sites serving fake firefox-patch.exe/firefox-patch.js list and discussion.

June 29, 2016, 7:23:24 AM PDT

This thread is Only for one purpose, the discussion of anything useful in relation to the fake urgent Firefox update sites serving the fake firefox-patch.js files like example screenshot in below. Thank you.

A archive of earlier sites list and comments of OP is at https://support.mozilla.org/en-US/forums/contributors/712200 due to limited space of 10,000 characters or less in post.

Update 7th Sept Developers are requesting saves of the page this originates from or Wireshark or equivalent information. For full details please see bug1282106#c39 or /712056?last=70117&page=6#post-70117

A thread to mention the websites serving the fake Firefox-update/firefox-patch .exe or .js. These sites have been popping up in the past few months now with many of the sites below without thread links from even longer.

These sites have often been registered within a day before a thread is posted about it on forum then not reported a day later.

We need to narrow down where or how these are occurring as it seems to be targeting Firefox useragents on Windows only and not Firefox users using Linux and Mac OSX since .exe's is not used. The scammers are hoping to trick inexperienced Windows and or Firefox users into downloading and running these fake .exe or .js files without scanning first.

A example place you can check these sites is at: https://www.scamadviser.com/ though sites may not exist sometimes.

Since July 11 the files have been a firefox-patch.js

The thread links are to example threads and not all reported that day though sometimes only one or none is reported that day.

Older list of sites is in Archive thread at https://support.mozilla.org/en-US/forums/contributors/712200

Fake urgent update A screenshot example above is the single reason for this thread as it is not about potentially fake Mozilla or Firefox related sites in general. Please create a new thread for any discussion not related to this post like the above screenshot example in Questions https://support.mozilla.org/en-US/questions/new or in https://support.mozilla.org/en-US/forums depending on what the issue is. Thank you.

