A website is posing as Firefox update site, forces you to download a probably malicious fake firefox-update.exe
The site http:// firefox.perl .sh/ is posing as a firefox update site, and tries to get you to run an executable (firefox-update.exe)
Edited to disable the link - TonyE
Okulungisiwe
Isisombululo esikhethiwe
There have been quite a few sites like that one recently. They report either Firefox or Flash needs to be updated in an attempt to get people to install malicious software.
You can report those sites by using the "Report web forgery" option in the Help menu.
Funda le mpendulo ngokuhambisana nalesi sihloko 👍 6All Replies (9)
Isisombululo Esikhethiwe
There have been quite a few sites like that one recently. They report either Firefox or Flash needs to be updated in an attempt to get people to install malicious software.
You can report those sites by using the "Report web forgery" option in the Help menu.
Okulungisiwe
Thanks, I didn't notice the "Report web forgery" option before. Reported.
Okulungisiwe
Mozilla has been working with the Google safe browsing folks and the anti-virus vendors to try to get these sites blocked as quickly as possible, and also have outside counsel contacting the folks who run .co.cc and .co.cz to try to get them to stop selling domain names to whoever is behind this. These efforts may explain why this same page has shown up on other domains outside of .co.cc and .co.cz lately.
This site is reported by the way.
How do I uninstall the malware if it downloaded onto my desktop? I noticed changes on my computer like music and advertisements will start playing even when i don't have anything open. I want to uninstall it, but I cant figure out how
Try running several malware scanners. It is best to run several as each will pick up things that the others miss. Some scanners you can try are:
If the above malware scanners do not find any malware or can not clear it, you should consider posting in one of these forums for specialized malware removal help:
I had the same problem with my computer, and found this post from bleepingcomputer helpful:
http://www.bleepingcomputer.com/forums/topic68402.html
What fixed it for me was: A) Disabling TeaTimer B) Restarting my computer in safe mode C) Running HijackThis D) Deleting the .exe file (I don't remember its exact name, but I googled every .exe file HijackThis until I found results telling me it was malware) E) Restarting my computer in normal mode.
It did the trick. I hope this helps!
I had something similar happen to me a couple of days ago but the page was what looked like a 'Firefox Reported Attack Site' page!
I went to Google and searched for 'Mystical pictures of London'>clicked 'Images' and on the first page of Google Images there was a picture that was out of place and lets say a little explicit. I couldn't make it out properly so clicked on the Pic. That's when i got redirected to what looked like the Firefox Reported Attack Site page, but it had a 'Download Updates' tab instead of the usual 'Get me out of Here' tab. I then got a Prompt saying:
'The Website has been blocked based on your security preferences. Click 'OK' to download and install firefox updates.
I clicked 'ok' knowing i would then get the prompt to save the file, so i could have a better look at what it was!
I then took a screenshot of the pop up prompt and clicked cancel.
Then run a full scan with Malwarebytes
and it found a 'Rough Installer' Virus!
Now i need to find a way of reporting this!?
(Leaving a space or spaces in the links)
The link on the Pic said:
mysticalparty. png
On the prompt it said: You have chosen to open firefox_update_2011. exe
Which is a: Binary File from: http:// dl. av2011. co. cc
I have also saved the Log from my MBAM scan.
I hope i have not broken any rules putting the info up here, but i'm no Techno Wizz...I just don't want anyone else to make the same mistake as me and want this site Reported and closed down!
Any Help or Advise would be Great!
The link you posted http:// dl. av2011. co. cc is not found now.
Best place to report a site trying to do stuff like this, like serving a trojan exe as a Firefox update is at http://www.mozilla.com/en-US/legal/fraud-report/index.html
Like I said Mozilla has be pressuring the co.cc to not allow this fake update page to go up so it is no surprise if it is down now.
Okulungisiwe
Thank you so much for your reply James. The link you gave me is exactly what i was looking for! I've passed all the information i have on to them and lets hope Firefox or even Google (as this is where i got the link in the first place) crack down on co.cc for letting these pages go through the net!
The page looked exactly as it does in this link: http://technonxt.wordpress.com/2010/10/20/reported-attack-page-a-latest-malicious-trick-from-security-tool-rogue-anti-virus/
...but not from the site that is explained on technoxt.wordpress page. Thanks again!!