Avatar for Username

Поиск в Поддержке

Избегайте мошенников, выдающих себя за службу поддержки. Мы никогда не попросим вас позвонить, отправить текстовое сообщение или поделиться личной информацией. Сообщайте о подозрительной активности, используя функцию «Пожаловаться».

Learn More

Эта тема была архивирована. Если вам нужна помощь, задайте новый вопрос.

attempted browser hijack downloaded trojan / linked to FF Block site 4.0.5.2 add-on.

  • 3 ответа
  • 1 имеет эту проблему
  • 2 просмотра
  • Последний ответ от midnightvisions

midnightvisions
midnightvisions
more options

My FF was in an attempted hijacking.

I was able to get out of it and report the web site through this menu's Report Deceptive Site. A follow up virus scan did not reveal anything.

Several days later I received an email stating the hijack downloaded a key logger which copied all my contacts and passwords. It then demanded a ransom of more money that I have and instructions on how to bitcoin the money to them, also something I have no idea what they are talking about. The hijackers included one password as evidence of the keylogger. I do not have a camera attached to my computer so the rest of the message was just rubbish.

a virus scan then revealed the Domepidief.A trojan which downloaded the file NSMAIL.PDF.

NSMAIL.PDF was located at c:\Users\your account\Appdata\Local\Temp\nsmail.pdf

NSMAIL.PDF showed as a Videolan VLC extension withthe roadcone icon.

Then FF started to repeatedly try to connect to Adult.yourblocksite.com. through troubleshooting the FF add-on Block site 4.0.5.2 was the source of the pinging.

You need to remove the Block Site add-on as its been hijacked by criminals.

My FF was in an attempted hijacking. I was able to get out of it and report the web site through this menu's Report Deceptive Site. A follow up virus scan did not reveal anything. Several days later I received an email stating the hijack downloaded a key logger which copied all my contacts and passwords. It then demanded a ransom of more money that I have and instructions on how to bitcoin the money to them, also something I have no idea what they are talking about. The hijackers included one password as evidence of the keylogger. I do not have a camera attached to my computer so the rest of the message was just rubbish. a virus scan then revealed the Domepidief.A trojan which downloaded the file NSMAIL.PDF. NSMAIL.PDF was located at c:\Users\your account\Appdata\Local\Temp\nsmail.pdf NSMAIL.PDF showed as a Videolan VLC extension withthe roadcone icon. Then FF started to repeatedly try to connect to Adult.yourblocksite.com. through troubleshooting the FF add-on Block site 4.0.5.2 was the source of the pinging. You need to remove the Block Site add-on as its been hijacked by criminals.

Выбранное решение

The email sounds like a variation of one of those blackmail email scams.

https://www.reddit.com/r/Scams/comments/8gsjba/the_blackmail_email_scam/ https://www.kshb.com/money/consumer/dont-waste-your-money/scary-porn-blackmail-scam-knows-your-password

Прочитайте этот ответ в контексте 👍 1

Все ответы (3)

FFus3r
FFus3r
more options

scan your system with:

use malwarebytes in safe mode and normal mode.

James
James
  • Top 25 Contributor
  • Moderator
more options

Выбранное решение

The email sounds like a variation of one of those blackmail email scams.

https://www.reddit.com/r/Scams/comments/8gsjba/the_blackmail_email_scam/ https://www.kshb.com/money/consumer/dont-waste-your-money/scary-porn-blackmail-scam-knows-your-password

midnightvisions
midnightvisions Задавший вопрос
more options

Yes, so the old password came from a Linkedin hack in 2012, not an old password hacked from FF.

Thanks for the news. The email threat was rubbish and the info it stated was not correct, but my concern was where the password came from, if it was indeed hacked from firefox or not.

thanks