'''This thread is Only for one purpose, the discussion of anything useful in relation to the fake urgent Firefox update sites serving the fake firefox-patch.js files like example screenshot in below'''. Thank you. '''A archive of earlier sites list and comments of OP is at''' https://support.mozilla.org/en-US/forums/contributors/712200 due to limited space of 10,000 characters or less in post. '''Update 7th Sept''' Developers are requesting saves of the page this originates from or Wireshark or equivalent information. For full details please see [https://bugzilla.mozilla.org/show_bug.cgi?id=1282106#c39 bug1282106#c39] or '''[https://support.mozilla.org/en-US/forums/contributors/712056?last=70117&page=6#post-70117 /712056?last=70117&page=6#post-70117]''' ----------- A thread to mention the websites serving the fake Firefox-update/firefox-patch .exe or .js. These sites have been popping up in the past few months now with many of the sites below without thread links from even longer. These sites have often been registered within a day before a thread is posted about it on forum then not reported a day later. We need to narrow down where or how these are occurring as it seems to be targeting Firefox useragents on Windows only and not Firefox users using Linux and Mac OSX since .exe's is not used. The scammers are hoping to trick inexperienced Windows and or Firefox users into downloading and running these fake .exe or .js files without scanning first. A example place you can check these sites is at: https://www.scamadviser.com/ though sites may not exist sometimes. Since July 11 the files have been a firefox-patch.'''js''' The thread links are to example threads and not all reported that day though sometimes only one or none is reported that day. wohzairbsevens.com (Feb 6) [/questions/1156830] suikachudopredki.org (Jan 26) [/questions/1155266] johphblogger-hints-and-tips.org (Jan 25) [/questions/1155159] veipafakefantasy.org (Jan 24) [/questions/1155005]+[/questions/1154998] aemahapp-kostenlos.org (Jan 22) [/questions/1154825] pic eideeshopnational.org (Jan 22) [/questions/1154791]+[/questions/1154784] eemoobabyhopes.org (Jan 18) [/questions/1154385] iechuertu.org (Jan 18) [/questions/1154392] yohyagaymentubexxx.org (Jan 17) [/questions/1143053] oowiebest-directory-submission.org (Jan 17) [/questions/1154220] noakodeathvalleydriver.org (Jan 16) [/questions/1154152]+[/questions/1154146] diijisearsphotos.org (Jan 14) [/questions/1153995] eeyimpauljrdesigns.org (Jan 13) [/questions/1143053] aipuafile4go.org (Jan 12) [/questions/1153724] bahshname321.org (Jan 10) [/questions/1153502] akeeckickette.org (Jan 10) [/questions/1143053] ibutehamas92.com (Jan 8) [/questions/1153309] phieglanetro.org (Jan 7) [/questions/1153153]+[/questions/1153155]+[/questions/1153167] gaibacoupontec.com (Jan 7) [/questions/1153141] ingiuvillagescines.com (Jan 7) [/questions/1153138] aesipspaghetticoder.org (Jan 3) [/questions/1152655] zeifibadwarebusters.org (Jan 1) [/questions/1152426] yeebaiapuestas.org (Jan 1) [/questions/1152478] usaemeventualmillionaire.com (Dec 30) [/questions/1152290] leejopr-canada.com (Dec 29) [/questions/1152117] yaishsitioswap.org (Dec 27) [/questions/1151883] ziashahalia.org (Dec 27) [/questions/1151880] raicafirefox.com (Dec 23) [/questions/1151625] ooshidustindiaz.com (Dec 26) [/questions/1151782] aphaefrasionline.org (Dec 21) [/questions/1151413] zanaxmasterup.org (Dec 20) [/questions/1151214] + [/questions/1151213] eaqueinfobar.com (Dec 20) [https://support.mozilla.org/en-US/questions/1129758?page=9#answer-945777] aayeiiclub.com (Dec 19) [/questions/1151108] iegeeagrupemonos.com (Dec 18) [/questions/1150999] pohkawpvideomaster.org (Dec 13) [/questions/1150472] teiniwahmo.org (Dec 11) [/questions/1150265] + [/questions/1150507] ohshetagetecture.com (Dec 10) [/questions/1150138] eveixfoodsense.org (Dec 10) [/questions/1150112] zayiwplacetel.org (Dec 9) [https://support.mozilla.org/en-US/questions/1129758?page=8#answer-942866] ieshatipbet.org + ieshatiphat.org (Nov 26) [https://support.mozilla.org/en-US/questions/1129758?page=8#answer-939120] nohkoterawarner.org (Nov 21) [https://support.mozilla.org/en-US/questions/1129758?page=8#answer-937595] iifiiseoanalizator.com (Nov 14) [/questions/1146707] aeshobristol.com (Nov 13) [/questions/1146613] veeposalesforceliveagent.org (Nov 12) [/questions/1146522] shahwmoshax.com (Nov 8) [/questions/1146080] ahfiemetor-luryka.com (Oct 28) [/questions/1144789] phaekbookdown.org (Oct 25) [/questions/1144457] leisebigfm.net (Oct 19) [/questions/1143705] faewientresting.org (Oct 19) [/questions/1143692]+[/questions/1143694]+[/questions/1143725] akotajamestimothywhite.org (Oct 17) [/questions/1143463]+[/questions/1143469] hedieedises.net (Oct 14) [/questions/1143158] ungecchinadaily.net (Oct 14) [/questions/1143104] ogootmunicode.org (Oct 13) [/questions/1143035] in image kahdacitylinkexpress.org (Oct 13) [/questions/1143035]+[/questions/1143053/] daibejamesgrandstaff.net (Oct 13) [/questions/1142968] eechatravelwithamate.org Oct 12) [/questions/1142926]+[https://support.mozilla.org/en-US/questions/1129758?page=8#answer-926409] hoaphpdf995.net (Oct 12) [/questions/1142822] geifiisango.net (Oct 11) [https://support.mozilla.org/en-US/questions/1129758?page=7#answer-925906] ohzaetrafficbunnies.org (Oct 11) [/questions/1142586] ovorelike-interactive.net (Oct 11) [/questions/1142721] iechudacast.net (Oct 11) [/questions/1142719] eidiethesaigontimes.org (Oct 10) [/questions/1142611] phahmeskisehir.org (Oct 9) [https://support.mozilla.org/en-US/forums/contributors/712056?last=70552&page=7#post-70552] keechmindvalleyacademy.org (Oct 8) [/questions/1142443] hahghpixelstores.net (Oct 7) [https://support.mozilla.org/en-US/questions/1129758?page=7#answer-924895] bahtisoo-boo.net (Oct 5) [/questions/1141947] chooymusica2012nueva.org (Oct 5) [/questions/1142000]+[https://support.mozilla.org/en-US/questions/1134786#answer-924347] iesahstudyems.net (Oct 2) [https://support.mozilla.org/en-US/questions/1137322#answer-923313] feecuearncash.net (Sept 27) [https://support.mozilla.org/en-US/questions/1139998#answer-921679] didaibluegreenowner.net (Sept 26) [https://support.mozilla.org/en-US/questions/1129758?page=6#answer-921042] ziedutvnotiblog.org (Sept 25) [/questions/1137322] pic + [/questions/1140623] peicigsconto.org (Sept 24) [https://support.mozilla.org/en-US/questions/1139998#answer-920532] eedivdomainboardroom.org (Sept 23) [/questions/1140251] euchupurelols.org (Sept 22) [/questions/1140061]+[/questions/1140062] haiposbglobal.org (Sept 22) [/questions/1140103]+[/questions/1137322] pic baishplentino.net (Sept 21) [/questions/1139998] okifofxsoul.net (sept 20) [/questions/1139762] ahwernaked-sluts.net (Sept 18) [https://support.mozilla.org/en-US/questions/1127436?page=2#answer-918215] + [/questions/1139573] aithaoihui.org (Sept 17) [/questions/1139427] ejiesssl-id.org (Sept 16) [/questions/1139275] ejiesssl-id.org (Sep 16) [https://support.mozilla.org/en-US/questions/1129758?page=5#answer-917429 /questions/1129758] on ebay as was shoonclicksubmit.org yaipoaspone.net (Sept 15) [/questions/1139145] [/questions/1139136] rooghnanokamo.org (Sept 15) [/questions/1139173] uxeezdirecta.org (Sept 14) [/questions/1139055] + [/questions/1139057] shoonclicksubmit.org (Sept 13) [/questions/1138877] + [/questions/1138908] papoimidori-japan.org (Sept 11) [/questions/1138496] + [/questions/1138500] aphocpreviewyoursites''.''net (Sept 10) (ACTIVE Sep30) [/questions/1138365] iechuacast.net (Sept 9) [/questions/1138265] ieraidreamland.org (Sept 9) [/questions/1138277] Older list of sites is in Archive thread at https://support.mozilla.org/en-US/forums/contributors/712200 [[Image:Fake urgent update]] A screenshot example above is the single reason for this thread as '''it is not about potentially fake Mozilla or Firefox related sites in general'''. Please create a new thread for any discussion not related to this post like the above screenshot example in Questions https://support.mozilla.org/en-US/questions/new or in https://support.mozilla.org/en-US/forums depending on what the issue is. Thank you.

