Caută ajutor

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Află mai multe

Acest fir de discuție a fost arhivat. Adresează o întrebare nouă dacă ai nevoie de ajutor.

Malwarebytes reports Firefox.exe as a trojan attempting to contact a separately reported bad IP address

  • 11 răspunsuri
  • 3 au această problemă
  • 10 vizualizări
  • Ultimul răspuns de the-edmeister

more options

Malwarebytes interrupted with a pop-up alert saying Firefox was trying to connect to IP address

167.71.99.170 (https://urlhaus.abuse.ch/url/348428/),

which apparently might be bad?

Interestingly, the above urlhaus link initially reported the hit on the IP address per a Pascal Geenens (@geenensp on twitter) who writes for a security blog at

Thanks to any and all who might be able to help!

-Log Details- Protection Event Date: 6/4/20 Protection Event Time: 4:18 PM Log File: 920f76a0-a6a0-11ea-9633-00ffc7e81200.json

-Software Information- Version: 4.1.0.56 Components Version: 1.0.920 Update Package Version: 1.0.25022 License: Premium

-System Information- OS: Windows 10 (Build 18362.836) CPU: x64 File System: NTFS User: System

-Blocked Website Details- Malicious Website: 1 , C:\Program Files (x86)\Mozilla Firefox\firefox.exe, Blocked, -1, -1, 0.0.0

-Website Data- Category: Trojan Domain: IP Address: 167.71.99.170 Port: 443 Type: Outbound File: C:\Program Files (x86)\Mozilla Firefox\firefox.exe


(end)

Malwarebytes interrupted with a pop-up alert saying Firefox was trying to connect to IP address 167.71.99.170 (https://urlhaus.abuse.ch/url/348428/), which apparently might be bad? Interestingly, the above urlhaus link initially reported the hit on the IP address per a Pascal Geenens (@geenensp on twitter) who writes for a security blog at Thanks to any and all who might be able to help! -Log Details- Protection Event Date: 6/4/20 Protection Event Time: 4:18 PM Log File: 920f76a0-a6a0-11ea-9633-00ffc7e81200.json -Software Information- Version: 4.1.0.56 Components Version: 1.0.920 Update Package Version: 1.0.25022 License: Premium -System Information- OS: Windows 10 (Build 18362.836) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , C:\Program Files (x86)\Mozilla Firefox\firefox.exe, Blocked, -1, -1, 0.0.0 -Website Data- Category: Trojan Domain: IP Address: 167.71.99.170 Port: 443 Type: Outbound File: C:\Program Files (x86)\Mozilla Firefox\firefox.exe (end)

Toate răspunsurile (11)

more options

Please ignore   wimhelp201's   post and don't call that number   -   it's a scam !

more options

Thanks! I hadn't planned on it :) I reported the wimhelp201 account.

more options

wimphelp201 is a scammer. Please do not call the number. I've deactivated their account.

more options

Thanks Andrew.

What about firefox and sketchy IP's ? :)

more options

First, let's check your system.

You may have ad/mal-ware. Further information can be found in this article;
https://support.mozilla.org/en-US/kb/troubleshoot-firefox-issues-caused-malware?cache=no

Run most or all of the listed malware scanners. Each works differently. If one program misses something, another may pick it up.

more options

Hi FredMcD Ran both Malwarebytes and Microsoft Security with no results (full scan of all files including rootkit search). No add ons or extensions install.

Is there some way to dig into what firefox was doing at the time the request was made to the IP?

more options

Not that I know of. I called for more help.

more options

Awesome. Thank you.

more options

Malwarbytes detects FirefoxPC installer file as malware. Please advise. see attached.

more options

pcendeavorsny, Your screenshot did not shoe FirefoxPC installer.
At any rate, quarantine everything listed and let us know what happens.

more options

pcendeavorsny said

Malwarbytes detects FirefoxPC installer file as malware. Please advise. see attached.

Those 6 PUPOptio...|Conduit lines aren't part of Firefox. Could be related to an Add-on for Firefox, as Conduit has been known for many years as a "bad player" with their Firefox Add-ons. But AFAIK they have been banned from the Mozilla / Firefox Add-ons website, so they may have been installed from some other website; but even that would surprise me, as far as even being "digitally signed" to be allowed to install in Firefox.

Beyond that, it would be nice to see the full "Location" of the Registry Keys and Values. Like maybe a screenshot of the Save Results ... contents or the text of same. Hard to provide advice with the posted screenshot information.