I would like to inform you that the Batchdownload Add-on appears to have been infected with ad-ware that redirects Google searches.
I have emailed the creator, but he has a limited grasp of English, so I thought I'd inform you. Here's how I know: I was getting google redirects and neither McAfee nor Malwarebites could find anything. With some testing I discovered that this was a Firefox-only problem. Resetting Firefox fixed it. I then reinstalled my add-ons one at a time, checking for the redirects (by opening multiple search results) repeatedly after each add-on installed. The problem returned when I installed Batchdownload. After resetting again and installing all add-ons but Batchdownload, the problem went away again. To repeat, my problem is solved. I just wanted to let you all know that this particular add-on is now infected. I've been using it for years, and it's only now become a problem, so I doubt it's the dev's fault.
All Replies (5)
I will find someone to look into this further. Meanwhile caution may be advised if considering downloading and installing batchdownloader.
This does look rather suspicious. I installed this on Ubuntu and got an unexpected web page opening. I then installed on a limited Windows account and again got unexpected pages opening.
I did not notice any google searches being redirected. I have uninstalled the add on from both partitions and see no lasting problems.
Modified
Not sure whether you have already removed it, but the extension "Mozilla Safe Browsing 2.0.14" is installed by malware. It is not part of Firefox or a Mozilla product. See Encyclopedia entry: Win32/Medfos - Learn more about malware - Microsoft Malware Protection Center.
Thanks for the heads-up, although I've already reformatted the PC. There was a Backdoor Trojan, which may or may not have been a result of Batchdownload. (I was unaware that you had to delete old versions of Java manually, so my PC had a vulnerability that the test PCs might not have.)
Thanks for the help Jeff.
Just in case the trojan was related to the add-on or the redirects from the support site it may be interesting to know what that was and what it was that you used to detect and remove the trojan.