Jump to content

Website blocked upon launching Firefox- 'fix', but questions, please


Recommended Posts

I recently posted on the malware removal forum; the threat scan & logs showed no threats.

 

For the first time ever (the past 2 days) - while launching Firefox, a green Malwarebytes pop-up indicates:

Website blocked

Domain: findresults.site

IP Address: 103.224.182.251

Port: 0

Type: Inbound

 

I "solved" this blocked popup by disabling a Firefox add-on (a video downloader I've had on my system for years without incident).

(BTW, yes, I am ashamed I'm on an old system (Vista, and running Malwarebytes 3.1.2.1733), but am in the process of upgrading).

 

MY QUESTIONS: 

1) What the heck does this all mean? Am I infected but Malwarebytes threat scans can't find it?

2) What does it mean that a site (apparently unrelated to my Add-on) is trying to contact my computer upon launching Firefox?

3) Why would disabling that one Add-on eliminate the (unrelated) website blocked pop-up?

4) Is everything OK now - can I stop fretting about this?

 

Thank you for your consideration

Link to post
Share on other sites

  • Staff

***This is an automated reply***

Hi,

Thanks for posting in the Malwarebytes for Windows Help forum.

If you are having technical issues with our Windows product, please do the following:

Malwarebytes Support Tool - Advanced Options

This feature is designed for the following reasons:

  • For use when you are on the forums and need to provide logs for assistance
  • For use when you don't need or want to create a ticket with Malwarebytes
  • For use when you want to perform local troubleshooting on your own

How to use the Advanced Options:

Spoiler
  1. Download Malwarebytes Support Tool
  2. Double-click mb-support-X.X.X.XXXX.exe to run the program
    • You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
  3. Place a checkmark next to Accept License Agreement and click Next
  4. Navigate to the Advanced tab
  5. The Advanced menu page contains four categories:
    • Gather Logs: Collects troubleshooting information from the computer. As part of this process, Farbar Recovery Scan Tool (FRST) is run to perform a complete diagnosis. The information is saved to a file on the Desktop named mbst-grab-results.zip and can be added as an email attachment or uploaded to a forum post to assist with troubleshooting the issue at hand.
    • Clean: Performs an automated uninstallation of all Malwarebytes products installed to the computer and prompts to install the latest version of Malwarebytes for Windows afterwards. The Premium license key is backed up and reinstated. All user configurations and other data are removed. This process requires a reboot.
    •  Repair System: Includes various system-related repairs in case a Windows service is not functioning correctly that Malwarebytes for Windows is dependent on. It is not recommended to use any Repair System options unless instructed by a Malwarebytes Support agent.
    • Anonymously help the community by providing usage and threat statistics: Unchecking this option will prevent Malwarebytes Support Tool from sending anonymous telemetry data on usage of the program.
  6. To provide logs for review click the Gather Logs button
  7. Upon completion, click OK
  8. A file named mbst-grab-results.zip will be saved to your Desktop
  9. Please attach the file in your next reply.
  10. To uninstall all Malwarebytes Products, click the Clean button.
  11. Click the Yes button to proceed. 
  12. Save all your work and click OK when you are ready to reboot.
  13. After the reboot, you will have the option to re-install the latest version of Malwarebytes for Windows.
  14. Select Yes to install Malwarebytes.
  15. Malwarebytes for Windows will open once the installation completes successfully.

Screenshots:

Spoiler
 
 
 
 
Spoiler

 

 

01.png

02.png

03.png

04.png

05.png

06.png

 

 

If you are having licensing issues, please do the following: 

Spoiler

For any of these issues:

  • Renewals
  • Refunds (including double billing)
  • Cancellations
  • Update Billing Info
  • Multiple Transactions
  • Consumer Purchases
  • Transaction Receipt

Please contact our support team at https://support.malwarebytes.com/hc/en-us/requests/new to get help

If you need help looking up your license details, please head here: Find my premium license key

 

 

Thanks in advance for your patience.

-The Malwarebytes Forum Team

Link to post
Share on other sites

  • Staff

Greetings,

It's likely that the developer of the add-on is being paid by, is affiliated with, or is using the blocked site for some purpose such as harvesting browsing data, displaying ads, or modifying search results.  It's a fairly common issue with many add-ons, especially lesser known ones from less reputable/unknown developers.

As for why nothing was detected, my guess would be that the add-on itself is likely not malicious and doesn't fit the criteria to be detected as a PUP (Potentially Unwanted Program) so Malwarebytes would not detect it in a scan.

