• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

Kudos0

Firefox "critical update" scam

So I was fooled by the Norton "critical update" tab popping up, and allowed it to run.  A program was downloaded, then the machine rebooted.  As that was happening I realized this had to be malware.  Norton did not stop anything from running, and did not detect any intrusion.  I searched for possible sources, and found info on the malware that pops up the window, but no info on fixing whatever got installed.  I followed instructions for removing the Kotver trojan, just in case - but it found nothing.  I deleted it anyway.  Overnight, Norton found unusually high traffic from this computer to the internet - so I ran Norton power eraser and removed a .lnk file that was suspect but could not be confirmed as malicious.  I ran Norton Utilities to assess any registry issues, then ran CCleaner to do the same thing, and deleted all temp files.  I uninstalled and reinstalled Firefox.  Last night I got the message again from Norton about unusual internet traffic, but Power Eraser found nothing.  Norton AntiVirus also stopped a web attack this morning.  So something is still going on with this machine and I have shut it down until I can find more info to clean it.  Does anyone know what gets installed if you fall for the fake critical update?  (Windows 7 64 bit)

Replies

Kudos0

Re: Firefox "critical update" scam

The false update pop up is generated from a website you are visiting. Try to remember what site you were on when you saw the pop up and stay away from it in the future.

You can try contacting Norton Support and asking for the Virus Protection Promise. Explain what happened and have them check out your system.    www.norton.com/contactcs

Things happen. Export/Backup your Norton Password Manager data.
Kudos0

Re: Firefox "critical update" scam

Hello

Was it a critical Firefox update or a critical Norton Update? What version of Norton are you on?

Thanks.

Success always occurs in private and failure in full view. Windows 10 Pro 64 bit Norton Core Security Plus 22.17.3.50 Core Firmware 282 I E 11 Chrome latest version.
Kudos0

Re: Firefox "critical update" scam

It's a well known adware exploit in Firefox.  A new tab pops up with the Firefox logo, and it prompts you to click on a "critical update" download - which then infects your system.  But no one seems to know what it actually installs.  My Norton Anti-Virus is current, but for some reason it didn't block the download.  The system restarted after it installed.

Kudos0

Re: Firefox "critical update" scam

Hello

I would recommend what peterweb mentioned and call up Customer Support. Check out the Virus Protection Promise and see if they can clean up the malware.

Thanks.

Success always occurs in private and failure in full view. Windows 10 Pro 64 bit Norton Core Security Plus 22.17.3.50 Core Firmware 282 I E 11 Chrome latest version.
Accepted Solution
Kudos0

Re: Firefox "critical update" scam

So I took the machine off the network until I had more time.  After reading some techrepublic forums, I ran Avast.  No threats detected.  Then Microsoft's malicious software removal tool, SuperAntiSpyware, and Malwarebytes.  Nothing.  Figuring it must be a rootkit, I installed GMER.  Nothing.

I let the machine sit idle for a month, and tonight I put it back on the network.  Norton, SuperAntiSpyware, and Malwarebytes all updated.  Only Malwarebytes finally found the rootkit.  "Rootkit.Fileless.MTGen".  Looking at the Norton Security Log, there were multiple attempts for unauthorized access and blocked "Suspicious Activity" instances.  As soon as I quarantined the 4 rootkit instances with Malwarebytes, the suspicious activity stopped but I still see another unauthorized access attempt that was blocked.  Its getting late, so I will have to come back to support tomorrow.  But apparently the quarantine has not completely cleaned the system.........at least now I know what the Firefox exploit does.

Kudos0

Re: Firefox "critical update" scam

I got the same Firefox " Critical Update " and clicked install. Avast stopped the install immediately and removed all traces of what was starting to install. This was done with the free version of Avast

This thread is closed from further comment. Please visit the forum to start a new thread.