From Newsgroup: alt.comp.software.firefox

SOLVED:
Some ramifications for both win11 and FF.
For windows, the problem is that a series of notifications will
obscure much of the screen making it hard to do things.
For Firefox, the fake virus notifications attribute themselves to
Firefox, and blocking them within Firefox did stop their 35-second
repeating, but not their immediate replacment when one was x'd out.


I've suddenly started getting a long series of these, for no apparent
reason I think they are phishing but I'd like them to stop

The text:
Mozilla Firefox -- Critical Virus Alert
Click her to renew, or sometimes remove.

via
d2Sqocghubcc73aqcc00.blockbridgesolutio0ns.

SOLVED:
Do as follows:
Open Firefox.
Click the stacked menu () at the top right. -- it means the
hamburger
Click Settings, Privacy & Security.
Scroll down to find Permissions or type Permissions in the search
bar (Find in Settings).
Click Settings next to Notifications.
Select the Block new requests asking to allow notifications checkbox
and then Save Changes. This setting stops sites from making any new
requests to send notifications. https://www.mcafee.com/support/s/article/000001899?language=en_US

It was there all right. Setting to blocked stopped the autonmatic 35-
second new one, but didn't stop the instantaneous replacement when I
closed one. Don't want to restart windows again until malbytesware
scan finnishes.

Okay, the full scan finished
1 hour, 34 minutes, Scanned 585,109 files***, Detections 7

(How come, when I ran a full scan with Windows Defender it took
1 hour, 23 minutes, Scanned 2,322,043 files, about 4 times as
many!!!)


Six are from Nirsoft and are good, 5 are labeled malware and one
labeled PUP.

But one is named HackTool Snadboy
It says I downloaded it, would have been a prior computer, in August of
2023. And it contains only SetupRevelationV2.exe. Yet I never got an
alert on this file before when doing a virus scan.
When I pointed the file manager to that file, the the warnings started
up again, but this time from Windows Defender.

The warning boxes from Windows Defender, like the Notifications from
whatever was giving out the fake warnings, take up the right-most 20% of
the screen, and if there are 3, one above the other, it makes it
impossible to vertically scroll a window, or even to X out a window, or
to switch it from Maximized to Normal. With Firefox, even if it is
normal, it's hard to move it to the left because there is no place to
put the curros, unless you remember to hold down Alt and get the title
bar back.

** I have so many files, more than I need, and I'll bet some people
don't have enough of them. I feel guilty.


Continued description of the problem, from before solving it:

Always in the name of Firefox, sometimes in the name of McAfee, which I
haven't got.

Three of them along the right side of the screen obscuring about 20% of
the scrreen including areas that clicking on parts of the systray would display. Every 35 seconds a new box opens, pushing down the top two and
making the one at the bottom disappear. When I X out one, another
immediately opens above it. this continued even after Firefox was
closed.

Some claimed my data had been stolen!! (Good thing I use data that I
stole from someone else.)

Restarted Windows, no effect
Deep Malbytesware scan, 7 Detections but most will be programs from
Nirsoft meant to find system keys, not actual malware.
System Defender Scan. Didn't do before finding and deleting probem file
and its directory. Although I did start to do it and it showed two
problem files, the one I deleted and
file: C:\Users\mmm\AppData\LocalLow\IGDump\X86_00\17539883350.ext
with pointer to https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?name=PUA%3AWin32%2FPresenoker&threatid=242420
which describes symptoms I didn't get. IGDump and everthing within it
appears to be gone now.

I think Windows Defender said a full scan would take 12 h ours, but it's lowered that to 3 hours now.
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.comp.software.firefox

On Thu, 7/31/2025 10:25 PM, micky wrote:

SOLVED:
Some ramifications for both win11 and FF.
For windows, the problem is that a series of notifications will
obscure much of the screen making it hard to do things.
For Firefox, the fake virus notifications attribute themselves to
Firefox, and blocking them within Firefox did stop their 35-second
repeating, but not their immediate replacment when one was x'd out.


