This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Lolu chungechunge lwabekwa kunqolobane. Uyacelwa ubuze umbuzo omusha uma udinga usizo.

A website is posing as Firefox update site, forces you to download a probably malicious fake firefox-update.exe

  • 9 uphendule
  • 108 zinale nkinga
  • 3 views
  • Igcine ukuphendulwa ngu JJBlue

more options

The site http:// firefox.perl .sh/ is posing as a firefox update site, and tries to get you to run an executable (firefox-update.exe)

Edited to disable the link - TonyE

The site http:// firefox.perl .sh/ is posing as a firefox update site, and tries to get you to run an executable (firefox-update.exe) ''Edited to disable the link - TonyE''

Okulungisiwe ngu TonyE

Isisombululo esikhethiwe

There have been quite a few sites like that one recently. They report either Firefox or Flash needs to be updated in an attempt to get people to install malicious software.

You can report those sites by using the "Report web forgery" option in the Help menu.

Funda le mpendulo ngokuhambisana nalesi sihloko 👍 6

All Replies (9)

more options

Isisombululo Esikhethiwe

There have been quite a few sites like that one recently. They report either Firefox or Flash needs to be updated in an attempt to get people to install malicious software.

You can report those sites by using the "Report web forgery" option in the Help menu.

Okulungisiwe ngu TonyE

more options

Thanks, I didn't notice the "Report web forgery" option before. Reported.

Okulungisiwe ngu ncryptor

more options

Mozilla has been working with the Google safe browsing folks and the anti-virus vendors to try to get these sites blocked as quickly as possible, and also have outside counsel contacting the folks who run .co.cc and .co.cz to try to get them to stop selling domain names to whoever is behind this. These efforts may explain why this same page has shown up on other domains outside of .co.cc and .co.cz lately.

This site is reported by the way.

more options

How do I uninstall the malware if it downloaded onto my desktop? I noticed changes on my computer like music and advertisements will start playing even when i don't have anything open. I want to uninstall it, but I cant figure out how

more options

Try running several malware scanners. It is best to run several as each will pick up things that the others miss. Some scanners you can try are:

If the above malware scanners do not find any malware or can not clear it, you should consider posting in one of these forums for specialized malware removal help:

more options

I had the same problem with my computer, and found this post from bleepingcomputer helpful:

http://www.bleepingcomputer.com/forums/topic68402.html

What fixed it for me was: A) Disabling TeaTimer B) Restarting my computer in safe mode C) Running HijackThis D) Deleting the .exe file (I don't remember its exact name, but I googled every .exe file HijackThis until I found results telling me it was malware) E) Restarting my computer in normal mode.

It did the trick. I hope this helps!

more options

I had something similar happen to me a couple of days ago but the page was what looked like a 'Firefox Reported Attack Site' page!

I went to Google and searched for 'Mystical pictures of London'>clicked 'Images' and on the first page of Google Images there was a picture that was out of place and lets say a little explicit. I couldn't make it out properly so clicked on the Pic. That's when i got redirected to what looked like the Firefox Reported Attack Site page, but it had a 'Download Updates' tab instead of the usual 'Get me out of Here' tab. I then got a Prompt saying:

'The Website has been blocked based on your security preferences.
 Click 'OK' to download and install firefox updates.


I clicked 'ok' knowing i would then get the prompt to save the file, so i could have a better look at what it was! I then took a screenshot of the pop up prompt and clicked cancel. Then run a full scan with Malwarebytes and it found a 'Rough Installer' Virus!

Now i need to find a way of reporting this!?

(Leaving a space or spaces in the links)

The link on the Pic said:

mysticalparty. png

On the prompt it said: You have chosen to open firefox_update_2011. exe

Which is a: Binary File from: http:// dl. av2011. co. cc

I have also saved the Log from my MBAM scan.


I hope i have not broken any rules putting the info up here, but i'm no Techno Wizz...I just don't want anyone else to make the same mistake as me and want this site Reported and closed down!

Any Help or Advise would be Great!

more options

The link you posted http:// dl. av2011. co. cc is not found now.

Best place to report a site trying to do stuff like this, like serving a trojan exe as a Firefox update is at http://www.mozilla.com/en-US/legal/fraud-report/index.html

Like I said Mozilla has be pressuring the co.cc to not allow this fake update page to go up so it is no surprise if it is down now.

Okulungisiwe ngu James

more options

Thank you so much for your reply James. The link you gave me is exactly what i was looking for! I've passed all the information i have on to them and lets hope Firefox or even Google (as this is where i got the link in the first place) crack down on co.cc for letting these pages go through the net!

The page looked exactly as it does in this link: http://technonxt.wordpress.com/2010/10/20/reported-attack-page-a-latest-malicious-trick-from-security-tool-rogue-anti-virus/

...but not from the site that is explained on technoxt.wordpress page. Thanks again!!