Getting a request to download from zeezinewsreview.org and can't find out if they are official.
Every 4 or 5 times that I go on the internet using Firefox, I get a Firefox looking screen requesting that I download an add-on. When I check for who is requesting the download I get the name zeezinewsreview.org. When I Google for the organization, it doesn't show up in the short search list. This leads me to believe that this is an attack from someone who does not want to be tracked of validated. I made the mistake of opening it and I had to contact McAffe concierge service to clean up a mess.
Well the update is popping up again when I log on using Firefox. Is this a valid provider for Firefox or someone providing malicious intent under the guise of Firefox? Looks official...
Can you help and reassure me that this is not inviting a hacker onto my PC? If this is not connected or valid support to Firefox, can we get it to disappear so as to not dupe us older folk? (Or anyone else)
All Replies (3)
Is this a page that says there is an urgent update or patch, or a different page? For several weeks now, malware distributors have been buying ads that redirect Firefox to their fake update site, but if they claim it is an add-on, that sounds like a new one.
Do not download or run that file, it is a malware installer.
If you downloaded it (but didn't run it), please delete the download very carefully as follows:
When you are using the downloads panel (the one attached to the toolbar button), be careful not to click anything as that may run it. Instead, right-click it and choose Open Containing Folder. That will launch a file window with the unwanted download highlighted, and then you can press the Delete key to send it to the Windows Recycle Bin.
If the download has already disappeared from the panel, the same mouse action works in the full download list (Ctrl+j or "Show All Downloads").
If you already ran it, please delete the download and also use the free cleaning tools in our support article: Troubleshoot Firefox issues caused by malware.
Since the malware distribution page appears to be opening from advertisements on sites that users visit, it might help to use an ad blocking extension. These are popular (Note: you would only want to use one at a time):
It is malware do not use.
Firefox does not use such an update method. Firefox will soon be upgrading to Fx48 but not like that Please see Update Firefox to the latest release
We do not seem to be able to do much about this it keeps changing websites. Using a scriptblocker such as ublock origin may help.
You may be more vulnerable if you already have other adware on your computer. It would be worth scanning with all the tools mentioned in
Additionally as you downloaded the malware, and it has been associated with the particularly dangerous Kovter Trojan you should run a tool specifically to remove that. The tool is very quick to use and either announces nothing is found, or removes it and generates a log file. if it does find anything it would be interesting to see the content of the log file.
- Instructions with tool download link https://www.symantec.com/security_response/writeup.jsp?docid=2015-092321-2230-99
- Background info if you are interested http://www.symantec.com/connect/blogs/kovter-malware-learns-poweliks-persistent-fileless-registry-update