAIL.PDF was located at c:\Users\your account\Appdata\Local\Temp\nsmail.pdf
NSMAIL.PDF showed as a Videolan VLC extension withthe roadcone icon.
Then FF started to repeatedly try to connect to Adult.yourblocksite.com. through troubleshooting the FF add-on Block site 4.0.5.2 was the source of the pinging.
You need to remove the Block Site add-on as its been hijacked by criminals.
Penyelesaian terpilih
The email sounds like a variation of one of those blackmail email scams.
https://www.reddit.com/r/Scams/comments/8gsjba/the_blackmail_email_scam/ https://www.kshb.com/money/consumer/dont-waste-your-money/scary-porn-blackmail-scam-knows-your-password
Baca jawapan ini dalam konteks 👍 1All Replies (3)
scan your system with:
use malwarebytes in safe mode and normal mode.
Penyelesaian Terpilih
The email sounds like a variation of one of those blackmail email scams.
https://www.reddit.com/r/Scams/comments/8gsjba/the_blackmail_email_scam/ https://www.kshb.com/money/consumer/dont-waste-your-money/scary-porn-blackmail-scam-knows-your-password
Yes, so the old password came from a Linkedin hack in 2012, not an old password hacked from FF.
Thanks for the news. The email threat was rubbish and the info it stated was not correct, but my concern was where the password came from, if it was indeed hacked from firefox or not.
thanks