Join the AMA (Ask Me Anything) with the Firefox leadership team to celebrate Firefox 20th anniversary and discuss Firefox’s future on Mozilla Connect. Mark your calendar on Thursday, November 14, 18:00 - 20:00 UTC!

This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

apparent Firefox request to download anti-malware

more options

Accessing Salon.com, a page came up purporting to be from FireFox (with Firefox logo and fonts) and about a security problem that needed an immediate patch. Norton anti-virus flagged the executable as dangerous. The url shown when hovering the mouse over the links was pretty obviously not a legitimate Firefox url. Never saw anything like this before. What's going on?

Accessing Salon.com, a page came up purporting to be from FireFox (with Firefox logo and fonts) and about a security problem that needed an immediate patch. Norton anti-virus flagged the executable as dangerous. The url shown when hovering the mouse over the links was pretty obviously not a legitimate Firefox url. Never saw anything like this before. What's going on?

Chosen solution

Mainstream websites can be infected through "malvertising", which is the use of ad networks to promote malware. (Often these are Flash-based ads, so one way to see fewer of these is to take more control over when sites are allowed to run Flash.)

That's the most likely scenario, but if you see it again on another site, you may want to check your system for problem software.

Here's my suggested procedure for tracking down and cleaning up bad add-ons, hijackers, and ad injectors. I know it seems long, but it's not that bad.

(1) Open the Windows Control Panel, Uninstall a Program. After the list loads, click the "Installed on" column heading to group the infections, I mean, additions, by date. This can help in smoking out undisclosed bundle items that snuck in with some software you agreed to install. Be suspicious of everything you do not recognize/remember, as malware often uses important or innocent sounding names to discourage you from removing it. Take out as much trash as possible here.

(2) Open Firefox's Add-ons page using either:

  • Ctrl+Shift+a
  • "3-bar" menu button (or Tools menu) > Add-ons
  • in the Windows "Run" dialog, type or paste
    firefox.exe "about:addons"

In the left column, click Plugins. Set nonessential and unrecognized plugins to "Never Activate".

In the left column, click Extensions. Then, if in doubt, disable (or Remove, if possible) unrecognized and unwanted extensions. Bear in mind that all extensions are optional, none come with Firefox, and you can learn more about them by checking their reviews on the Add-ons site.

Often a link will appear above at least one disabled extension to restart Firefox. You can complete your work on the tab and click one of the links as the last step.

(3) You can search for remaining issues with the scanning/cleaning tools listed in our support article: Troubleshoot Firefox issues caused by malware. These on-demand scanners are free and take considerable time to run. If they finish quickly and especially if they require payment, you may have a serious infection. I suggest the specialized forums listed in the article in that case.

Success?

Read this answer in context 👍 1

All Replies (3)

more options

If you get a pop-up message asking to update Firefox or plugins or scanning for malware then such a message is likely a scam and you should never respond to such an alert to avoid getting infected with malware.

  • Only update Firefox via "Help > About" or by downloading and installing Firefox from the Mozilla server and never via a pop-up or link on a web page.
  • Plugins should only be updated via the plugin itself or by visiting the home page of the plugin.
more options

Chosen Solution

Mainstream websites can be infected through "malvertising", which is the use of ad networks to promote malware. (Often these are Flash-based ads, so one way to see fewer of these is to take more control over when sites are allowed to run Flash.)

That's the most likely scenario, but if you see it again on another site, you may want to check your system for problem software.

Here's my suggested procedure for tracking down and cleaning up bad add-ons, hijackers, and ad injectors. I know it seems long, but it's not that bad.

(1) Open the Windows Control Panel, Uninstall a Program. After the list loads, click the "Installed on" column heading to group the infections, I mean, additions, by date. This can help in smoking out undisclosed bundle items that snuck in with some software you agreed to install. Be suspicious of everything you do not recognize/remember, as malware often uses important or innocent sounding names to discourage you from removing it. Take out as much trash as possible here.

(2) Open Firefox's Add-ons page using either:

  • Ctrl+Shift+a
  • "3-bar" menu button (or Tools menu) > Add-ons
  • in the Windows "Run" dialog, type or paste
    firefox.exe "about:addons"

In the left column, click Plugins. Set nonessential and unrecognized plugins to "Never Activate".

In the left column, click Extensions. Then, if in doubt, disable (or Remove, if possible) unrecognized and unwanted extensions. Bear in mind that all extensions are optional, none come with Firefox, and you can learn more about them by checking their reviews on the Add-ons site.

Often a link will appear above at least one disabled extension to restart Firefox. You can complete your work on the tab and click one of the links as the last step.

(3) You can search for remaining issues with the scanning/cleaning tools listed in our support article: Troubleshoot Firefox issues caused by malware. These on-demand scanners are free and take considerable time to run. If they finish quickly and especially if they require payment, you may have a serious infection. I suggest the specialized forums listed in the article in that case.

Success?

more options

I think I'm not infected, having not taken the bait (I think Salon.com has been too eager in taking on advertisers) -- I'm glad for the suggestions. I do have Adobe Flash set to run only on request. Nothing new on my lists of installed programs and updates I don't recognize. I do have a feeling the last two updates from (KB 3122947 and 3116908) introduced problems with my W10 system (start button and Cortona/search button on Taskbar don't work) but see no signs of installed malware.

Many thanks for your prompt attention and thoughtful answers.