This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Natao arisiva ity resaka mitohy ity. Mametraha fanontaniana azafady raha mila fanampiana.

attempted browser hijack downloaded trojan / linked to FF Block site 4.0.5.2 add-on.

more options

My FF was in an attempted hijacking.

I was able to get out of it and report the web site through this menu's Report Deceptive Site. A follow up virus scan did not reveal anything.

Several days later I received an email stating the hijack downloaded a key logger which copied all my contacts and passwords. It then demanded a ransom of more money that I have and instructions on how to bitcoin the money to them, also something I have no idea what they are talking about. The hijackers included one password as evidence of the keylogger. I do not have a camera attached to my computer so the rest of the message was just rubbish.

a virus scan then revealed the Domepidief.A trojan which downloaded the file NSMAIL.PDF.

NSMAIL.PDF was located at c:\Users\your account\Appdata\Local\Temp\nsmail.pdf

NSMAIL.PDF showed as a Videolan VLC extension withthe roadcone icon.

Then FF started to repeatedly try to connect to Adult.yourblocksite.com. through troubleshooting the FF add-on Block site 4.0.5.2 was the source of the pinging.

You need to remove the Block Site add-on as its been hijacked by criminals.

My FF was in an attempted hijacking. I was able to get out of it and report the web site through this menu's Report Deceptive Site. A follow up virus scan did not reveal anything. Several days later I received an email stating the hijack downloaded a key logger which copied all my contacts and passwords. It then demanded a ransom of more money that I have and instructions on how to bitcoin the money to them, also something I have no idea what they are talking about. The hijackers included one password as evidence of the keylogger. I do not have a camera attached to my computer so the rest of the message was just rubbish. a virus scan then revealed the Domepidief.A trojan which downloaded the file NSMAIL.PDF. NSMAIL.PDF was located at c:\Users\your account\Appdata\Local\Temp\nsmail.pdf NSMAIL.PDF showed as a Videolan VLC extension withthe roadcone icon. Then FF started to repeatedly try to connect to Adult.yourblocksite.com. through troubleshooting the FF add-on Block site 4.0.5.2 was the source of the pinging. You need to remove the Block Site add-on as its been hijacked by criminals.

All Replies (3)

more options

scan your system with:

use malwarebytes in safe mode and normal mode.

more options

Vahaolana Nofidina

more options

Yes, so the old password came from a Linkedin hack in 2012, not an old password hacked from FF.

Thanks for the news. The email threat was rubbish and the info it stated was not correct, but my concern was where the password came from, if it was indeed hacked from firefox or not.

thanks