Strange popup from Firefox

[jimmyedwards]

I keep getting this popup supposedly from Firefox saying I need to download it ,I haven't yet because I don’t trust it. Thanks for any help.

This is the url.

https://einayforumeiros.ne

[KenB]

Hi,

 

I get a time out when I click on your link.

I wouldn't have thought that F-F would be asking you to download anything other than updates - and these would be done automatically.

 

Also a quick google on the details from the link brings up nothing - which is odd too.

[Starbuck]

I keep getting this popup supposedly from Firefox saying I need to download it

This is not from Firefox it self.

It's either a compromised webpage you are accessing or a piece of adware on your system.

.ne is the Internet country code top-level domain for Niger.... so what ever it is, it won't be good.

 

I suggest that you run AdwCleaner to make sure there's no adware on the system.

 

Please download AdwCleaner by Malwarebytes onto your desktop.

• Close all open programs and internet browsers.
  
• Right-click on the downloaded icon and select Run As Administrator.
  
• Click on the Scan button.
   
  https://i.imgur.com/ntuVdrx.png
   
  
• AdwCleaner will begin to scan your computer.
  
• After the scan has finished...
  
• Click on the Clean button.(if anything is found)
   
  https://i.imgur.com/WQROi3Z.png
   
  
• Press OK when asked to close all programs.
   
  https://i.imgur.com/w9qrEoJ.png
   
  
• Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  
• After rebooting, a logfile report (AdwCleaner[C0].txt) will open automatically.
  
• Copy and paste the contents of that logfile in your next reply.
  
• A copy of that logfile will also be saved in the C:\AdwCleaner folder.

[jimmyedwards]

Thanks for the replies I did the AdwCleaner but not as admin here are the results.

 

# AdwCleaner 7.0.3.1 - Logfile created on Thu Oct 12 20:24:26 2017

# Updated on 2017/29/09 by Malwarebytes

# Running on Windows 8.1 (X64)

# Mode: clean

# Support: https://www.malwarebytes.com/support

 

***** [ Services ] *****

 

No malicious services deleted.

 

***** [ Folders ] *****

 

Deleted: C:\Users\Ray\AppData\LocalLow\Yahoo!\Companion

 

 

***** [ Files ] *****

 

Deleted: C:\Windows\System32\LavasoftTcpServiceOff.ini

Deleted: C:\Windows\SysNative\LavasoftTcpServiceOff.ini

Deleted: C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini

Deleted: C:\Windows\SysNative\LavasoftTcpService64.dll

Deleted: C:\Users\Ray\Downloads\SysInfo.exe

Deleted: C:\Program Files (x86)\Yahoo!\Common\unyt.exe

 

 

***** [ DLL ] *****

 

No malicious DLLs cleaned.

 

***** [ WMI ] *****

 

No malicious WMI cleaned.

 

***** [ Shortcuts ] *****

 

No malicious shortcuts cleaned.

 

***** [ Tasks ] *****

 

Deleted: HP AR Program Upload - 7fc3a4d784604be2b4d002197f18f4ca3c1c5dd625304782ae6cf242c8b50f74

Deleted: HP AR Program Upload - 84bcb34db9f946e8944251e6026ab08ca421cfaa47f34d789a57faeab098e479

Deleted: HP AR Program Upload - 84e70fa7d4d743919ccd443c3d6132b0d6d744ae387342e19f32bc3d5b168979

Deleted: HP AR Program Upload - a43eef6a7e9b47b7ae82508c4f0e48c6a506510c79cb4d6abc72fe4be41fc96f

Deleted: HP AR Program Upload - ebbb76cf134e4ad4b2eae894a4122e0c067f88a663394b6ebaff748f40240995

Deleted: HP AR Program Upload - f83b9e52d02f4a0082c5a5033800ab2cd0be4d2648994ccebb5ee7a48159d05f

 

 

***** [ Registry ] *****

 

Deleted: [Data] - HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{8CDBDBFF-A911-4FDE-9D2F-5311E047BB2A}|DhcpNameServer [208.67.222.222 208.67.220.220]