Edited by exile360
Link to post
Share on other sites

Thank you for you quick and informative response.

There may indeed be something shady going on because when I navigated to the developer's website and clicked the "Support" tab I was met with a firestorm of re-direct to re-direct, sometimes landing on a clothing vendor's site, sometimes landing on a dating site, sometimes landing on a strange 'your gender and age matter to us' so please click on the buttons that correspond to your gender and (exact) age -- in other words a different site each of the three times I tried to get to their support page.

I don't know what is going on but it probably isn't good, and I don't plan on going back a fourth time.

Thanks again..

Link to post
Share on other sites

4 hours ago, DoctorZaius said:

.... I'm on an old system (Vista, and running Malwarebytes 3.1.2.1733), but am in the process of upgrading...

Hi DoctorZaius:

After you've finished working with AdvancedSetup in the Windows Malware Removal Help & Support board you might want to keep the following in mind.

This might be slightly off-topic, but is there a reason why you aren't using Malwarebytes v3.5.1.2522-1.0.365, the latest legacy version for Win XP and Vista (see the Malwarebytes FAQ <here> for a download link)?  And assuming you're using Firefox ESR v52.9.0 (the last legacy version for Win XP and Vista released 26-Jun-2018), do you have a reputable ad blocker like Adblock Plus for Firefox (see https://addons.mozilla.org/en-US/firefox/addon/adblock-plus/) installed in your browser that still supports Firefox v52 and higher?

My main computer is a Win 10 Pro v20H2 laptop, but I also have a Vista SP2 laptop that I boot up on occasion and the legacy Malwarebytes v3.5.1.2522 still runs well on this Vista machine.

Link to post
Share on other sites

Portos,

Apologies for any faux pas.

I was under the impression it had indeed been worked out - no malware present. So I posted on this thread what I thought was more nuts & bolts question as opposed to a request for assistance for malware removal help.

Link to post
Share on other sites

Imacri,

Thank you for the info. (I do actually have ad blocker but I disabled it because sites I've long since forgotten objected to it).

I'm embarrassed to admit I thought that since I now have a Legacy product (and even an apparently outdated legacy product at that), clicking the "Install now" button for a "New and improved version of Malwarebytes is available" would result in a fail to install the last legacy update, just a new version that my system would fail to install because I am on Vista.

Fear of clicking something and left naked & afraid, seemed to be worse that continuing on w/ancient 3.1.2.

If you (or anyone) can assure me I can indeed click without fear (to "upgrade" to 3.5.1.255) and it'll actually happen this late in the game, then I'd give it a go.

I read the FAQ you listed, thanks. Still...old Malwarebytes is better than no Malwarebytes, if that makes sense.

Link to post
Share on other sites

8 hours ago, DoctorZaius said:

...If you (or anyone) can assure me I can indeed click without fear (to "upgrade" to 3.5.1.255) and it'll actually happen this late in the game, then I'd give it a go.

Hi DoctorZaius:

If you check for a product update from within Malwarebytes v3.1.2.1733 (e.g., Settings | Application | Install Application Updates) as shown below and the latest legacy Malwarebytes v3.5.1.2522 doesn't install correctly then try an over-the-top update.  Download the full offline installer (mb3-setup-legacywos-3.5.1.2522-1.0.365-1.0.5292.exe) from the link AdvancedSetup suggested at https://downloads.malwarebytes.com/file/mbam_legacy and save it to your desktop and then double-click to run the .exe installer.

1327834468_MBv3_2_2InstallApplicationUpdates.png.a0dd14fbd659278552d8aa70b86f9df0.png

Over-the-top updates always worked on my Vista SP2 machine, but if you run into problems let us know and someone will provide instructions for performing a clean reinstall of the legacy Malwarebytes v3.5.1.2522.

Quote

... I do actually have ad blocker but I disabled it because sites I've long since forgotten objected to it...

Most ad blockers will allow you to create an exception and whitelist a specific site if you think the ad blocker is causing a problem.  For example, I sometimes have trouble posting in the Dell Community when my Adblock Plus for Firefox extension is installed and I'm relatively certain that there's no harmful malware on that site, so I've whitelisted this site.  To do this, I browsed to the Dell Community at https://www.dell.com/community/Dell-Community/ct-p/English, clicked the Adblock Plus icon in the toolbar to the right of the address bar, and then turned off ad blocking for the dell.com site by moving the slider to the left as shown below.  If I ever change my mind and want to turn on ad blocking on that site I just have to browse back to the Dell Community and turn ad blocking back on by moving the slider to the right.

