Helperprotectionext.biz
Helperprotectionext.biz is a suspicious website prompting PC users who visit it to install the FF Antivirus, a fake Mozilla Firefox add-on, which later shows up in the browser's extensions list under a different name – FF Helper Protection. This is, by all means, a Potentially Unwanted Firefox add-on for three main reasons.
To begin with, the helperprotectionext.biz website sports a fairly suspicious behavior to its visitors. As soon a PC user loads the URL, an authentication window pops up containing two blank fields – one for a username and another one for a password. Strangely enough, the Web page itself advises against entering any login details to continue. By clicking on the Cancel button, the user should trigger the FF Antivirus installation practically. What happens instead is that Mozilla Firefox blocks the installation by preventing this site from asking PC users to install the software on their machines while still giving them the option to install the extension by clicking on the newly disclosed 'Allow' button.
The FF Antivirus/FF Helper Protection add-on is distributed under the guise of a fake Firefox update reportedly, which requires the user to perform a manual update. The text of the update notification reads:
'Firefox requires a manual update
This update is required to ensure that you are protected on the Internet.
Install now
* This update is required Protect yourself immediately on the internetInternet pages are automatically examined and possibly blockedIncreased protection against malware and viruses Normally, Firefox blocks the installation of new plugins. Proceed as follows:
1. Click on "Allow"
2. Click on "Add"
* This message will no longer appear after this installation.
Error! Manual update required!
Firefox requires a manual update for: Antivirus for Firefox
Confirm
To continue, you must perform a manual update.
Update your browser components to be protected.'
The aforementioned message utilizes a special script, which blocks the browser's 'Close' button that is necessary for the complete installation to take effect. Although the helperprotectionext.biz site returns a '403 Forbidden' error message and its content is therefore inaccessible currently, a quick research on the URL revealed that there were at least a dozen more websites registered on that same IP address, clones presumably. Further investigation uncovered a large number of clones, all of them listed below:
adblockerext.com, adblockext.com, adblockprotectionext.biz, adblocktoolext.com, antivircheckerext.biz, antivirext.biz, antivirguardext.biz, antivirprotectionext.biz, antivirsurfingext.biz, antiviruscheckext.com, antivirushelperext.com, antivirussavext.com, antivirustoolext.com, checkertoolext.com, checkeruploadext.biz, checkeruploadextt.biz, checkeruploadextt.biz, checkupdaterext.com, checkvirusext.com, defenderff.com, defenderguardext.com, defenderinfoext.com, defendersurfinext.biz, defendersurfinext.biz, defendersurfingext.biz, defenderwebext.biz, defenderwebextt.biz, defenderwebextt.biz, extantivir.biz, ffantivir.com, ffdefend.com, getupdateff.com, guardedinfoext.biz, guardedinfoextt.biz, guardedinfoextt.biz, guardedsurfingext.com, guardext.com, guardhelperext.com, guardsecurext.com, guardsurfingext.biz, guardsurfingext.biz, guardtoolext.com, helpercheckerext.biz, helpercheckerextt.biz, helperinfoext.biz, helperinfoextt.biz, helperinfoextt.biz, helperprotectionext.biz, helpertoolext.com, infoguardedext.com, infohelperext.com, infoprotectionext.biz, infosaferext.com, protectcheckerext.biz, protectcheckerextt.biz, protectcheckerextt.biz, protecterext.com, protecttoolext.com, protectwebext.biz, reliableantivirext.biz, reliableantivirextt.biz, reliableprotectionext.biz, safecheckerext.biz, safedefendext.biz, safehelperext.biz, safersearchext.biz, safersearchextt.biz, safersearchextt.biz, safetysearchext.biz, safetysearchextt.biz, safeupdateext.biz, surfingdefenderext.biz, safewebtoolext.biz, safewebtoolext.biz, saveprotecterext.com, saveupdaterext.com, securetoolext.com, securityext.com, sentinelguardext.biz, surfinghelperext.biz, surfingprotectionext.biz, tooladblockerext.com, toolantivirusext.biz, toolantivirusextt.biz, toolantivirusextt.biz, toolcheckerext.com, toolcheckerext.com, tooldefendext.biz, tooldefendext.com, tooldefenext.biz, tooldefenext.biz, toolinformerext.biz, toolupdatext.com, trustyprotecterext.biz, trustyprotectionext.biz, trustysurfingext.biz, trustysurfingextt.biz, trustysurfingextt.biz, ublockerext.com, upcheckext.com, updateext.com, updaterext.com, updatetoolext.com, uploadcheckerext.com, uploaddefenderext.com, uploadercheckerext.com, uploaderprotectionext.biz, uploadertoolext.com, uploadertrustyext.biz, uploadsaferext.biz, uploadsaferextt.biz, uploadsaferextt.biz, uptoolext.com, webdefenderext.com, webprotectext.biz, websuretyext.biz, www.antivircheckerext.biz, www.infosaferext.com, www.surfinghelperext.biz.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.