Mozila FireFox system tools 17.54.5468
When we got up this morning my mum had a message on her computer telling her to download Mozila FireFox system tools 17.54.5468 - the message popped up when she tried to play a facebook game. We clicked it and downloaded it and the computer seemed fine after that (but we did notice something called uniblue was now on her computer). Then i got onto my computer and when i tried to get into yahoo groups i got the same message. I also got a different message when half way thru watching a video on youtube a screen came up saying that the certificates for youtube were invalid or didn't exist. I deleted firefox completely - including the folder in programs (x86) - reinstalled it and i can once again play youtube videos (so far) but i'm still getting a message for Mozila FireFox system tools 17.54.5468 when i try to get into yahoo groups. My question - is 'Mozila FireFox system tools 17.54.5468' a real message from you guys and if its not, does anyone know how i get rid of it? I have Windows 7 and its a desktop if anyone needs to know.
All Replies (7)
Lord_Brainstorm - what a superb great write-up.
My understanding of several of your points:
Firmware: TP-Link said they had firmware that included a rule to block web access from the public internet (which I believe to be the WAN - Wide Area Network.) They haven't yet supplied anything that stops the ROM being unloaded without the router's admin password. Thus the new firmware should prevent further stealing by a firewall rule, which would be good enough. If that firmware is 2012 that suggests TP-link new about this problem and kept quiet. i find that a bit hard to believe.
That's interesting about the chipset. If there's a bug in the chipset does that mean new firmware couldn't fix the problem? We don't know and anyway tp-link aren't supplying new firmware that fixes this problem, just a firewall rule.
"I never-ever save passwords in any web browser" and "no-remote" - saving passwords in the browser is irrelevant here: this is a problem inside the router. The router stores the admin password in order to check it when you log into it, and the hackers have found out how to unload the router rom remotely and scan out that password, then to log in to your router and alter the DNS set-up. If you were "no-remote" that should not have happened. I absolutely distrust this router (and tp-link) now - I don't even trust its firewall.
I'm more worried about your sister's laptop because as far as I can tell no one yet knows what Mozila.systemtools17.FireFox.54.5468__7818_i930854344_il6790280.exe actually installs, so can antivirus things definitely remove it and whatever its effects are? Furthermore that DNS hack offered other dubious links, but quite possibly to the same malware, with a different name (e.g. I saw one in IE on my Mrs' laptop.)
I put questions against the top 6 listed tp-link routers on Amazon, asking whether each one had this problem. The question has been ignored.
I'm back on my Netgear router now.
Lord_Brainstorm
Great work with your last post thanks for all the detail. it should help those unfortunate enough to be using TP-Link routers.
xarnaye,
You started this question.
- How is it working for you now ?
- Taking your last post answer-595174as an example
- What happens if you try to get to YouTube site are you getting a 404 error still ?
- What about if you use this link https://www.youtube.com/
- What about just google.com ?
Or this direct one http://173.194.41.128 ?
- Who is your ISP ?
I understand you contacted themanswer-594784, did they get back to you ? - This thread was escalated answer-595431 so I am hoping HelpDesk staff may post.
- It is an active thread 61 replies, 92 have this problem, 2039 views
- Most of this thread has been answered in relation or TP_link routers, what is the make and model of your router ?
P.S. Lord_Brainstorm
Mozila.systemtools17.FireFox.54.5468__7818_i930854344_il6790280.exe actually installs, so can antivirus things definitely remove it and whatever its effects are?
I did send a copy of that file to Firefox staff, but I have no response so far.
I've worked on the problem yesterday.
tp-link tl-w8961nd V1, firmware stock. DNS changed as posted before.
What I've done: - password changed - update to latest firmware from 2012 - ACL configured as in tp-link solution http://uk.tp-link.com/article/?faqid=569
As far everything is all right.
Endret
sorry about not answering you Lord_Brainstorm but i've been offline for a few days. when i click the link you gave for youtube it opened up fine, i was even able to go into my playlists and watch what i wanted to. my isp did not get back to me after that initial response and when i called them they passed me on to TP_Link who told me that because my isp gave me the router and because it was out of warranty that they can't help me with anything - trust me its news to me that it was out of warranty! and to answer your question my ISP is SpinTel (australia).
Now onto how the problem is right now. Its funny but it actually stopped for a couple of days - i was able to get into everything without those annoying messages showing up and it was great. But this morning after coming home from picking my mum up at the hospital the problem is back. I just tried to get into youtube and that annoying message showed up again! I've done the nslookup thing again and its once more showing default server unknown, address 94.102.63.137
i can't change my modem's passwords because its no longer accepting the right password and username to access it. I know i've got to buy a new one but i just can't afford it right now. But even after i get a new one, how do i stop this from happening again? I'm sure i don't have to mention that the next one WON'T be tp-link! Did anyone find out WHY this is happening? Is it still happening with anyone else?
Try pressing RESET button on router for more than 10 seconds. User and password should be changed to default (for my router it was admin, admin, as noted on the label under devive).
At xarnaye: Since I have my new DSL router, and new (good) passwords: everything is fine.
Something to mention: The bad http links could be still in the cache of the browser. Then you might see the download side using this cached entry in the browser. So: It is best to remove history and coocies etc in the browser, too.
Greetings, FredMobbing