219235152_AdblockPlusv3_11_0TurnOffBlockingforDell_com14Jun2021.png.32e63aba44a4f9974687d000355b17ac.png

 

To see all the sites I've whitelisted I can open the Adblock Plus settings by clicking the gear icon (highlighted in green in the image above) and choosing Whitelisted Websites.

666964263_AdblockPlusv3_11_0SettingsWhitelistedWebsitesDell_com14Jun2021.png.3bf5d4bb43b734ffeda6efc031826a79.png

----------
32-bit Vista Home Premium SP2 * Malwarebytes v3.5.1.2522-1.0.365 * Firefox ESR v52.9.0 * Adblock Plus v3.11.0
HP Pavilion dv6835ca, Intel Core2Duo T5550 @ 1.83 GHz, 3 GB RAM, NVIDIA GeForce 8400M GS

----------
64-bit Win 10 Pro v20H2 build 19042.985 * Microsoft Defender v4.18.2105.5 * Malwarebytes v4.4.0.117-1.0.1318 * Firefox v89.0.0 * Adblock Plus v3.11.0
Dell Inspiron 15 5584, Intel i5-8265U CPU, 8 GB RAM, Toshiba KBG40ZNS256G 256 GB NVMe SSD, Intel UHD Graphics 620

Edited by lmacri
Link to post
Share on other sites

  • Root Admin

Not a fan of ABP myself, but better than nothing. Obviously the better choice is to be on the latest version of Windows and the latest version of Firefox but since this system cannot you're stuck with Legacy software that is not optimal 

uBlock Origin for Legacy Firefox
https://github.com/gorhill/uBlock-for-firefox-legacy/releases/tag/firefox-legacy-1.16.4.29

 

I do hope you're able to get a new system soon @DoctorZaius

 

Link to post
Share on other sites

2 hours ago, AdvancedSetup said:

Hi AdvancedSetup:

I didn't realize there was a legacy version of uBlock Origin that still works with Firefox ESR v52.9.0, so thanks for the link. Users should just be aware that they might have to disable xpinstall.signatures.required in the advanced about:config settings of Firefox ESR v52.9.0 in order to use this "old-style" .XPI installer (currently uBlock0_1.16.4.29.firefox-legacy.xpi) - see the instructions posted on gorhill's github site at https://github.com/gorhill/uBlock/blob/master/dist/README.md#firefox-legacy.

This advanced configuration change isn't required in the legacy Firefox ESR v52.9.0 if you install the current Adblock Plus for Firefox v3.11.0.

Quote

...Not a fan of ABP myself, but better than nothing....

I currently use uBlock Origin v1.35.2 as the ad blocker in my MS Edge v91 browser on my Win 10 machine, and in practice I find very little difference between uBlock Origin and Adblock Plus. If a website doesn't work properly with my default Firefox browser and Adblock Plus then I generally find that the same problem occurs with MS Edge and uBlock Origin. That might be because both extensions use Fanboy's EasyList and EasyPrivacy filter lists for ad blocking if you use the default settings.

See my test results in bjm_'s April 2021 thread Evaluate Your Content Blocker with Ad Block Tester in the Norton Tech Outpost.  I used d3wards' Ad Blocker Test site to test ad blocking for Firefox v88 with and without Adblock Plus, Malwarebytes Browser Guard and Norton Web Safe and then compared those results with MS Edge v90 with and without uBlock Origin and Malwarebytes Browser Guard.  This wasn't a comprehensive test since d3ward's Ad Blocker Test only tests "the most popular advertising, analytics and social advertising services" (anyone using Adblock Plus or uBlock Origin will score 100%) but it does give you a general sense of how much safer your browser is when you use a reputable ad blocker.

As you said, any ad blocker is better than nothing.

----------
32-bit Vista Home Premium SP2 * Malwarebytes v3.5.1.2522-1.0.365 * Firefox ESR v52.9.0 * Adblock Plus v3.11.0
HP Pavilion dv6835ca, Intel Core2Duo T5550 @ 1.83 GHz, 3 GB RAM, NVIDIA GeForce 8400M GS

----------
64-bit Win 10 Pro v20H2 build 19042.985 * Microsoft Defender v4.18.2105.5 * Malwarebytes v4.4.0.117-1.0.1318 * Firefox v89.0.0 * Adblock Plus v3.11.0
Dell Inspiron 15 5584, Intel i5-8265U CPU, 8 GB RAM, Toshiba KBG40ZNS256G 256 GB NVMe SSD, Intel UHD Graphics 620

Edited by lmacri
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.