So attach the demanded cleansing logs and wait for a qualified remover with a cleansing script to get if off of your machine.
Follow his intructions to the dot.
Seems like someone else has also had the exact same problem. He has traced the IP to the Mozilla Tiles service. This service is used to serve up sponsored advertisments as well as most used web sites in a tile formation.
From what i can see the IP address may have been reassigned to Mozilla unknown to them it seems they picked up a bad IP address which had been used in drive by download PuPs recently.
He has traced the IP to the Mozilla Tiles service. This service is used to serve up sponsored advertisments as well as most used web sites in a tile formation.
Good you so quickly could agree on from where that sponsored ad-launch came.
Feeding ads becomes more and more of a problem, good it was not a malicious action by design.
A decent adblocker is something one cannot do without these days.
Unfortunately it’s hard coded into the browser’s design. Even the classic mode is showing signs of having the sponsored ads. No browser based ad block can currently block this type of attack.
At least you know or are aware at least what is going on. This seems to demonstrate again that marketing is ruling software everywhere and the routes to cheap money are even part of the browser design. I use sleipnir but I wonder if it is not the same tracking and ad-launching machine as Google Chrome is. Can you comment here, because I think you have relevant knowledge there for us ;),
Mozilla as a company is focused on making open source free software, They have had a long running 10 year deal with Google, Unfortunately the deal is coming to the end and as such Mozilla is looking at finding additional revenue streams to fund development of there software, Some of the funding comes from Donations from the community, Some comes from refferal links inside Google’s default search option (this will soon be Yahoo however) and some from the Enhanced Tiles service.
Firefox introduced tiles in the classic form. Originally the tiles served as a Quick Dial purpose (you could see a site you previously visited and click on it.) The service would load in images of previous sites as well. In November 2014 Mozilla introduced “Enhanced Tiles”, These new tiles allow Mozilla to make additional revenue on blank/newly installed firefox installations by showing sponsored content. Normally ads showing from companies for booking websites and password generators would show up but now it seems the ad system is being opened up to other sponsors. Althought Mozilla is keen to make everyone aware that the ads in question are being closely filtered. Mozilla’s current platform is using Amazon Web Services to host the ad platform. It seems that the IP address in question was rolled out without the developer’s knowledge of it’s bad past (just had a chat with the tiles team at Mozilla).
Soon Mozilla is rolling out Yahoo as the default search for new users. (Just wanted to make you all aware of this.) as there long term support relationship with Google is coming to an end. You can select your default search engine as Google and if your already using Google as your default search engine you won’t have to change the search provider.
If you use a firewall/Router
You can block the tiles in-bound requests from a firewall by using the following ruleset.
If you want to modify your firefox installation you can use the following steps
Go to about:config
(agree to the disclosure if you dare.)
locate and edit the browser.newpage.directory.source to the following empty string
browser.newtabpage.directory.source=
Visit about:cache, locate the location of the cache and go one step up. Locate and find directoryLinks.json
delete directoryLinks.json
Thank you for filling us in with this information. ;D
I know all interested forum users will highly appreciate to hear your informed views.
Glad to have you here.
Hi guys,
the URL 54.69.95.67 had been used for malicious purposes until ~7 days ago (domains such as 00dvla.t2gdssvyy.com, 00hot7kwwgk.xtdq3k9.com, 00lcpudbamm.uvxdiu5i.com pointed here). 7 days ago, virtually all the traffic stopped, and then traffic rose yesterday 16:00 CET. This is commonly caused by somebody buying the IP.
I just now unblocked the IP, so there should be no more popups for you:-)!
To be hoped buyer is a sinkholer so the malicious activity will be mitigated.
It is a pity it is only a certain class of domains that qualify for sinkholing,
else you have no other option then to block.
If everything is looking good on the scan results then I can move onto uninstalling Farbar.