I've suddenly started getting a long series of these, for no apparent
reason I think they are phishing but I'd like them to stop

The text:
Mozilla Firefox -- Critical Virus Alert
Click her to renew, or sometimes remove.

via
d2Sqocghubcc73aqcc00.blockbridgesolutio0ns.

SOLVED:
Do as follows:
Open Firefox.
Click the stacked menu () at the top right. -- it means the
hamburger
Click Settings, Privacy & Security.
Scroll down to find Permissions or type Permissions in the search
bar (Find in Settings).
Click Settings next to Notifications.
Select the Block new requests asking to allow notifications checkbox
and then Save Changes. This setting stops sites from making any new
requests to send notifications. https://www.mcafee.com/support/s/article/000001899?language=en_US

It was there all right. Setting to blocked stopped the autonmatic 35-
second new one, but didn't stop the instantaneous replacement when I
closed one. Don't want to restart windows again until malbytesware
scan finnishes.

Okay, the full scan finished
1 hour, 34 minutes, Scanned 585,109 files***, Detections 7

(How come, when I ran a full scan with Windows Defender it took
1 hour, 23 minutes, Scanned 2,322,043 files, about 4 times as
many!!!)

Six are from Nirsoft and are good, 5 are labeled malware and one
labeled PUP.

But one is named HackTool Snadboy
It says I downloaded it, would have been a prior computer, in August of
2023. And it contains only SetupRevelationV2.exe. Yet I never got an
alert on this file before when doing a virus scan.
When I pointed the file manager to that file, the the warnings started
up again, but this time from Windows Defender.

The warning boxes from Windows Defender, like the Notifications from
whatever was giving out the fake warnings, take up the right-most 20% of
the screen, and if there are 3, one above the other, it makes it
impossible to vertically scroll a window, or even to X out a window, or
to switch it from Maximized to Normal. With Firefox, even if it is
normal, it's hard to move it to the left because there is no place to
put the curros, unless you remember to hold down Alt and get the title
bar back.

** I have so many files, more than I need, and I'll bet some people
don't have enough of them. I feel guilty.

Continued description of the problem, from before solving it:

Always in the name of Firefox, sometimes in the name of McAfee, which I haven't got.

Three of them along the right side of the screen obscuring about 20% of
the scrreen including areas that clicking on parts of the systray would display. Every 35 seconds a new box opens, pushing down the top two and making the one at the bottom disappear. When I X out one, another immediately opens above it. this continued even after Firefox was
closed.

Some claimed my data had been stolen!! (Good thing I use data that I
stole from someone else.)

Restarted Windows, no effect
Deep Malbytesware scan, 7 Detections but most will be programs from
Nirsoft meant to find system keys, not actual malware.
System Defender Scan. Didn't do before finding and deleting probem file
and its directory. Although I did start to do it and it showed two
problem files, the one I deleted and
file: C:\Users\mmm\AppData\LocalLow\IGDump\X86_00\17539883350.ext
with pointer to https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?name=PUA%3AWin32%2FPresenoker&threatid=242420
which describes symptoms I didn't get. IGDump and everthing within it appears to be gone now.

I think Windows Defender said a full scan would take 12 h ours, but it's lowered that to 3 hours now.

The IGDump appears to be something related to Malwarebytes, as the individual here mentions a file in there being signed by Malwarebytes.

https://forums.malwarebytes.com/topic/271487-igdump-folder-in-appdatalocallow-can-it-or-its-contents-be-deleted/

Seeing as it is in locallow, maybe that's where it handles quarantining ? IDK. Apparently, the quantity of files there is not supposed to grow, but if another AV is present on the machine, there can be "interactions".

*******

You can do a Windows Defender scan, and it will "unpack ZIP files" to scan them.
In theory, using the LibArchive that was added to the OS some time ago, there are other formats it should be able to open and scan, such as 7Z and RAR. It will be more today than just ZIP and CAB built-in unpacker support. And an AV has more unpackers than that in the AV (and not offered as unpackers to the OS as such). The end result of this, is the "file count", it counts all
the subtending ones. If you scanned a Firefox installer, it might say it "scanned 10,000 files" because of all the language localization files in there. Don't take either the file count, or any time remaining calculations that seriously, as they haven't a clue how long it would take.

