为提升您的使用体验,本站正在维护,部分功能暂时无法使用。如果本站文章无法解决您的问题,您想要向社区提问的话,请到 Twitter 上的 @FirefoxSupport 或 Reddit 上的 /r/firefox 提问,我们的支持社区将会很快回复您的疑问。

搜索 | 用户支持

防范以用户支持为名的诈骗。我们绝对不会要求您拨打电话或发送短信,及提供任何个人信息。请使用“举报滥用”选项报告涉及违规的行为。

详细了解

Malwarebytes reports Firefox.exe as a trojan attempting to contact a separately reported bad IP address

  • 11 个回答
  • 3 人有此问题
  • 10 次查看
  • 最后回复者为 the-edmeister

more options

Malwarebytes interrupted with a pop-up alert saying Firefox was trying to connect to IP address

167.71.99.170 (https://urlhaus.abuse.ch/url/348428/),

which apparently might be bad?

Interestingly, the above urlhaus link initially reported the hit on the IP address per a Pascal Geenens (@geenensp on twitter) who writes for a security blog at

Thanks to any and all who might be able to help!

-Log Details- Protection Event Date: 6/4/20 Protection Event Time: 4:18 PM Log File: 920f76a0-a6a0-11ea-9633-00ffc7e81200.json

-Software Information- Version: 4.1.0.56 Components Version: 1.0.920 Update Package Version: 1.0.25022 License: Premium

-System Information- OS: Windows 10 (Build 18362.836) CPU: x64 File System: NTFS User: System

-Blocked Website Details- Malicious Website: 1 , C:\Program Files (x86)\Mozilla Firefox\firefox.exe, Blocked, -1, -1, 0.0.0

-Website Data- Category: Trojan Domain: IP Address: 167.71.99.170 Port: 443 Type: Outbound File: C:\Program Files (x86)\Mozilla Firefox\firefox.exe


(end)

Malwarebytes interrupted with a pop-up alert saying Firefox was trying to connect to IP address 167.71.99.170 (https://urlhaus.abuse.ch/url/348428/), which apparently might be bad? Interestingly, the above urlhaus link initially reported the hit on the IP address per a Pascal Geenens (@geenensp on twitter) who writes for a security blog at Thanks to any and all who might be able to help! -Log Details- Protection Event Date: 6/4/20 Protection Event Time: 4:18 PM Log File: 920f76a0-a6a0-11ea-9633-00ffc7e81200.json -Software Information- Version: 4.1.0.56 Components Version: 1.0.920 Update Package Version: 1.0.25022 License: Premium -System Information- OS: Windows 10 (Build 18362.836) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , C:\Program Files (x86)\Mozilla Firefox\firefox.exe, Blocked, -1, -1, 0.0.0 -Website Data- Category: Trojan Domain: IP Address: 167.71.99.170 Port: 443 Type: Outbound File: C:\Program Files (x86)\Mozilla Firefox\firefox.exe (end)

所有回复 (11)

more options

Please ignore   wimhelp201's   post and don't call that number   -   it's a scam !

more options

Thanks! I hadn't planned on it :) I reported the wimhelp201 account.

more options

wimphelp201 is a scammer. Please do not call the number. I've deactivated their account.

more options

Thanks Andrew.

What about firefox and sketchy IP's ? :)

more options

First, let's check your system.

You may have ad/mal-ware. Further information can be found in this article;
https://support.mozilla.org/en-US/kb/troubleshoot-firefox-issues-caused-malware?cache=no

Run most or all of the listed malware scanners. Each works differently. If one program misses something, another may pick it up.

more options

Hi FredMcD Ran both Malwarebytes and Microsoft Security with no results (full scan of all files including rootkit search). No add ons or extensions install.

Is there some way to dig into what firefox was doing at the time the request was made to the IP?

more options

Not that I know of. I called for more help.

more options

Awesome. Thank you.

more options

Malwarbytes detects FirefoxPC installer file as malware. Please advise. see attached.

more options

pcendeavorsny, Your screenshot did not shoe FirefoxPC installer.
At any rate, quarantine everything listed and let us know what happens.

more options

pcendeavorsny said

Malwarbytes detects FirefoxPC installer file as malware. Please advise. see attached.

Those 6 PUPOptio...|Conduit lines aren't part of Firefox. Could be related to an Add-on for Firefox, as Conduit has been known for many years as a "bad player" with their Firefox Add-ons. But AFAIK they have been banned from the Mozilla / Firefox Add-ons website, so they may have been installed from some other website; but even that would surprise me, as far as even being "digitally signed" to be allowed to install in Firefox.

Beyond that, it would be nice to see the full "Location" of the Registry Keys and Values. Like maybe a screenshot of the Save Results ... contents or the text of same. Hard to provide advice with the posted screenshot information.