Modified by James on February 6, 2017, 6:15:19 AM PST

philipp 1293 posts

June 29, 2016, 7:56:25 AM PDT

also see https://bugzilla.mozilla.org/show_bug.cgi?id=1282106 - a user at https://support.mozilla.org/en-US/questions/1129134 was linking the issue to ads on farmville2.

the-edmeister 603 posts

June 30, 2016, 3:40:46 AM PDT

Does using the Report Web Forgery ... menu item in the Help menu do anything to get the Safe Browsing Anti-Phishing to block those URL's??

If that works, that would automatically insert the offending URL in the form for the user and get that information to Google quicker (IMO) than reporting it to Legal / Fraud-Report.

Does using the '''Report Web Forgery ...''' menu item in the Help menu do anything to get the Safe Browsing Anti-Phishing to block those URL's?? If that works, that would automatically insert the offending URL in the form for the user and get that information to Google quicker ''(IMO)'' than reporting it to Legal / Fraud-Report.

philipp 1293 posts

June 30, 2016, 3:45:21 AM PDT

i think it's still not quick enough to get those urls blocked as they are coming up with new domains constantly. it would be very helpful if somebody would be able to pin down the source of those fake notifications.

i suspect it is a malicious ad spread through common advertising networks that causes this popup (i have seen a crash report of an affected user and there were no signs of malicious addons or malware modules hooking into the firefox process)...

i think it's still not quick enough to get those urls blocked as they are coming up with new domains constantly. it would be very helpful if somebody would be able to pin down the source of those fake notifications. i suspect it is a malicious ad spread through common advertising networks that causes this popup (i have seen a crash report of an affected user and there were no signs of malicious addons or malware modules hooking into the firefox process)...

user633449 503 posts

June 30, 2016, 4:06:46 AM PDT

I imagine the best way to fix this is get a few copies of the exe and submit them to our anti-virus partners. If anyone can get copies they can forward them to me. Thanks!

