Jump to content

Cant get rid of bogus "your infected" popup in FireFox


Recommended Posts

I have a user running Win7 Pro 64.
They are continually being directed in FireFox to a fake "your computer is infected site"

I have run a full Avast scan - no items found
A MalwareBytes scan - nothing found
Windows Defender - nothing found
FF has no add-ins or extensions
completely deleted their FF profile
Done a system restore back as far as possible

I cant get a clear answer from the user if it will happen when FF is not running (I think it has to be open, but could be in the background).  I myself have clicked on a totally clean link and been redirected to the "your infected" page, but as I said I think FF just needs to be open, no link click necessary.

All startup programs and services are legit

The URL to the site is a very long string:
h t t p : //code-ss57.stream/guest/01234567891011121314151617181920212223....

Any thoughts, or help would be appreciated


Link to post
Share on other sites

This is not malware on your PC.  It is a malicious web site.  A scam web site.  There is nothing anti malware software can find because it does not come from your PC, it is a web site and emanates from the Internet.  At best an anti malware application may block the site IFF that site is known.  However these site come and go and actually have short life spans.

Use Task Manager and Kill the FIREFOX.EXE processes or you can logoff or reboot the PC.


I have created a 1series of videos generated from these fraud sites for the purposes of recognition and education.  They are all  videos from real web sites.  ALL are FRAUDS.

All these have one thing in common and they have nothing to do with any software on your PC.  They are all nefarious web sites meant to defraud you of money. The objective is to, falsely, goad you to make the phone call and pay for some service contract for an incident that never happened.  From there they may continue to charge your Credit Card for other services, remote into your computer and do real damage and/or exfiltrate your personal data and they may use the information they obtain from you to commit additional frauds.


I have also created a PDF ScreenShow of a myriad of FakeAlert screens - FakeAlert-Screens.pdf

US FBI PSA - Tech Support Scam


1.  Also located at "My Online Security" - Some videos of typical tech support scams


Edited by David H. Lipman
Spelling, Grammar and Clarification
Link to post
Share on other sites

Thanks for your reply.

I completely understand that this is bogus, and I also know how to kill the FF process BUT this bogus site is popping up daily and with FF open just to some clean site like MSNBC or wile clicking on a completely benign and trusted link.

Link to post
Share on other sites

I know this family of FakeAlerts well.  They require a malvertiser to get redirected to one of these FakeAlert sites and they redirect to a new FakeAlert site approximately hourly.  You indicate that you keep getting this one site code-ss57.stream .

If you kill FIREFOX.EXE via Task manager and then re-load Firefox it will load the last site(s) rendered when Firefox crashed ( killing FIREFOX.EXE by Task Manager is akin to Firefox crashing ).

To prevent Firefox from reloading a web site that was rendered when Firefox crashed, one can restart Firefox in Safe Mode.  You can load Firefox in  Safe Mode by holding down the "Shift" key and then start Firefox.  Firefox will then show a dialogue giving one a choice to "Start in Safe Mode" or "Refresh Firefox".  Choose; "Start in Safe Mode".  Firefox will then load in Safe Mode .  Then close Firefox again and then reload Firefox.  Firefox will then load cleanly.

Then see if you can reproduce the problem.

If you can then please follow the above processes to kill FIREFOX.EXE via Task manager, re-start in Safe Mode and then reload Firefox again.

Then I'd like you to go the Firefox's History.  Either from the Firefox pull-down menu ( History ---> Show All History ) or by hitting the key sequence; "Shift" + "Ctrl" + "h".

Then please provide the last several URLs shown in Firefox's History prior to the FakeAlert URL..


Edited by David H. Lipman
Spelling, Grammar and Clarification
Link to post
Share on other sites

  • Root Admin

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread.



Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.