This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Fake Update page installs virus.

  • 2 replies
  • 5 have this problem
  • 1 view
  • Last reply by James

more options

I've seen this several other places, but it's never been quite complete in its description as I see it.

On several occasions, the website I try to access (e. g. BBC.com) redirects to a fake firefox update page. The page has several random urls, so blocking the single url won't work. The page pops up a dialog box to install a fake firefox patch file. I've never downloaded said file. Every time that this redirect happens, without any intervention on my part, my firewall catches and eliminates a Trojan located in C:\Users\myaccount\appdata\local\temp, which has a different name every time. I've tried re-installing firefox, to no avail.

Several scans using windows scanner, malwarebytes, and a few others revealed no virus in my computer.

For a picture of the fake site, see https://support.mozilla.org/en-US/questions/1127235, whose last comment posts it. image:

     
    -J99

There was also a second similar fake page, but it only ever appeared once.

I don't know how the data sharing thing works, so I'm pasting it all below me. Win 10, Firefox 47.0.1 How long will it take Mozilla to find and fix the security error? Or at least release a warning about the automatic trojan download?

I've seen this several other places, but it's never been quite complete in its description as I see it. On several occasions, the website I try to access (e. g. BBC.com) redirects to a fake firefox update page. The page has several random urls, so blocking the single url won't work. The page pops up a dialog box to install a fake firefox patch file. I've never downloaded said file. Every time that this redirect happens, without any intervention on my part, my firewall catches and eliminates a Trojan located in C:\Users\myaccount\appdata\local\temp, which has a different name every time. I've tried re-installing firefox, to no avail. Several scans using windows scanner, malwarebytes, and a few others revealed no virus in my computer. For a picture of the fake site, see https://support.mozilla.org/en-US/questions/1127235, whose last comment posts it. image: <img src="//support.cdn.mozilla.net/media/uploads/images/2016-06-16-03-48-47-b682b8.png" width=400px> -J99 There was also a second similar fake page, but it only ever appeared once. I don't know how the data sharing thing works, so I'm pasting it all below me. Win 10, Firefox 47.0.1 How long will it take Mozilla to find and fix the security error? Or at least release a warning about the automatic trojan download?

Modified by John99

All Replies (2)

more options

The best guess is that an advertising network is spreading this "malvertisement".

I don't know whether it's a factor, but you have two versions of Flash installed, 18 and 22. Could you pull the full version numbers to check that they are patched up to date? You can view those on the About Plugins page: type or paste about:plugins in the address bar and press Enter. You can use Find (Ctrl+f) for npswf to skip to the Flash plugins.

Current versions:

Regular release: 22.0.0.192 Extended support release: 18.0.0.360

(https://www.adobe.com/products/flashp.../distribution3.html)

more options

Pallida said

Fake Update page installs virus. How long will it take Mozilla to find and fix the security error? Or at least release a warning about the automatic trojan download?

The fake .exe usually under name of firefox-patch.exe is only a risk to the Windows user if they run said .exe. The Firefox browser does not allow running of .exe thankfully and the downloading alone does not install whatever this .exe could install.

How do you figure Mozilla can get out warnings about this without being seen in a negative way or cause worry as it could just serve to scare users about updates in general. Also this seems to only target Firefox users on Windows and not Linux and Mac OSX since they do not use .exe. There is the snippets option for default about:home but would only target say 10% of users.

Have some discussion at https://support.mozilla.org/en-US/forums/contributors/712056 more later in first page and second page.

Modified by James