Pomoc pśepytaś

Glědajśo se wobšudy pomocy. Njenapominajomy was nigda, telefonowy numer zawołaś, SMS pósłaś abo wósobinske informacije pśeraźiś. Pšosym dajśo suspektnu aktiwitu z pomocu nastajenja „Znjewužywanje k wěsći daś“ k wěsći.

Dalšne informacije

Firefox update or malware?

  • 10 wótegrona
  • 0 ma toś ten problem
  • 1 naglěd
  • Slědne wótegrono wót questionabout

more options

On 30 August 2023, when opening Mozilla the second time in a day, a pop up window emerged asking whether I allow Mozilla to make changes on my hard drive (or: hardware - I cannot remember now) due to the updates.

I clicked yes, as otherwise Mozilla would not work, then an opening site appeared about the new features of the update, and talking about the possibility of the VPN service.

It seems that now I am working on the latest version of Mozilla released first on 29 August 2023 - 117.0. When checking in the settings, the date of the installation was also 29 August and not 30 August. This made me puzzled, why I got this pop out window only on 30th, and in addition only after the second usage of the browser (however, when checking in my comp settings, the update of Mozilla is dated 30 August 2023)... In addition, as never before I have seen Mozilla asking for making hard drive changes, I got worried whether it was not a kind of virus or other malware pretending to be Mozilla.

Could you please confirm whether the pop-out window asking for the changes to hard drive was indeed just Mozilla asking for valid changes? I am very worried I got a malware on my computer, although the antivirus scan does not show anything.

I have asked some friends and they had the actualization automatically done without this pop-out window.

I have checked some online discussions and verified in the properties that Mozilla is NOT allowed to run as administrator. Also, the "Run this program in compatibility mode for:" was also unchecked.

Thank you in advance for your answer!

On 30 August 2023, when opening Mozilla the second time in a day, a pop up window emerged asking whether I allow Mozilla to make changes on my hard drive (or: hardware - I cannot remember now) due to the updates. I clicked yes, as otherwise Mozilla would not work, then an opening site appeared about the new features of the update, and talking about the possibility of the VPN service. It seems that now I am working on the latest version of Mozilla released first on 29 August 2023 - 117.0. When checking in the settings, the date of the installation was also 29 August and not 30 August. This made me puzzled, why I got this pop out window only on 30th, and in addition only after the second usage of the browser (however, when checking in my comp settings, the update of Mozilla is dated 30 August 2023)... In addition, as never before I have seen Mozilla asking for making hard drive changes, I got worried whether it was not a kind of virus or other malware pretending to be Mozilla. Could you please confirm whether the pop-out window asking for the changes to hard drive was indeed just Mozilla asking for valid changes? I am very worried I got a malware on my computer, although the antivirus scan does not show anything. I have asked some friends and they had the actualization automatically done without this pop-out window. I have checked some online discussions and verified in the properties that Mozilla is NOT allowed to run as administrator. Also, the "Run this program in compatibility mode for:" was also unchecked. Thank you in advance for your answer!

Wšykne wótegrona (10)

more options

questionabout said

When checking in the settings, the date of the installation was also 29 August and not 30 August. This made me puzzled, why I got this pop out window only on 30th

The browser's timezone is UTC if you have privacy.resistFingerprinting enabled.

You will get a prompt to authorize updates if you disabled "Use a background service to install updates" aka Mozilla Maintenance Service.

more options

Hello Zeroknight! Thank you for your response. However, in both cases, they do not solve the issue as:

1. The situation took place late in the evening (Europe), so according to UTC it also should have been 30 Aug; 2. The option "Use a background service to install updates" is enabled in the settings.

Do you have any other ideas of what could have caused the issue or whether it is malware indeed? I would be very thankful for your help!

more options

Is it possible that this situation has something to do with the cookie settings, add-ons settings, settings regarding unwanted/uncommon software, DNS settings or something similar?

Thank you in advance for your help!

more options

Without seeing what the actual screenshot says it's anyone guess what the popup was here?

more options

Unfortunately I have not taken the screenshot... It looked like a generic Windows pop out asking whether the app should be allowed to make the changes. I remember there was a statement it was from Mozilla as a verified provider (but I guess it can be faked?).