Deleted: [Key] - HKLM\SOFTWARE\Yahoo\Companion

Deleted: [Key] - HKU\.DEFAULT\Software\Yahoo\Companion

Deleted: [Key] - HKU\.DEFAULT\Software\AppDataLow\Software\Yahoo\Companion

Deleted: [Key] - HKU\S-1-5-21-2801032338-2342425128-3870613798-1001\Software\Yahoo\Companion

Deleted: [Key] - HKU\S-1-5-21-2801032338-2342425128-3870613798-1001\Software\AppDataLow\Software\Yahoo\Companion

Deleted: [Key] - HKU\S-1-5-18\Software\Yahoo\Companion

Deleted: [Key] - HKU\S-1-5-18\Software\AppDataLow\Software\Yahoo\Companion

Deleted: [Key] - HKCU\Software\Yahoo\Companion

Deleted: [Key] - HKCU\Software\AppDataLow\Software\Yahoo\Companion

Deleted: [Key] - HKU\.DEFAULT\Software\Yahoo\YFriendsBar

Deleted: [Key] - HKU\S-1-5-21-2801032338-2342425128-3870613798-1001\Software\Yahoo\YFriendsBar

Deleted: [Key] - HKU\S-1-5-18\Software\Yahoo\YFriendsBar

Deleted: [Key] - HKCU\Software\Yahoo\YFriendsBar

Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}

Deleted: [Key] - HKCU\Software\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}

Deleted: [Key] - HKCU\Software\Classes\TypeLib\{B944FF5E-EC87-4E1E-8C49-2FF3BC573997}

Deleted: [Key] - HKU\S-1-5-21-2801032338-2342425128-3870613798-1001\Software\Classes\TypeLib\{B944FF5E-EC87-4E1E-8C49-2FF3BC573997}

Deleted: [Key] - HKCU\Software\Classes\CLSID\{08613A51-6E3E-43CC-9ECF-DD58B5837341}

Deleted: [Key] - HKCU\Software\Classes\CLSID\{153EDC41-A2CC-4BEB-9EC8-008242389E50}

Deleted: [Key] - HKCU\Software\Classes\CLSID\{188028B8-D91D-4BE2-BABA-68E32BDE4420}

Deleted: [Key] - HKCU\Software\Classes\CLSID\{28E74F15-18C2-465E-B545-6CC738121C68}

Deleted: [Key] - HKCU\Software\Classes\CLSID\{2BF6042B-B9B1-46D9-A3F8-9C987FADD4C6}

Deleted: [Key] - HKCU\Software\Classes\CLSID\{40A222E2-93B1-45F9-9B07-0D1160A31A6C}

Deleted: [Key] - HKCU\Software\Classes\CLSID\{6325A84C-E746-4007-A9C5-E4C1A50ED61F}

Deleted: [Key] - HKCU\Software\Classes\CLSID\{9BCA87A0-5B8F-4500-A5AF-EA1279714FDF}

Deleted: [Key] - HKCU\Software\Classes\CLSID\{BB17DE65-B548-48C2-AC73-1FD1996C7261}

Deleted: [Key] - HKCU\Software\Classes\CLSID\{C77D3EEF-FDCA-4D37-B0D2-5FF650E07825}

Deleted: [Key] - HKCU\Software\Classes\CLSID\{EA70EB31-CBAD-4862-AFDA-DCFCC32722ED}

Deleted: [Key] - HKCU\Software\Classes\CLSID\{EC9100F8-5918-4F1B-9CC1-4D34A64E0FE0}

Deleted: [Key] - HKCU\Software\Classes\CLSID\{F1A1ABE3-F454-4DD9-B520-01F2EEC5F0DD}

Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{D8F06F2A-FDCE-4F12-8D2A-7A97A752CF1A}

Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}

Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{61A2027D-B837-4080-A925-6E30E10DEF32}

Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{1E57256D-9F39-4267-AB39-D7813D644C5A}

Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{31371420-098D-4C0E-A11E-EBEC2305DD01}

Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{3A06AA27-D94B-48C2-BB55-9FD0FF2120E3}

Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{46140CE4-76FE-440E-AE88-4C2272BC05C7}

Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{9F9C4C5C-2BA8-4E00-A697-9F710BB1026B}

Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{C60CCE95-6AF9-4E74-B66B-3212D19F1D2F}

Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{FBE30D66-39A2-4b72-8B43-6D4C335A6F34}

Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{1CAE874F-F5C7-4BCC-BA46-9AD26DF35B93}

Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{EFC0651C-B6D7-49CD-A6E0-B1CE9AB5FE46}

Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EFC0651C-B6D7-49CD-A6E0-B1CE9AB5FE46}

Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{12D3E096-0FDF-42CC-8F44-04944F9C1648}

Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{22389F39-2CF4-47C4-B8B2-273BB16BF70C}

Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{23E3CEB3-D63A-433E-A5D0-4DB1C501B915}

Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{26A3152F-CF87-4C5B-8093-4D4B9EC084EB}

Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{29E3319C-4B3C-479F-8692-BDD2CA30BEDD}

Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{367BD1CD-74A3-451F-B1A4-6A2DE4129A2D}

Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{49F018EE-F362-4B5B-8EC8-BCF9246ABF21}

Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{63B73044-FC1A-4FE1-991B-FDBD4CDAA868}

Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{7207E52B-821E-4C05-A8D6-2965B2BE77CF}

Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{863FCF5D-DC39-4DA9-AF32-CB0025990EEE}

Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{B09E015A-4D4E-4F8D-A436-95E19140947D}

Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{B1E712C4-03AA-495F-B0F5-0F057E126E2A}

Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{D13DC65C-C77B-4986-9078-DEA3D34C71BB}

Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{F56ACA29-1C99-40F1-AC64-2E44C4F6BC71}

Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{7375D127-3955-4654-8E7D-1949A7A9C902}

Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{371AD4A5-1520-4AA2-A8A4-F9AD3BAC6957}

Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{7F124846-5453-4BB8-A41D-E11481FFC9DF}

Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{8FD65019-BF09-45DA-AD81-E95AE911F1FD}

Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{F6C2BABA-9E4C-425F-9AEC-24AB8F2B640D}

Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{528B5866-2BA6-42CE-8F74-39FB23B49767}

Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{3C16E079-E4C7-493C-BE9F-E0F2BB0B7430}

Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{6EB4349D-4333-442F-ACA4-4C72AF28B6ED}

Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{7DB8B625-DBF0-4491-B544-5A06F7B17BB4}

Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{8E74A0AE-F0ED-47ED-A940-A8E99687646B}

Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{9DE77B51-89F6-468E-9402-16050382E950}

Deleted: [Value] - HKU\S-1-5-21-2801032338-2342425128-3870613798-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Search Protection

Deleted: [Key] - HKCU\Software\Classes\AppID\ShopAtHomeHelper.EXE

Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION|BackgroundHost64.exe

Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_WEBOC_MOVESIZECHILD|BackgroundHost64.exe

Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION|BackgroundHost.exe

Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_WEBOC_MOVESIZECHILD|BackgroundHost.exe

Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\yt.DLL

Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\ytbbroker.EXE

Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\antcom-video-downloader.en.softonic.com

Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\en.softonic.com

Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.com

Deleted: [Key] - HKLM\SOFTWARE\Applian Technologies

Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HP AR Program Upload - 7fc3a4d784604be2b4d002197f18f4ca3c1c5dd625304782ae6cf242c8b50f74

Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HP AR Program Upload - 84bcb34db9f946e8944251e6026ab08ca421cfaa47f34d789a57faeab098e479

Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HP AR Program Upload - 84e70fa7d4d743919ccd443c3d6132b0d6d744ae387342e19f32bc3d5b168979

Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HP AR Program Upload - a43eef6a7e9b47b7ae82508c4f0e48c6a506510c79cb4d6abc72fe4be41fc96f

Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HP AR Program Upload - ebbb76cf134e4ad4b2eae894a4122e0c067f88a663394b6ebaff748f40240995

Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HP AR Program Upload - f83b9e52d02f4a0082c5a5033800ab2cd0be4d2648994ccebb5ee7a48159d05f

 

 

***** [ Firefox (and derivatives) ] *****

 

No malicious Firefox entries deleted.