Another way to do the Windows scan, is as MSSS offline scanning. At one
time, you could create a CD and scan the machine offline by booting that. Currently, the *running but infected OS* creates an MSSS image and upon rebooting the computer, it reboots off the crafted image (stored on your
hard drive). And I don't consider that preparation method to have good hygiene. How hard would it be for someone to tip over the MSSS generator ???

But in any case, it's really a miracle if Windows Defender finds something.
The black Hats, they can run all these scans on their end, so they know
they're not getting detected.

In the Settings wheel, there are some controls for Notifications, so you
might be able to control some amount of nuisance Notifications that way,
but then there will always be "critical" things like your AV which can
pop up a stream of notifications. And yes, the Nirsoft gets a lot
of hate from Microsoft, don't know why. The ProduKey is termed a "hacktool"
and I have to use a 7Z encrypted container with password, to keep WD from attacking that file.

One web site I visit, it puts a banner up near the top with a
"Hows about you approve us pushing Notifications at you?" to
which I reply "Are you kidding me ? On what planet would anyone
be stupid enough to do this ?". But I suppose it won't stop
them from trying. This is why I use the "less sophisticated"
browser to visit there, as that prompt does not come up there.

Less sophisticated browsers don't work all that well, but a lot
of the crapulence is suppressed, so it's not all bad as an experience.

Paul

--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.comp.software.firefox

In alt.comp.software.firefox, on Fri, 1 Aug 2025 05:42:20 -0400, Paul <nospam@needed.invalid> wrote:

You can do a Windows Defender scan, and it will "unpack ZIP files" to scan them.
In theory, using the LibArchive that was added to the OS some time ago, there >are other formats it should be able to open and scan, such as 7Z and RAR. It >will be more today than just ZIP and CAB built-in unpacker support. And an AV >has more unpackers than that in the AV (and not offered as unpackers to the OS >as such). The end result of this, is the "file count", it counts all
the subtending ones. If you scanned a Firefox installer, it might say it >"scanned 10,000 files" because of all the language localization files in there.
Don't take either the file count, or any time remaining calculations that >seriously, as they haven't a clue how long it would take.

4 times as many is still pretty amazing. I don't have that many zip or
cab or self-extracting files, I think.

The full Malwarebytes scan finished. Scanned 585,109 files

Windows Defender scanned 2,322,043 files,
about 4 times as many!!!)

Eveything says, a few days later, that I have 532,524 files.

Including 74 .cab files,
164 .zip files
153 .msi files
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.comp.software.firefox

On Tue, 8/5/2025 10:13 AM, micky wrote:

In alt.comp.software.firefox, on Fri, 1 Aug 2025 05:42:20 -0400, Paul <nospam@needed.invalid> wrote:

You can do a Windows Defender scan, and it will "unpack ZIP files" to scan them.
In theory, using the LibArchive that was added to the OS some time ago, there
are other formats it should be able to open and scan, such as 7Z and RAR. It >> will be more today than just ZIP and CAB built-in unpacker support. And an AV
has more unpackers than that in the AV (and not offered as unpackers to the OS
as such). The end result of this, is the "file count", it counts all
the subtending ones. If you scanned a Firefox installer, it might say it
"scanned 10,000 files" because of all the language localization files in there.
Don't take either the file count, or any time remaining calculations that
seriously, as they haven't a clue how long it would take.

4 times as many is still pretty amazing. I don't have that many zip or
cab or self-extracting files, I think.

The full Malwarebytes scan finished. Scanned 585,109 files

Windows Defender scanned 2,322,043 files,
about 4 times as many!!!)

Eveything says, a few days later, that I have 532,524 files.

Including 74 .cab files,
164 .zip files
153 .msi files

Anything that has "component parts", can be taken apart and counted.
"You have to use your imagination" (that's a comment in the source code).

I don't even know if there is any tool at all, which can take apart
your files and reach an "identical" count to what an AV counts out.
It's not like that number can be verified in any way.

Paul
--- Synchronet 3.21a-Linux NewsLink 1.2