The pop-out opened every time when I wanted to use Firefox, and after allowing the changes, the browser started normally, with this welcome page mentioning the new updated version.

Recently, some privacy settings of the browser have been changes, and I wonder whether this could be the reason. The settings regarding background updates have not been changed and they are allowed, however, maybe some of the other ones - mentioned above, like cookies, add-ons, software, DNS - could have caused the issue?

Thank you in advance for your help! I am really worried to use the laptop in the normal way before it is clear...

more options

questionabout, was this a Windows notification appearing on the bottom right of the screen?

Is some sort of anti-ransomware or other app control protection setting enabled in your virus / malware protection software?

I am wondering if a possible explanation is that your security software detected that a new app (or new version of an app) was trying to make changes to your system, and just wanted your OK that this is a recognised app (in order to protect you from, for example, a possible ransomware attack)?

You may wish to check your security software's settings and logs.

BUT if you do have anti-ransomware / app control settings enabled, then this needn't indicate a threat. Just, as I say, your anti-virus software checking that you recognise and authorise this app to run on your system., before it allows it to.

But for extra peace of mind, you may wish to look at this Mozilla article, especially the section suggesting free alternative malware scanners: https://support.mozilla.org/en-US/kb/troubleshoot-firefox-issues-caused-malware

more options

Dear TechHorse, thank you for your detailed answer! To address your questions:

- I do not think there was any notification in the bottom right of the screen, the pop-out window was in the center of the screen - just when I wanted to open Firefox. The browser would open behind it I think? but just as a blank page (at least that's what I remember...), it was not possible to just close the pop out window and continue as the whole Firefox would close as well.

- It would be great if that was just the antivirus - I am using a paid version currently. Te pop-out looked as a Windows one tough, not from the antivirus... I had a look at the setting in the antivirus, and some points which may be relevant are: a) No apps are "allowed (so maybe in deed that's why the pop out?) b) Enabled the option of being warned if any app behaves in a suspicious way I cannot see there the option to see the detailed logs.. Only that Firefox was updated in the last 14 days (which was obvious already).

I wanted to run Windows Security scan additionally, and I got another pop-out window asking if I want to allow the changes to the device. It looked a bit different I think from the discussed pop-out from Firefox/malware...

In my Windows Security, I have the options to be protected from unknown apps. However, until now I have never had any Firefox issue like the one discussed now.

have tried to find the security logs on Event Viewer, but I was not able to localize the discussed event...

more options

Check that Firefox isn't set to run as Administrator.

You can open the Properties of the Firefox desktop shortcut via the right-click context menu and check the "Compatibility" tab.

Make sure all items are deselected in the "Compatibility" tab of the Properties window.

  • Privilege Level: "Run this program as Administrator" should not be selected
  • "Run this program in compatibility mode for:" should not be selected

Also check the Properties of the firefox.exe program in the Firefox program folder.

more options

questionabout, I wonder if it is possible that the app-protection might have been turned on in a recent update to either MS Defender or your primary anti-virus software?

Or a recent change to either meant that each new version of an app now gets flagged for user approval, whereas previously the entire app got approved as a one-off event?

Either would explain why you got the pop-up now, despite not encountering it on previous updates.

Sorry, I don't have a definitive answer but as said this might all be explainable as anti-virus software caution towards newly installed or updated apps.

As well as running an extra malware scan with a different application, you might also wish to contact your anti-virus software providers to see if they can confirm that this is expected behaviour, and how to check their application's own logs.

more options

Dear TechHorse, thank you so much for your detailed answers and suggestions!

In deed, it could be the antivirus update, I will ask them as you suggest. Hopefully, the answer will be positive...

I have also run now the Windows Defender Scan (so far a quick one, tomorrow a full one), no threats found - similar to running a full scan on my antivirus. If the response from the antivirus provider does not solve the issue, I will look for another program to scan the computer.

Dear Cor-el, thank you too for your answer. I have checked both the shortcut and the program, and they do have the options mentioned unselected.