 

***** [ Chromium (and derivatives) ] *****

 

SearchProvider deleted: Ask - websearch.ask.com

SearchProvider deleted: Conduit - search.conduit.com

 

 

*************************

 

::Tracing keys deleted

::Winsock settings cleared

::Additional Actions: 0

 

 

 

*************************

 

C:/AdwCleaner/AdwCleaner[s0].txt - [1951 B] - [2017/1/25 20:10:42]

C:/AdwCleaner/AdwCleaner[s1].txt - [1095 B] - [2017/1/25 20:23:17]

C:/AdwCleaner/AdwCleaner[s2].txt - [16153 B] - [2017/1/31 23:39:59]

C:/AdwCleaner/AdwCleaner[s3].txt - [12091 B] - [2017/10/12 20:22:26]

 

 

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########

[Starbuck]

Hi Jimmy,

 

Well that was worth running.

Are you still getting that popup?

[jimmyedwards]

So far I haven't seen it again,thanks for the help. I suppose this is solved.

[jimmyedwards]

The popup came back yesterday ,I am going to try and put a screenshot of it up here. It says the file is too large and it is only 335 kbs,it is a jpeg.

This is the message Opening firefox-patch.js

which is javascript file(8.4.kb)

From:https://ooyuwfreesoft-board.net

would you like to save this file?

[Starbuck]

Does this popup appear when using any other browser?

 

If it's only when using Firefox, try resetting Firefox back to the defaults.

 

To Reset Firefox

• At the top of the Firefox window, click the Help menu and select Troubleshooting Information
  
• Click the Reset Firefox… button in the upper-right corner of the Troubleshooting Information page.
  
• To continue, click Reset Firefox in the confirmation window that opens.
  
• Firefox will close and be reset. When it's done, a window will list the information that was imported.
  
• Click Finish and Firefox will open.
  

Note:

After the reset is finished, your old Firefox profile information will be placed on your desktop in a folder named "Old Firefox Data." If the reset didn't fix your problem you can restore some of the information not saved by copying files to the new profile that was created.

If you don't need this folder any longer, you should delete it as it contains sensitive information.

 

The reset feature works by creating a new profile folder for you while saving your most important data.

 

Firefox will try to keep the following data:

• Bookmarks
  
• Browsing history
  
• Passwords
  
• Cookies
  
• Web form auto-fill information
  
• Personal dictionary
  

[jimmyedwards]

I did the reset and now another popup has shown I am going to try to add it as an attachment.

I cant send an attachment because the size is too large,I don't understand how that can be ,is there any way I can delete the files already in the file manager ?

[jimmyedwards]

I am sorry and I apologize for wasting peoples time, I looked in my old posts and see where I had this same problem earlier this year. Once again my apologies

[h=1]Forum: Malware Infection Removal[/h]

Firefox -patch problem

Started by jimmyedwards, 04-02-2017 11:35 PM

[Starbuck]

Hi Jimmy,

 

There could be more going than than we first thought.

It may be worth having a good look at the system.

 

Note:

There are both 32-bit and 64-bit versions of Farbar Recovery Scan Tool available. Please pick the version that matches your operating system's bit type.

 

If you are unsure what you're system bit type is..... click Here for help.

 

For x32 bit systems download Farbar Recovery Scan Tool and save it to your Desktop.

 

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to your Desktop.

 

• Double-click the downloaded icon to run the tool. Vista/Windows 7/8/10 users right-click and select Run As Administrator
  
• When the tool opens click Yes to disclaimer.
  
• Make sure that Addition.txt is selected at the bottom
  
• Press Scan button.
   
  http://i.imgur.com/YO62v3X.png
   
  
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  
• The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply also.