Victim of Fake JS Urgent Update
I installed Firefox Portable on another laptop. The first page that popped up was Urgent Firefox Update. It autodownloded a js file and opened my downloads window. I wasn't thinking, so I clicked on it. It disappeared. I went to close the firefox window and noticed the address was from India-looking webpage ending in org, I noticed this way too late.
My question is how screwed am I? Now that laptop won't run Avira or Windows Update. These are all bad signs to out and out confirmation that I have just rendered that laptop useless for the internet. I have put a lot of work into it, three partitions with Windows files on it and a Linux partition, with plans for more in the unallocated space. Each partition is about 50g in size and about two-thirds full.
I couldn't get online from the Linux partition, so of course I used the Windows one to click on this trap. I searched the Mozilla forum, but the hits were for .exe files and not this javascript one. Is Mozilla aware of this and is an undo fix available?
All Replies (12)
Hi
We are aware of some very suspicious "Firefox update" pop up windows that are understood to install malware.
I strongly recommend running up to date anti-malware software to identify and remove the infection.
Hi !
In addition to this excellent advice, you could consider an ad-blocking add-on like:
https://addons.mozilla.org/en-US/addon/ublock-origin
Well said.
fake_js_update_victim said
I searched the Mozilla forum, but the hits were for .exe files and not this javascript one. Is Mozilla aware of this and is an undo fix available?
Makes sense if the threads you found were from before July 11 as the fake firefox-patch.js has been in use by these scammers since July 11. It was a firefox-patch.exe initially but it kept getting blocked or flagged quickly even with them making new .exe's frequently.
Nobody posting is this thread is from Mozilla and Mozilla is well aware of this fake urgent Firefox update scam concept.
Unfortunately it is not a case of this being a small number of ad sites that can get taken down and or blocked and that is it.
These sites gets registered the day before, used for a day and then not reported again as one or two new sites are used the next day.
The Ad only target some Firefox users on Windows and not on Mac OSX or Linux.
There is no undo or fix from Mozilla for those who run this fake firefox-patch.js file on Windows.
Modified
FredMcD said
Well said.
I had four responses to my question. Even worse than the shill for the adblocker software, this is by far the least helpful response. Do the world a favor and stop posting utterly meaningless replies just to get your name on a forum. Who cares if it is well said or not? It's this type of "look at me" posts, which only appeal to YOUR vanity, that help make the internet a terrible place.
My 'Well Said' was for the two replies that were already posted. Some might be nervous that the posters don't have that many solutions to their credit.
Nobody posting is this thread is from Mozilla and Mozilla is well aware of this fake urgent Firefox update scam concept.
Unfortunately it is not a case of this being a small number of ad sites that can get taken down and or blocked and that is it.
These sites gets registered the day before, used for a day and then not reported again as one or two new sites are used the next day.
The Ad only target some Firefox users on Windows and not on Mac OSX or Linux.
There is no undo or fix from Mozilla for those who run this fake firefox-patch.js file on Windows. </blockquote>
An earlier post recommended a malware scan. You're saying there's nothing I can do. This hearkens back to my OP question, just how screwed am I?
Ironically, I only take that laptop online to update my antivirus and Wind-Donts. This was the very first FF launch after a fresh Win7 install. I no sooner launched FF than this update notice came up as a tab, along with the Mozilla homepage tab. I clicked on it without looking because it was a tab, not a popup window. Haste not only makes waste, it makes for stupid mistakes like this.
I don't want to run an AV or a malware scan yet. I was going to install ClamWin and MalwareBytes those with that first launch.
I'll continue to leave this laptop offline, but my concern now is, will it infect my thumbdrives and external storage drives, and thence my other computers? Can it do anything to my router? I think it was a Portable FF. I've deleted the entire folder. Could it still have infected my System files from a Portable?
Thank you for taking the time to respond thoroughly to my first post. I marked your reply as helpful.
Kind regards, JM
A number of 'bad' programs are known to copy themselves if they can.
FredMcD said
My 'Well Said' was for the two replies that were already posted. Some might be nervous that the posters don't have that many solutions to their credit.
It's a pity you don't have similar insecurities about your posts, since you continue to offer no solutions and yet feel compelled to chime in with something. Since you obviously need affirmation, yes, you are a wonderful and worthwhile person for patting other contributors on the back just because they MIGHT be unsure of the number of their solutions.
Oh, and congratulations for successfully threadjacking my question. It occupies my time while I await helpful people with actual solutions.
FredMcD said
A number of 'bad' programs are known to copy themselves if they can.
I guess I'm looking for specifics on this particular program.
1. Does anyone know anything about it?
2. If Mozilla is aware of it, are they working on a fix?
3. Is it one of those that can hook into the BIOS and remain even after a complete wipe?
4. Is it one of the ones that can reload itself onto thumbdrives, external storage or routers? Until I know that, I have a self-contained brick with some fairly important data I whose backups I can't update.
Yes, I know, it's impossible to know which one this js program is exactly, but I can't be the only one stupid enough to click on it.
Also, does anyone want to buy a laptop? I can make you a REAL good deal on this one.
fake_js_update_victim said
FredMcD saidMy 'Well Said' was for the two replies that were already posted. Some might be nervous that the posters don't have that many solutions to their credit.It's a pity you don't have similar insecurities about your posts, since you continue to offer no solutions and yet feel compelled to chime in with something. Since you obviously need affirmation, yes, you are a wonderful and worthwhile person for patting other contributors on the back just because they MIGHT be unsure of the number of their solutions.
Oh, and congratulations for successfully threadjacking my question. It occupies my time while I await helpful people with actual solutions.
You are addressing a volunteer contributor who spends every spare moment trying to help people like you as well as his fellow contributors.
That deserves not only appreciation, but also great respect and gratitude.
You were given the advice to run an anti-malware scan, but you haven't done that yet ........ (?)
Have you considered the ad-blocking add-on as I suggested earlier ?