Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

I have a 'System Update Required' message. I don't trust it, anybody know what it is? Here's the link: https://d3lvr7yuk4uaui.cloudfront.net/inst/FirefoxUpgrade.xpi

  • 3 svar
  • 84 har dette problemet
  • 1 view
  • Siste svar av Ryoki

more options

At the top of the browser window it reads "Firefox prevented this site (whatever site I'm on, ie: support.mozilla.com) from asking you to install software on your computer." Right below that is this message "SYSTEM UPDATE REQUIRED - A critical software update is needed for your browser. Click 'Allow' to update now." The URL for the update download is in my original question. Sounds like a scam to me.

At the top of the browser window it reads "Firefox prevented this site (whatever site I'm on, ie: support.mozilla.com) from asking you to install software on your computer." Right below that is this message "SYSTEM UPDATE REQUIRED - A critical software update is needed for your browser. Click 'Allow' to update now." The URL for the update download is in my original question. Sounds like a scam to me.

All Replies (3)

more options

I would not trust that either, it is not from Mozilla and Firefox does not update using a .xpi file. There have previously been attempts to get people to install malware using this approach.

more options

Thanks for the confirmation TonyE. Anybody know how to make it go away?

more options

I have a solution to your issue. The file via HTTP is malware as well as the Cloudfront "d3lvr7yuk4uaui" distribution. According to a scan of the MD5 file Virus Total MD5 AV Vendor coverage which is an MD5 of the normalized URL the virus/adware variant is currently covered detected by 3/ 42 (7.1%) major Anti-virus vendors, Avast5 as Win32:GamePlayLabs, DrWeb as Adware.GamePlayLabs.2 and NOD32 as Win32/Adware.GamePlayLabs. Funny enough Microsoft does have a How to clean Adware Win32bit is published but their AV product does not detect or clean the issue.

The main thing is if you are running Windows you must shut off your system restore before you start cleaning. If you don't Windows sets a restore point automatically which contains a piece of the malicious code so you can't ever clean the infection.

The infection takes advantage of a browser vulnerability so keep in mind what your current version of Firefox is in comparison to what is available. Also, if you have used the password manager to store any passwords be aware they might have been compromised by this malware. These pieces of malware can also be written to hide from your Anti-virus. Check which anti-virus you have installed and when it was last updated.

1. Turn off your automatic system restore if enabled. How to check system restore 2. Update you Anti-Virus 3. Update your FireFox browser, to check when it was last officially updated go to tools, options, advanced, update, show update history button. 4. In FireFox, Tools, Options, Privacy flush all cookies, and all saved data. Be sure to copy any data you might loose; however, be aware that the infection might involve poisoned cookies or other malicious code so treat any electronic data from the browser as suspect. 5. Update your browser 6. Run your anti-virus, full scan. 7. If you anti-virus does not find anything the matter check out Trend Micro's Hijack This HijackThis inspects your computer’s browser and operating system settings to generate a log file of the current state of your computer. Using HijackThis you can selectively remove unwanted settings and files from your computer. Remove any remaining settings and restart your computer.


Repeat steps until all infection behavior ceases or you trust the integrity of the computer.

8. Check out using a password application instead of your browser. I use Kee Pass Password Application, there are others. Be aware some are Trojan's posing as legitimate password applications but instead store your passwords then steal them. 9. Use NoScript when using FireFox and don't let untrusted JavaScript run in your browser.