搜索 | 用户支持

防范以用户支持为名的诈骗。我们绝对不会要求您拨打电话或发送短信,及提供任何个人信息。请使用“举报滥用”选项报告涉及违规的行为。

详细了解

A website is posing as Firefox update site, forces you to download a probably malicious fake firefox-update.exe

  • 9 个回答
  • 108 人有此问题
  • 6 次查看
  • 最后回复者为 JJBlue

more options

The site http:// firefox.perl .sh/ is posing as a firefox update site, and tries to get you to run an executable (firefox-update.exe)

Edited to disable the link - TonyE

The site http:// firefox.perl .sh/ is posing as a firefox update site, and tries to get you to run an executable (firefox-update.exe) ''Edited to disable the link - TonyE''

由TonyE于修改

被采纳的解决方案

There have been quite a few sites like that one recently. They report either Firefox or Flash needs to be updated in an attempt to get people to install malicious software.

You can report those sites by using the "Report web forgery" option in the Help menu.

定位到答案原位置 👍 6

所有回复 (9)

more options

选择的解决方案

There have been quite a few sites like that one recently. They report either Firefox or Flash needs to be updated in an attempt to get people to install malicious software.

You can report those sites by using the "Report web forgery" option in the Help menu.

由TonyE于修改

more options

Thanks, I didn't notice the "Report web forgery" option before. Reported.

由ncryptor于修改

more options

Mozilla has been working with the Google safe browsing folks and the anti-virus vendors to try to get these sites blocked as quickly as possible, and also have outside counsel contacting the folks who run .co.cc and .co.cz to try to get them to stop selling domain names to whoever is behind this. These efforts may explain why this same page has shown up on other domains outside of .co.cc and .co.cz lately.

This site is reported by the way.

more options

How do I uninstall the malware if it downloaded onto my desktop? I noticed changes on my computer like music and advertisements will start playing even when i don't have anything open. I want to uninstall it, but I cant figure out how

more options

Try running several malware scanners. It is best to run several as each will pick up things that the others miss. Some scanners you can try are:

If the above malware scanners do not find any malware or can not clear it, you should consider posting in one of these forums for specialized malware removal help:

more options

I had the same problem with my computer, and found this post from bleepingcomputer helpful:

http://www.bleepingcomputer.com/forums/topic68402.html

What fixed it for me was: A) Disabling TeaTimer B) Restarting my computer in safe mode C) Running HijackThis D) Deleting the .exe file (I don't remember its exact name, but I googled every .exe file HijackThis until I found results telling me it was malware) E) Restarting my computer in normal mode.

It did the trick. I hope this helps!

more options

I had something similar happen to me a couple of days ago but the page was what looked like a 'Firefox Reported Attack Site' page!

I went to Google and searched for 'Mystical pictures of London'>clicked 'Images' and on the first page of Google Images there was a picture that was out of place and lets say a little explicit. I couldn't make it out properly so clicked on the Pic. That's when i got redirected to what looked like the Firefox Reported Attack Site page, but it had a 'Download Updates' tab instead of the usual 'Get me out of Here' tab. I then got a Prompt saying:

'The Website has been blocked based on your security preferences.
 Click 'OK' to download and install firefox updates.


I clicked 'ok' knowing i would then get the prompt to save the file, so i could have a better look at what it was! I then took a screenshot of the pop up prompt and clicked cancel. Then run a full scan with Malwarebytes and it found a 'Rough Installer' Virus!

Now i need to find a way of reporting this!?

(Leaving a space or spaces in the links)

The link on the Pic said:

mysticalparty. png

On the prompt it said: You have chosen to open firefox_update_2011. exe

Which is a: Binary File from: http:// dl. av2011. co. cc

I have also saved the Log from my MBAM scan.


I hope i have not broken any rules putting the info up here, but i'm no Techno Wizz...I just don't want anyone else to make the same mistake as me and want this site Reported and closed down!

Any Help or Advise would be Great!

more options

The link you posted http:// dl. av2011. co. cc is not found now.

Best place to report a site trying to do stuff like this, like serving a trojan exe as a Firefox update is at http://www.mozilla.com/en-US/legal/fraud-report/index.html

Like I said Mozilla has be pressuring the co.cc to not allow this fake update page to go up so it is no surprise if it is down now.

由James于修改

more options

Thank you so much for your reply James. The link you gave me is exactly what i was looking for! I've passed all the information i have on to them and lets hope Firefox or even Google (as this is where i got the link in the first place) crack down on co.cc for letting these pages go through the net!

The page looked exactly as it does in this link: http://technonxt.wordpress.com/2010/10/20/reported-attack-page-a-latest-malicious-trick-from-security-tool-rogue-anti-virus/

...but not from the site that is explained on technoxt.wordpress page. Thanks again!!