為了改善您的使用體驗,本網站正在進行維護,部分功能暫時無法使用。若本站的文件無法解決您的問題,想要向社群發問的話,請到 Twitter 上的 @FirefoxSupport 或 Reddit 上的 /r/firefox 發問,我們的社群成員將很快會回覆您的疑問。

搜尋 Mozilla 技術支援網站

防止技術支援詐騙。我們絕對不會要求您撥打電話或發送簡訊,或是提供個人資訊。請用「回報濫用」功能回報可疑的行為。

了解更多

Every time I run MBAM, I get a PUP.Optional.Spigot warning. Is this a problem or is it safe?

  • 8 回覆
  • 1 有這個問題
  • 1 次檢視
  • 最近回覆由 CiaoBella1

more options

Win 10/FF 50.0.2 - about to update after I finish this.

I can't tell if it's the same warning every time, but I would venture a guess that it always has something to do with my Firefox profile. It is FILE 1 below.

Since it is quarantined weekly, I delete the file. I remembered to save it so that I could ask about it.

  It is apparently not a threat.
 What is it? How can I stop this from recurring?   I have no idea how Firefox is built, but I have a feeling that I can either delete the file or add this to an exception, as long as it's safe to do so.  I don't use Yahoo search and I can't even imagine how FF uses it.  I am sure somebody knows better than I know.  

Thank you.

MBAM LOG Scan Type: Threat Scan Result: Completed Objects Scanned: 341255 Time Elapsed: 18 min, 40 sec

Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled

Processes: 0 (No malicious items detected)

Modules: 0 (No malicious items detected)

Registry Keys: 0 (No malicious items detected)

Registry Values: 0 (No malicious items detected)

Registry Data: 0 (No malicious items detected)

Folders: 0 (No malicious items detected)

Files: 1 PUP.Optional.Spigot, C:\Users\,my user name \AppData\Roaming\Mozilla\Firefox\Profiles\my -New\prefs.js, Good: (), Bad: (user_pref("keyword.URL", "https://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=888596&p=");), ,[61f039aa564431051a9856846c975ba5]

Physical Sectors: 0 (No malicious items detected) (end)

Win 10/FF 50.0.2 - about to update after I finish this. I can't tell if it's the same warning every time, but I would venture a guess that it always has something to do with my Firefox profile. It is FILE 1 below. Since it is quarantined weekly, I delete the file. I remembered to save it so that I could ask about it. It is apparently not a threat. What is it? How can I stop this from recurring? I have no idea how Firefox is built, but I have a feeling that I can either delete the file or add this to an exception, as long as it's safe to do so. I don't use Yahoo search and I can't even imagine how FF uses it. I am sure somebody knows better than I know. Thank you. MBAM LOG Scan Type: Threat Scan Result: Completed Objects Scanned: 341255 Time Elapsed: 18 min, 40 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 1 PUP.Optional.Spigot, C:\Users\,my user name \AppData\Roaming\Mozilla\Firefox\Profiles\my -New\prefs.js, Good: (), Bad: (user_pref("keyword.URL", "https://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=888596&p=");), ,[61f039aa564431051a9856846c975ba5] Physical Sectors: 0 (No malicious items detected) (end)

被選擇的解決方法

CiaoBella1 said

The Avira message pops up after (while) I select delete for the PUP Optional Spigot entry in MBAM. I don't know if Avira is telling me that it can't clear it because the PUP is in the registry. I assume that's what the message is - which is why the whole thing (capture and delete?) is confusing to me.

I really don't know what is going on there.

從原來的回覆中察看解決方案 👍 0

所有回覆 (8)

more options

Are you saying the problem keeps coming back week after week even if you quarantine the file? It could be that Firefox is running during that time, so removing the file is not effective. Instead of deleting the prefs.js file -- which would cause many Firefox preferences to experience a factory reset -- try this:

(1) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button promising to be careful.

(2) In the search box above the list, type or paste keyw and pause while the list is filtered

(3) Right-click the keyword.URL preference and choose Reset to clear it

Firefox should save the change to prefs.js within a minute or two. Hopefully future scans will then come up clean. If not, an add-on or external process may be re-inserting that setting.

more options

Good question, Jscher2000,

Two answers: Avira immediately tells me that it's blocked a registry change - so I have no idea what's going on (I used Defender for the past decade and don't understand a lot of the technical language w/this AV).

I don't know and I said I wasn't sure, but it's always Firefox. I am sure FF is always open.

Let me clarify - it's always a PUP Spigot warning (I can't see it to write it correctly) and it always has C:\User\Firefox in it. The message that contains Yahoo search Greentea is the part that I cannot swear is constant.

Result: I got browser.keywordURLPromptDeclined.

Thank you.

由 CiaoBella1 於 修改

more options

I'm not sure I understand this part --

Result: I got browser.keywordURLPromptDeclined.

-- you got that trying to Reset the preference???

more options

I am sorry, jscher2000,

I followed your instructions, When I pasted keyword.URL, that was one of the two choices that appeared. The other choice was less like what you expected me to find,

What does it mean - anything?

Thank you.

more options

CiaoBella1 said

I followed your instructions, When I pasted keyword.URL, that was one of the two choices that appeared.

Hmm, instead of pasting, try typing keyw in the search box above the list and see what appears.

Does the keyword.URL line on about:config show a status of "Locked" or "user set"? If it says "user set", then right-clicking the preference and choosing Reset should clear it. There should not be anything about a prompt or being declined


After re-reading your earlier reply, this part sounds odd:

Avira immediately tells me that it's blocked a registry change - so I have no idea what's going on

When you clear the keyword.URL preference, Firefox should only be editing the prefs.js file and not modifying the Windows Registry. So this is a very strange message to get in this context.

Firefox doesn't use keyword.URL any more because it was so easily hijacked, but it's troubling that some software keeps reinserting it. Does Avira have a feature to prevent or roll back changes to browser settings?

more options

It was user set and I reset it.

The Avira message pops up after (while) I select delete for the PUP Optional Spigot entry in MBAM. I don't know if Avira is telling me that it can't clear it because the PUP is in the registry. I assume that's what the message is - which is why the whole thing (capture and delete?) is confusing to me.

I ran MBAM Friday and there were no issues.

I'll answer your q about Avira if it is still relevant,

Thank you.

more options

選擇的解決方法

CiaoBella1 said

The Avira message pops up after (while) I select delete for the PUP Optional Spigot entry in MBAM. I don't know if Avira is telling me that it can't clear it because the PUP is in the registry. I assume that's what the message is - which is why the whole thing (capture and delete?) is confusing to me.

I really don't know what is going on there.

more options

Was this YOUR question? "After re-reading your earlier reply, this part sounds odd:"

   "Avira immediately tells me that it's blocked a registry change - so I have no idea what's going on."

it's should be IT HAS blocked.

I have been sloppy. My apologies.