Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

maleware in the website ff dutch

more options

i think your website has maleware i downloaded ff and get maleware and now some other users to. i downloaded it on the official site and de dutch version. check it please

i think your website has maleware i downloaded ff and get maleware and now some other users to. i downloaded it on the official site and de dutch version. check it please

All Replies (8)

more options

Firefox from the official Mozilla server doesn't come with malware.

Some security software thinks that the small stub installer is containing malware because it needs to access internet to download all the files.

Try to full installer instead.

You can find the full version of the current Firefox release (58.0.1) in all languages and all operating systems here:

more options

I downloaded the Win64 Dutch Firefox 58.0.1 from www.mozilla.org/firefox/all/ and the stub installer (Dutch) from http://archive.mozilla.org/pub/firefox/releases/58.0.1/win32/nl/

Firefox 58.0.1 full Win64 Setup (Dutch) https://www.virustotal.com/#/file/88bc8c4dc147d742a1e624a044ff0668548257075b33549b4dc078c4548205d0/detection

Firefox 58.0.1 stub (Dutch) https://www.virustotal.com/#/file/3f34a85a3af2ad6d2ca7726573a9c3aa6cc2111b322269cece1a95baf3a6b5dc/detection

Cylance has a claim of unsafe on both but I would not trust that as it's detecting used on site is different from application and every Firefox version I have scanned in last months Cylance claimed unsafe while no other scanner did. False positives can still happen with the small stub installer even though it has existed since Firefox 18.0 and is safe.

Just because you encounter some malware after installing Firefox does not mean it came with Firefox. https://support.mozilla.org/en-US/kb/troubleshoot-firefox-issues-caused-malware

Modified by James

more options

here are the 2 evil's yahoo and russian bruids you must remove ff and than scan otherwise it thinks its legitiem. after reinstal ff and it's gone. and now a new costumer had the same problem thats i ask check it please. that my question

more options

Hi gerritbagger, those "Autoconfig" files should not be included with Firefox, and hopefully they are not.

If those files show up again, can you have the user take a look inside the .cfg file (open as plain text) and see what it does?

Recently, many users reported this kind of "program folder infection" from installing the Lavasoft/AdAware Web Companion program. That took over the default search engine.

The file does not match, however, so there could be a new one going around.

more options

There is also a Fake "Firefox requires a manual update" page floating around that installs a Extension that starts with FF in name. Mozilla has blocked perhaps 15 of these extensions installed by this in the past couple weeks.

The image below is an example of the Fake "Firefox requires a manual update" page. If you got this then it was not from Mozilla or the Firefox web browser.

more options

i shall explain the story, after a clean install van windows i download the FF from the officiale site login with the account. no adone instalted exept the standaard adblocker. before i want to install te adone's i alway's use the russian site came in the picture soon after the yahoo site. normaly i hit the help and than the about FF for the update never in the 12 years i had any trouble. so it is in the adblocker or FF what is giving the trouble and i have read the help for a answer and i see that more people have strange things in FF so i wonder where is the problem? remind iam not complaining yust asking iam also glad with the answers and i hope to solved this.

more options

Malwarebytes www.malwarebytes.com

-Logboekdetails- Scandatum: 13-01-18 Scantijd: 22:11 Logbestand: 4fdbb92e-f8a6-11e7-8030-d050995ee394.json Beheerder: Ja

-Software-informatie- Versie: 3.3.1.2183 Versie componenten: 1.0.262 Update pakketversie: 1.0.3688 Licentie: Gratis

-Systeeminformatie- Besturingssysteem: Windows 10 (Build 16299.125) Processor: x64 Bestandssysteem: NTFS Gebruiker: BAGGER\gerrit

-Scansamenvatting- Scantype: Bedreigingsscan Resultaat: Voltooid Objecten gescand: 294656 Dreigingen herkend: 2 Dreigingen in quarantaine: 2 Verstreken tijd: 1 min, 40 sec

-Scanopties- Geheugen: Ingeschakeld Opstarten: Ingeschakeld Bestandssysteem: Ingeschakeld Archieven: Ingeschakeld Rootkits: Ingeschakeld Heuristiek: Ingeschakeld POP: Detectie POA: Detectie

-Scandetails- Proces: 0 (Geen kwaadaardige items gedetecteerd)

Module: 0 (Geen kwaadaardige items gedetecteerd)

Registersleutel: 0 (Geen kwaadaardige items gedetecteerd)

Registerwaarde: 0 (Geen kwaadaardige items gedetecteerd)

Registerdata: 0 (Geen kwaadaardige items gedetecteerd)

Gegevensstroom: 0 (Geen kwaadaardige items gedetecteerd)

Map: 0 (Geen kwaadaardige items gedetecteerd)

Bestand: 2 PUP.Optional.FFHijacker, C:\PROGRAM FILES\MOZILLA FIREFOX\153623906.CFG, In quarantaine, [1069], [345408],1.0.3688 PUP.Optional.FFHijacker, C:\PROGRAM FILES\MOZILLA FIREFOX\DEFAULTS\PREF\153623906.JS, In quarantaine, [1069], [330892],1.0.3688

Fysieke sector: 0 (Geen kwaadaardige items gedetecteerd)


(end)

Here is the scanlog but the maleware was not visable so i make the sreenshot

more options

gerritbagger said

Bestand: 2
PUP.Optional.FFHijacker, C:\PROGRAM FILES\MOZILLA FIREFOX\153623906.CFG, In quarantaine, [1069], [345408],1.0.3688
PUP.Optional.FFHijacker, C:\PROGRAM FILES\MOZILLA FIREFOX\DEFAULTS\PREF\153623906.JS, In quarantaine, [1069], [330892],1.0.3688

Thank you for the full names. These definitely should not be present in a new Firefox installation. The only file that is supposed to be present in

C:\PROGRAM FILES\MOZILLA FIREFOX\DEFAULTS\PREF\

is a file named channel-prefs.js

What I think we all want to figure out is how these other files got into the Firefox program folder. And since their names are completely uninformative, possibly randomly generated, what they are.