apparent Firefox request to download anti-malware
Accessing Salon.com, a page came up purporting to be from FireFox (with Firefox logo and fonts) and about a security problem that needed an immediate patch. Norton anti-virus flagged the executable as dangerous. The url shown when hovering the mouse over the links was pretty obviously not a legitimate Firefox url. Never saw anything like this before. What's going on?
Chosen solution
Mainstream websites can be infected through "malvertising", which is the use of ad networks to promote malware. (Often these are Flash-based ads, so one way to see fewer of these is to take more control over when sites are allowed to run Flash.)
That's the most likely scenario, but if you see it again on another site, you may want to check your system for problem software.
Here's my suggested procedure for tracking down and cleaning up bad add-ons, hijackers, and ad injectors. I know it seems long, but it's not that bad.
(1) Open the Windows Control Panel, Uninstall a Program. After the list loads, click the "Installed on" column heading to group the infections, I mean, additions, by date. This can help in smoking out undisclosed bundle items that snuck in with some software you agreed to install. Be suspicious of everything you do not recognize/remember, as malware often uses important or innocent sounding names to discourage you from removing it. Take out as much trash as possible here.
(2) Open Firefox's Add-ons page using either:
- Ctrl+Shift+a
- "3-bar" menu button (or Tools menu) > Add-ons
- in the Windows "Run" dialog, type or paste
firefox.exe "about:addons"
In the left column, click Plugins. Set nonessential and unrecognized plugins to "Never Activate".
In the left column, click Extensions. Then, if in doubt, disable (or Remove, if possible) unrecognized and unwanted extensions. Bear in mind that all extensions are optional, none come with Firefox, and you can learn more about them by checking their reviews on the Add-ons site.
Often a link will appear above at least one disabled extension to restart Firefox. You can complete your work on the tab and click one of the links as the last step.
(3) You can search for remaining issues with the scanning/cleaning tools listed in our support article: Troubleshoot Firefox issues caused by malware. These on-demand scanners are free and take considerable time to run. If they finish quickly and especially if they require payment, you may have a serious infection. I suggest the specialized forums listed in the article in that case.
Success?
Read this answer in context 👍 1All Replies (3)
If you get a pop-up message asking to update Firefox or plugins or scanning for malware then such a message is likely a scam and you should never respond to such an alert to avoid getting infected with malware.
- Only update Firefox via "Help > About" or by downloading and installing Firefox from the Mozilla server and never via a pop-up or link on a web page.
- Plugins should only be updated via the plugin itself or by visiting the home page of the plugin.
Chosen Solution
Mainstream websites can be infected through "malvertising", which is the use of ad networks to promote malware. (Often these are Flash-based ads, so one way to see fewer of these is to take more control over when sites are allowed to run Flash.)
That's the most likely scenario, but if you see it again on another site, you may want to check your system for problem software.
Here's my suggested procedure for tracking down and cleaning up bad add-ons, hijackers, and ad injectors. I know it seems long, but it's not that bad.
(1) Open the Windows Control Panel, Uninstall a Program. After the list loads, click the "Installed on" column heading to group the infections, I mean, additions, by date. This can help in smoking out undisclosed bundle items that snuck in with some software you agreed to install. Be suspicious of everything you do not recognize/remember, as malware often uses important or innocent sounding names to discourage you from removing it. Take out as much trash as possible here.
(2) Open Firefox's Add-ons page using either:
- Ctrl+Shift+a
- "3-bar" menu button (or Tools menu) > Add-ons
- in the Windows "Run" dialog, type or paste
firefox.exe "about:addons"
In the left column, click Plugins. Set nonessential and unrecognized plugins to "Never Activate".
In the left column, click Extensions. Then, if in doubt, disable (or Remove, if possible) unrecognized and unwanted extensions. Bear in mind that all extensions are optional, none come with Firefox, and you can learn more about them by checking their reviews on the Add-ons site.
Often a link will appear above at least one disabled extension to restart Firefox. You can complete your work on the tab and click one of the links as the last step.
(3) You can search for remaining issues with the scanning/cleaning tools listed in our support article: Troubleshoot Firefox issues caused by malware. These on-demand scanners are free and take considerable time to run. If they finish quickly and especially if they require payment, you may have a serious infection. I suggest the specialized forums listed in the article in that case.
Success?
I think I'm not infected, having not taken the bait (I think Salon.com has been too eager in taking on advertisers) -- I'm glad for the suggestions. I do have Adobe Flash set to run only on request. Nothing new on my lists of installed programs and updates I don't recognize. I do have a feeling the last two updates from (KB 3122947 and 3116908) introduced problems with my W10 system (start button and Cortona/search button on Taskbar don't work) but see no signs of installed malware.
Many thanks for your prompt attention and thoughtful answers.