Michal Stanke 86 posts

June 30, 2016, 4:11:25 AM PDT

Tyler Downer napsal(a)

I imagine the best way to fix this is get a few copies of the exe and submit them to our anti-virus partners. If anyone can get copies they can forward them to me. Thanks!

Maybe https://www.virustotal.com/ might help? I think there has to be some way how to submit and rate a file.

''Tyler Downer [[#post-69483|napsal(a)]]'' <blockquote> I imagine the best way to fix this is get a few copies of the exe and submit them to our anti-virus partners. If anyone can get copies they can forward them to me. Thanks! </blockquote> Maybe https://www.virustotal.com/ might help? I think there has to be some way how to submit and rate a file.

Chris Ilias 2447 posts

June 30, 2016, 4:15:55 AM PDT

Tyler Downer said

I imagine the best way to fix this is get a few copies of the exe and submit them to our anti-virus partners.

If users don't know it's a scam, then they would think Mozilla is installing a virus.

''Tyler Downer [[#post-69483|said]]'' <blockquote> I imagine the best way to fix this is get a few copies of the exe and submit them to our anti-virus partners. </blockquote> If users don't know it's a scam, then they would think Mozilla is installing a virus.

the-edmeister 603 posts

June 30, 2016, 5:16:56 AM PDT

Any chance getting a new snippet out up to warn users about not falling prey to "update.exe" phishing like this?

IMO, that is now more important that showing the "latest features" snippet as I currently see in about:home.

Any chance getting a new '''snippet''' out up to warn users about not falling prey to "update.exe" phishing like this? IMO, that is now more important that showing the "latest features" snippet as I currently see in about:home.

James 1620 posts

June 30, 2016, 6:36:52 AM PDT

From what I have seen I also do suspect it is being done by way of one or more ad systems vs the legitimate website itself being infected when Firefox users encounter this fake urgent update popup.

user633449 503 posts

June 30, 2016, 6:44:04 AM PDT

ed, I'm not sure that a snippet would be very useful, as that would be seen by 10% or less of our total release audience, plus would just serve to scare users about updates in general. I'm doing more digging to see what we can do but unless we track down a source (ad network, central host, etc.) this will be a game of whack a mole

the-edmeister 603 posts

June 30, 2016, 3:41:03 PM PDT

This has been going on for two weeks now. A warning to users has to start somewhere and 10% is better than nothing. Using 'snippets' could be done quickly while other preventive measures are discussed. I think that time is the essence and my feeling it that the users who don't select their own homepage just may be the type of people why would fall for a fake update due to it looking so "official". Any person who's used Windows PC's for awhile might recognize how "wrong" a phishing attempt like this looks; Firefox never updates via an update.exe file and that while the Firefox logo and page style might look "correct", the non-mozilla domain might be the tip-off. Or maybe I'm giving users too much credit to spot that and to be suspicious?

As far as scaring user's, if it is worded carefully it could be made to sound like Mozilla is doing a service to their Firefox users by educating them to what a fake update looks like and to not do anything, except for reporting it as a Web Forgery if they see something like that.

I'm still scratching my head over why I haven't been subjected to one of those yet. I feel like my invitation to the party is lost in the mail.

This has been going on for two weeks now. A warning to users has to start somewhere and 10% is better than nothing. Using 'snippets' could be done quickly while other preventive measures are discussed. I think that time is the essence and my feeling it that the users who don't select their own homepage just may be the type of people why would fall for a fake update due to it looking so "official". Any person who's used Windows PC's for awhile might recognize how "wrong" a phishing attempt like this looks; Firefox never updates via an update.exe file and that while the Firefox logo and page style might look "correct", the non-mozilla domain might be the tip-off. Or maybe I'm giving users too much credit to spot that and to be suspicious? As far as scaring user's, if it is worded carefully it could be made to sound like Mozilla is doing a service to their Firefox users by educating them to what a fake update looks like and to not do anything, except for reporting it as a Web Forgery if they see something like that. I'm still scratching my head over why I haven't been subjected to one of those yet. I feel like my invitation to the party is lost in the mail.

Joni 361 posts

July 1, 2016, 2:46:10 AM PDT

We can also add a note to Update Firefox to the latest release advising users to update only from Mozilla sites, if they must do it manually.

I don't think this will prevent fake updates, since most users won't read the article before updating, but we need to point affected users to something that's documented so they're aware that Mozilla's not the one distributing malware.

