maleware in the website ff dutch
i think your website has maleware i downloaded ff and get maleware and now some other users to. i downloaded it on the official site and de dutch version. check it please
All Replies (8)
Firefox from the official Mozilla server doesn't come with malware.
Some security software thinks that the small stub installer is containing malware because it needs to access internet to download all the files.
Try to full installer instead.
You can find the full version of the current Firefox release (58.0.1) in all languages and all operating systems here:
I downloaded the Win64 Dutch Firefox 58.0.1 from www.mozilla.org/firefox/all/ and the stub installer (Dutch) from http://archive.mozilla.org/pub/firefox/releases/58.0.1/win32/nl/
Firefox 58.0.1 full Win64 Setup (Dutch) https://www.virustotal.com/#/file/88bc8c4dc147d742a1e624a044ff0668548257075b33549b4dc078c4548205d0/detection
Firefox 58.0.1 stub (Dutch) https://www.virustotal.com/#/file/3f34a85a3af2ad6d2ca7726573a9c3aa6cc2111b322269cece1a95baf3a6b5dc/detection
Cylance has a claim of unsafe on both but I would not trust that as it's detecting used on site is different from application and every Firefox version I have scanned in last months Cylance claimed unsafe while no other scanner did. False positives can still happen with the small stub installer even though it has existed since Firefox 18.0 and is safe.
Just because you encounter some malware after installing Firefox does not mean it came with Firefox. https://support.mozilla.org/en-US/kb/troubleshoot-firefox-issues-caused-malware
Modified
here are the 2 evil's yahoo and russian bruids you must remove ff and than scan otherwise it thinks its legitiem. after reinstal ff and it's gone. and now a new costumer had the same problem thats i ask check it please. that my question
Hi gerritbagger, those "Autoconfig" files should not be included with Firefox, and hopefully they are not.
If those files show up again, can you have the user take a look inside the .cfg file (open as plain text) and see what it does?
Recently, many users reported this kind of "program folder infection" from installing the Lavasoft/AdAware Web Companion program. That took over the default search engine.
The file does not match, however, so there could be a new one going around.
There is also a Fake "Firefox requires a manual update" page floating around that installs a Extension that starts with FF in name. Mozilla has blocked perhaps 15 of these extensions installed by this in the past couple weeks.
The image below is an example of the Fake "Firefox requires a manual update" page. If you got this then it was not from Mozilla or the Firefox web browser.
i shall explain the story, after a clean install van windows i download the FF from the officiale site login with the account. no adone instalted exept the standaard adblocker. before i want to install te adone's i alway's use the russian site came in the picture soon after the yahoo site. normaly i hit the help and than the about FF for the update never in the 12 years i had any trouble. so it is in the adblocker or FF what is giving the trouble and i have read the help for a answer and i see that more people have strange things in FF so i wonder where is the problem? remind iam not complaining yust asking iam also glad with the answers and i hope to solved this.
Malwarebytes www.malwarebytes.com
-Logboekdetails- Scandatum: 13-01-18 Scantijd: 22:11 Logbestand: 4fdbb92e-f8a6-11e7-8030-d050995ee394.json Beheerder: Ja
-Software-informatie- Versie: 3.3.1.2183 Versie componenten: 1.0.262 Update pakketversie: 1.0.3688 Licentie: Gratis
-Systeeminformatie- Besturingssysteem: Windows 10 (Build 16299.125) Processor: x64 Bestandssysteem: NTFS Gebruiker: BAGGER\gerrit
-Scansamenvatting- Scantype: Bedreigingsscan Resultaat: Voltooid Objecten gescand: 294656 Dreigingen herkend: 2 Dreigingen in quarantaine: 2 Verstreken tijd: 1 min, 40 sec
-Scanopties- Geheugen: Ingeschakeld Opstarten: Ingeschakeld Bestandssysteem: Ingeschakeld Archieven: Ingeschakeld Rootkits: Ingeschakeld Heuristiek: Ingeschakeld POP: Detectie POA: Detectie
-Scandetails- Proces: 0 (Geen kwaadaardige items gedetecteerd)
Module: 0 (Geen kwaadaardige items gedetecteerd)
Registersleutel: 0 (Geen kwaadaardige items gedetecteerd)
Registerwaarde: 0 (Geen kwaadaardige items gedetecteerd)
Registerdata: 0 (Geen kwaadaardige items gedetecteerd)
Gegevensstroom: 0 (Geen kwaadaardige items gedetecteerd)
Map: 0 (Geen kwaadaardige items gedetecteerd)
Bestand: 2 PUP.Optional.FFHijacker, C:\PROGRAM FILES\MOZILLA FIREFOX\153623906.CFG, In quarantaine, [1069], [345408],1.0.3688 PUP.Optional.FFHijacker, C:\PROGRAM FILES\MOZILLA FIREFOX\DEFAULTS\PREF\153623906.JS, In quarantaine, [1069], [330892],1.0.3688
Fysieke sector: 0 (Geen kwaadaardige items gedetecteerd)
(end)
Here is the scanlog but the maleware was not visable so i make the sreenshot
gerritbagger said
Bestand: 2
PUP.Optional.FFHijacker, C:\PROGRAM FILES\MOZILLA FIREFOX\153623906.CFG, In quarantaine, [1069], [345408],1.0.3688
PUP.Optional.FFHijacker, C:\PROGRAM FILES\MOZILLA FIREFOX\DEFAULTS\PREF\153623906.JS, In quarantaine, [1069], [330892],1.0.3688
Thank you for the full names. These definitely should not be present in a new Firefox installation. The only file that is supposed to be present in
C:\PROGRAM FILES\MOZILLA FIREFOX\DEFAULTS\PREF\
is a file named channel-prefs.js
What I think we all want to figure out is how these other files got into the Firefox program folder. And since their names are completely uninformative, possibly randomly generated, what they are.