Urgent Fire Fox Update Notice
I keep getting a screen popping up that says "Urgent Firefox Update". My protection software is blocking it, saying it's a Trojan. When I go to Mozilla, it says my Firefox is up to date. Is there an Urget Update or not?
الحل المُختار
Hi
We are aware of this issue are are working to resolve it. From what you are saying this is almost certainly malware.
Firefox will always update from within the browser and not from a random web page. If you ever unsure of whether you are using the most recent version, this page will walk you through how to check.
Comment added by a forum moderator Please also see our help article
If you do see one of these fake updates please as a reply to this thread post the web address of the fake orange page and if possible the address of the genuine website it appears to have come from - the back arrow on the address bar of the orange page may sometimes help find that.
Read this answer in context 👍 236All Replies (8)
My experience with malware is that there is no sure way of getting rid of it, I had one that it took me a week of finding and deleting files and after that it came back several days later because I missed just one. It ain't no simple thing because these people are good at what they do.
You can take a look at this page: http://it-help.info/how-to/adwares/2449-how-to-remove-urgent-firefox-update
I suggest that you enable "Windows Defender" from "Control Panel" if you are running windows and make sure "Real-time protection" is "on" and "Virus and spyware definitions" are "Up to date". Now run a full scan which will take some time.
Take your time and read thoroughly but Google for: how to remove firefox "urgent firefox update" malware
Modified
rdwray said
You can take a look at this page: http://it-help.info/how-to/adwares/2449-how-to-remove-urgent-firefox-update I suggest that you enable "Windows Defender" from "Control Panel" if you are running windows and make sure "Real-time protection" is "on" and "Virus and spyware definitions" are "Up to date". Now run a full scan which will take some time. Take your time and read thoroughly but Google for: how to remove firefox "urgent firefox update" malware
I have been following this for months.
These fake urgent Firefox update pages has never been determined to be due to malware already on Windows. However if a user does run the fake firefox-patch.js file (as just saving it to disk is not a risk) then they should try to remove it yes.
That looks like a generic reused article format where they changed some words as they post extra crap like say remove urgent Firefox update from Opera, IE, Chrome, Safari, and from Mac OSX.
No Mac OSX or Linux OS user here has ever reported any form of urgent Firefox update in any way and nobody who got this fake Ad while using Firefox has ever said they got a urgent Firefox update page in other browsers like Opera, IE, Safari or Chrome on Windows also.
Modified
I did not say that the updates were due to malware, the update installs malware and this is the way to remove it. Go to the link.
OK, I hope this helps narrow down the problem. 2 other computers that have flash and Oracle Java running in Firefox get the download tab when Yahoo.com is loaded as homepage. My 1 computer that does not have flash and uses Firefox internal java with Ublock origin has never received that download tab. It is either Flash (which no one should be using any longer or Oracle Java (needed for government websites). It also could be that Ublock origin is already blocking the download pages from opening.
was on yahoo again today, last item viewed was about a ski lift incidence. Got the stupid orange screen from https://xaexidirecttrafficmedia.org/9711147668417/01b965eebe4cc96c3a3f1b6af3b04d7f/fe91954081f908f700038ff5aec9d153.html
thanks for sharing. Only the first part of the URL is important. Tomorrow will be a new OS/URL. If only we could isolate the ad seller ...
Modified
3 AM Sunday. went to https://www.yahoo.com/news/odd/ scrolled down to this story about satelites in PA and right-clicked-open-in-new-tab https://www.yahoo.com/news/city-fights-satellite-dish-blight-30-day-removal-173704252.html then I clicked on another story from the main page when suddenly that satelite story page became the OrangeScreen. What I should have done is, after 3 am, only invoked the 'city-fights...' link and see if the OS appeared. However, the view-source says there are 800 HTTP commands on that one page. Makes it kind of hard, huh? Do note that I can 'cancel' the popup, and go to the orange page and hit the top left-arrow (for page back) then hit the right-arrow (page forward) and get the orange screen. This does not explain how I got there the first time. After 10 minutes, the page-forward does not to the orange screen but to itself. Might some 'tools' be helpful, such as 'inspector' or 'debugger' ? I plead ignorance to mozilla internals. Help!
More (or Continued). I chose the tool "inspector' and I am seeing a bunch of 'get' commands. This may be helpful as to what is being executed. Perhaps if I can save it (Happy New years everyone) and try this after noon, I might see a different few steps. But also note that 1. ads change, and 2. it is probable that one of the 'gets' to a page fails and thus returns to the program without the orange screen appearing. So it is vital to try this 'tool' before trying (or just beginning) to try to get the orange screen to see when we stop AT the orange screen. In case someone is more familar with this process, I am NOT reporting the malware site today. What really IRKS me is that the yahoo page 'console' are is still scrolling. That's the 'rotating ads' to make money, or other features of web sites which make tracking down a probam a Bxxxx (bad word censored) ---addendum half hour later. Because I am not eligible to get the OS again today, I am limited. But I was able to do a 'select all' for the Inspector partition and the 'consol' partition and past them into my notepad word processor. I didn't see a url with '.org' (typical OS site) but you all should know that the advertisers links go to other sites. And while I pasted one of those URL's in on a separate tab and saw no result, I did a 'view source' of that blank page and saw code. This COULD help track it down. Also note that while the code may be hard to understand, there is also an encrypited form which looks like jibberish but can actually be decoded. If I say URL8, I'm probably wrong, but there is SOMEthing. If we realy are close to finding out who is involved, I hope someone knows HOW to nail their ass and not just get them to hide their maiware techniques and continue as usual. My experience among Federal and state agencies, and Internet companies is so negative that I am not going to try. Unfortunately lack of prosecution would be a crying affair.
Modified