I'll go ahead and add the note. Feel free to edit/improve it.

We can also add a note to [[Update Firefox to the latest version]] advising users to update only from Mozilla sites, if they must do it manually. I don't think this will prevent fake updates, since most users won't read the article before updating, but we need to point affected users to something that's documented so they're aware that Mozilla's not the one distributing malware. I'll go ahead and add the note. Feel free to edit/improve it.

Shadoefax 1 post

July 1, 2016, 8:32:26 AM PDT

Tyler Downer said

I imagine the best way to fix this is get a few copies of the exe and submit them to our anti-virus partners. If anyone can get copies they can forward them to me. Thanks!

I was able to save the exe. I've zipped it up and saved it to my domain. The link can be found in this discourse thread.

''Tyler Downer [[#post-69483|said]]'' <blockquote>I imagine the best way to fix this is get a few copies of the exe and submit them to our anti-virus partners. If anyone can get copies they can forward them to me. Thanks! </blockquote> I was able to save the exe. I've zipped it up and saved it to my domain. The link can be found in [https://discourse.mozilla-community.org/t/prompted-to-download-and-install-firefox-patch/9320/5 this discourse thread].

James 1620 posts

July 1, 2016, 8:55:46 AM PDT

I uploaded the above firefox-patch.exe to virustotal and it had Detection ratio of 37 / 55 https://www.virustotal.com/en/file/e73820fe8b3c5022b03025657286304365c0d2d8312ccbdd136f8a0ecbe7cad1/analysis/1467413383/

the-edmeister 603 posts

July 2, 2016, 8:59:18 AM PDT

I found a source or trigger for this fake "update-patch.exe". A user reported it here: https://support.mozilla.org/en-US/questions/1126746#answer-892823

I loaded http://http://www.cincinnatibell.net/ in Firefox 47.0.1 while using a default Profile and saw the faked "update" page and got the download window. I think either uBlock Origin or NoScript Cross-Site Scripting protection was blocking that for me in my 'normally' used Profiles.

Also, the new name of that "Web Forgery" menu item is Report deceptive site... which is probably a better description of that reporting service. I don't use Firefox 47 version when doing Firefox support, I'm still using the Firefox 38 ESR version with that "support" Profile.

I found a source or trigger for this fake "update-patch.exe". A user reported it here: https://support.mozilla.org/en-US/questions/1126746#answer-892823 I loaded http://http://www.cincinnatibell.net/ in Firefox 47.0.1 while using a default Profile and saw the faked "update" page and got the download window. I think either uBlock Origin or NoScript Cross-Site Scripting protection was blocking that for me in my 'normally' used Profiles. Also, the new name of that "Web Forgery" menu item is '''Report deceptive site...''' which is probably a better description of that reporting service. ''I don't use Firefox 47 version when doing Firefox support, I'm still using the Firefox 38 ESR version with that "support" Profile.

tammyr112 1 post

July 2, 2016, 9:56:54 AM PDT

I got a redirected tab a couple days ago while on the local newschanel page. http://www.wrcbtv.com/story/32311469/update-englewood-man-accused-of-killing-father-stabbing-mother Visiting the site today, this page, http://www.wrcbtv.com/story/32247889/update-fourth-of-july-fireworks-around-the-tn-valley caused the redirect to this page https://oophomyperfectsale.net/3171144586430/2e13e183e5023c2fea10aac2619ba44d.html which gave the pop-up to DL the "update"

JoeAllen2 2 posts

July 2, 2016, 10:55:52 PM PDT

Ok I got this request for update twice. On the first one I downloaded it, so I have a copy, and then got suspicious. I was not able to confirm any Mozilla firefox links or certificates. So I Didn't run it.

However, as I was doing the research here in the formus, I started off with the message, "I have the most recent update". Then I happened to click the HELP menu at the top of the browser, and clicked ABOUT FIREFOX. It displayed the version as 47.0. But then directly underneath it was the message "updating" I now have the button to RESART FIREFOX TO UPDATE. The version is still listed as 47.0 too.

Is it possible that this is a bad thing?

Also in the past hour AVG AntiVirus Free is detecting firefox-patch.exe as a Trojan hourse generic_r.KTU and wants to protect me.

