Urgent Firefox Update Scam

[jthodgson]

I have just fallen for the "Urgent Firefox Update" scam, and not only downloaded the JavaScript but run it! It was when this opened a terminal window and started running something that I realised it was some sort of malware. At this point, I disconnected my computer from the Internet and ran Malwarebytes. This detected three suspicious files which I quarantined. The corresponding Malwarebytes log is attached.
I then, following the advice at:
https://malwaretips.com/blogs/remove-fake-urgent-firefox-update-virus/
ran AdwCleaner and HitmanPro (see HitmanPro_20170705_1523.log) which deleted a whole bunch of cookies and an executable which I believe to be, in fact, benign (it has been on my system without causing problems for a year or more). I then updated and reran Malwarebytes, which then found no threats.
 
My concern is whether I can safely continue to use the machine, or if there is anything I can do to ensure that there is no residual threat lurking somewhere. I'm running the latest version of Windows 10 on a Microsoft surface pro 3.

In case this is relevant the source of the rogue software (retrieved from my browsing history) appears to be

https://odahxvisitezmonsite.com/2051415340379/1499254195619138/firefox-update.js

and

https://odahxvisitezmonsite.com/2051415340379/1499254195619138/firefox-patch.js

Immediately prior to receiving the "Urgent Firefox Update" message the webpage I was on was
https://www.thoughtco.com/photoshop-clone-stamp-tool-tutorial-1697534

Any advice would be welcome!

malware.txt

HitmanPro_20170705_1523.log

Edited July 5, 2017 by celee
disable potentially malicious URLs

[AdvancedSetup]

Hello @jthodgson and

Let me have you run the following please.

 

Post back the logs when ready.

STEP 01
Please download Junkware Removal Tool to your desktop.

• Shutdown your antivirus to avoid any conflicts.
• Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next reply message
• When completed make sure to re-enable your antivirus

STEP 02

 

 

Fix with AdwCleaner

 

Please download AdwCleaner by Xplode and save the file to your Desktop.

• Right-click on icon and select Run as Administrator to start the tool.
• Accept the Terms of use.
• Wait until the database is updated.
• Click Scan.
• When finished, please click Clean.
• Your PC should reboot now.
• After reboot, logfile will be opened. Copy its content into your next reply.

Note: Reports will be saved in your system partition, usually at C:\Adwcleaner

STEP 03
Download Sophos Free Virus Removal Tool and save it to your desktop.
 

• Double click the icon and select Run
• Click Next
• Select I accept the terms in this license agreement, then click Next twice
• Click Install
• Click Finish to launch the program
• Once the virus database has been updated click Start Scanning
• If any threats are found click Details, then View Log file (bottom left-hand corner)
• Copy and paste the results in your reply
• Close the Notepad document, close the Threat Details screen, then click Start cleanup
• Click Exit to close the program
• If no threats were found, please confirm that result.

STEP 04
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

• Double-click to run it. When the tool opens, click Yes to disclaimer.
• Press the Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
• The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here.
• Please attach the Additions.txt log to your reply as well.

 

Thanks

Ron