Ok I got this request for update twice. On the first one I downloaded it, so I have a copy, and then got suspicious. I was not able to confirm any Mozilla firefox links or certificates. So I Didn't run it. However, as I was doing the research here in the formus, I started off with the message, "I have the most recent update". Then I happened to click the HELP menu at the top of the browser, and clicked ABOUT FIREFOX. It displayed the version as 47.0. But then directly underneath it was the message "updating" I now have the button to RESART FIREFOX TO UPDATE. The version is still listed as 47.0 too. Is it possible that this is a bad thing? Also in the past hour AVG AntiVirus Free is detecting firefox-patch.exe as a Trojan hourse generic_r.KTU and wants to protect me.

Modified by JoeAllen2 on July 2, 2016, 11:00:59 PM PDT

philipp 1293 posts

July 2, 2016, 11:16:03 PM PDT

hi JoeAllen2, what you got there by checking in the help > about firefox panel is a non-critical genuine update to firefox 47.0.1, which is unrelated to those fake website popups: https://support.mozilla.org/en-US/forums/contributors/712001#post-69454

hi JoeAllen2, what you got there by checking in the ''help > about firefox'' panel is a non-critical genuine update to firefox 47.0.1, which is unrelated to those fake website popups: https://support.mozilla.org/en-US/forums/contributors/712001#post-69454

Modified by philipp on July 3, 2016, 7:30:48 AM PDT

James 1620 posts

July 3, 2016, 7:28:12 AM PDT

JoeAllen2 said

Also in the past hour AVG AntiVirus Free is detecting firefox-patch.exe as a Trojan hourse generic_r.KTU and wants to protect me.

A good thing you did not override and try to run it anyways as this virustotal scan of a fake firefox-patch.exe shows. 37 / 55 https://www.virustotal.com/en/file/e73820fe8b3c5022b03025657286304365c0d2d8312ccbdd136f8a0ecbe7cad1/analysis/1467413383/

and a recent scan of another fake firefox-patch.exe Detection ratio: 24 / 53 https://www.virustotal.com/en/file/12446f2ad470ad093db192821faabac19044814637c3b4889ef5403fc6805b56/analysis/1467588247/

''JoeAllen2 [[#post-69505|said]]'' <blockquote>Also in the past hour AVG AntiVirus Free is detecting firefox-patch.exe as a Trojan hourse generic_r.KTU and wants to protect me. </blockquote> A good thing you did not override and try to run it anyways as this virustotal scan of a fake firefox-patch.exe shows. 37 / 55 https://www.virustotal.com/en/file/e73820fe8b3c5022b03025657286304365c0d2d8312ccbdd136f8a0ecbe7cad1/analysis/1467413383/ and a recent scan of another fake firefox-patch.exe Detection ratio: 24 / 53 https://www.virustotal.com/en/file/12446f2ad470ad093db192821faabac19044814637c3b4889ef5403fc6805b56/analysis/1467588247/

Modified by James on July 4, 2016, 8:15:28 AM PDT

James 1620 posts

July 4, 2016, 9:44:27 AM PDT

Sites serving a fake Firefox updates .exe is not a new scam as for example these threads from November/December 2015 or so.

During that time it was installing say Cryptolocker, a ransomware trojan for anybody who ran the .exe on Windows.

Sites serving a fake Firefox updates .exe is not a new scam as for example these threads from November/December 2015 or so. https://support.mozilla.org/en-US/questions/1092584 https://support.mozilla.org/en-US/questions/1092693 https://support.mozilla.org/en-US/questions/1097853 https://support.mozilla.org/en-US/questions/1097879 https://support.mozilla.org/en-US/questions/1098458 https://support.mozilla.org/en-US/questions/1099576 https://support.mozilla.org/en-US/questions/1099692 https://support.mozilla.org/en-US/questions/1099899 https://support.mozilla.org/en-US/questions/1100400 https://support.mozilla.org/en-US/questions/1100767 https://support.mozilla.org/en-US/questions/1100943 https://support.mozilla.org/en-US/questions/1101107 https://support.mozilla.org/en-US/questions/1101525 https://support.mozilla.org/en-US/questions/1101576 https://support.mozilla.org/en-US/questions/1102609 During that time it was installing say Cryptolocker, a ransomware trojan for anybody who ran the .exe on Windows.

Modified by James on July 4, 2016, 10:05:40 AM PDT

Explore by product

Explore by topic

Browse by product

Browse all forum threads by topic

Get help with

Search Support