Helperprotectionext.biz
The Helperprotectionext.biz domain is blacklisted by Web filtering services and cybersecurity vendors due to the use of questionable scripts and promotion of fake security updates for Mozilla Firefox. The visitors at Helperprotectionext.biz, no matter what browser they are using, are shown pop-up windows and dialog boxes, which encourage them to install an add-on for Mozilla Firefox titled 'FF Antivirus.' There is no verified 'FF Antivirus' add-on released by the Mozilla Foundation, and you should not follow the instructions shown at Helperprotectionext.biz. Also, the fake security application might appear in the Add-ons Manager as 'FF Helper Protection.' The Helperprotectionext.biz domain may include logos from hxxps://www.mozilla[.]org/en-US/firefox that is the legitimate portal for Mozilla Firefox, but you should not trust Helperprotectionext.biz. We have recorded the following pop-ups on Helperprotectionext.biz:
- Dialog box 1 is titled 'Authentication Required' and reads:
'[URL] is requesting your username and password. The site says "ClICK ON CANCEL TO CONTINUE!"
User Name [TEXT BOX]
Password [TEXT BOX]
[OK|BUTTON] [Cancel|BUTTON]' - Dialog box 2 is titled 'Add FF Helper Protection?' and reads:
'It requires your permission to:
Access your data for all websites.
Access browser tabs.'
The main page of Helperprotectionext.biz offers the following text:
'Firefox requires a manual update
This update is required to ensure that you are protected on the Internet.
Install now
* This update is required
Protect yourself immediately on the internetInternet pages are automatically examined and possibly blockedIncreased protection against malware and viruses
Normally, Firefox blocks the installation of new plugins. Proceed as follows:
1. Click on "Allow"
2. Click on "Add"
* This message will no longer appear after this installation.
Error! Manual update required!
Firefox requires a manual update for: Antivirus for Firefox
Confirm
To continue, you must perform a manual update.
Update your browser components to be protected.'
PC users who attempt to leave Helperprotectionext.biz might trigger a script that loads a page in full-screen mode and forces the user to add 'FF Helper Protection' to Firefox. The analysis of 'FF Antivirus' and 'FF Helper Protection' revealed that the promoted program is an adware, which injects commercials on every page you load even if you are using an ad blocker. Cybersecurity experts warn that Helperprotectionext.biz is not used by the Mozilla Foundation and the site is operated by con artists. Helperprotectionext.biz is registered to the 5.149.250.80 IP address, and it has more than a dozen clones. The creators of the 'FF Antivirus'/'FF Helper Protection' adware appear to use the string — hxxp://[any of the domains listed below]/ff/?_subid=ucm11t46goa0d8ijki&_token=uuid_ucm1 to reroute users to their program. You should ignore the Helperprotectionext.biz alerts and use a trusted anti-malware shield on your system. The clones of Helperprotectionext.biz include:
adblockerext.com, adblockext.com, adblockprotectionext.biz, adblocktoolext.com, antivircheckerext.biz, antivirext.biz, antivirguardext.biz, antivirprotectionext.biz, antivirsurfingext.biz, antiviruscheckext.com, antivirushelperext.com, antivirussavext.com, antivirustoolext.com, checkertoolext.com, checkeruploadext.biz, checkeruploadextt.biz, checkupdaterext.com, checkvirusext.com, defenderff.com, defenderguardext.com, defenderinfoext.com, defendersurfinext.biz, defendersurfingext.biz, defenderwebext.biz, defenderwebextt.biz, extantivir.biz, ffantivir.com, ffdefend.com, getupdateff.com, guardedinfoext.biz, guardedinfoextt.biz, guardedsurfingext.com, guardext.com, guardhelperext.com, guardsecurext.com, guardsurfingext.biz, guardtoolext.com, helpercheckerext.biz, helpercheckerextt.biz, helperinfoext.biz, helperinfoextt.biz, helperinfoextt.biz, helperprotectionext.biz, helpertoolext.com, infoguardedext.com, infohelperext.com, infoprotectionext.biz, infosaferext.com, protectcheckerext.biz, protectcheckerextt.biz, protecterext.com, protecttoolext.com, protectwebext.biz, reliableantivirext.biz, reliableantivirextt.biz, reliableprotectionext.biz, safecheckerext.biz, safedefendext.biz, safehelperext.biz, safersearchext.biz, safersearchextt.biz, safersearchextt.biz, safetysearchext.biz, safetysearchextt.biz, safeupdateext.biz, surfingdefenderext.biz, safewebtoolext.biz, safewebtoolext.biz, saveprotecterext.com, saveupdaterext.com, securetoolext.com, securityext.com, sentinelguardext.biz, surfinghelperext.biz, surfingprotectionext.biz, tooladblockerext.com, toolantivirusext.biz, toolantivirusextt.biz, toolcheckerext.com, toolcheckerext.com, tooldefendext.biz, tooldefendext.com, tooldefenext.biz, tooldefenext.biz, toolinformerext.biz, toolupdatext.com, trustyprotecterext.biz, trustyprotectionext.biz, trustysurfingext.biz, trustysurfingextt.biz, ublockerext.com, upcheckext.com, updateext.com, updaterext.com, updatetoolext.com, uploadcheckerext.com, uploaddefenderext.com, uploadercheckerext.com, uploaderprotectionext.biz, uploadertoolext.com, uploadertrustyext.biz, uploadsaferext.biz, uploadsaferextt.biz, uploadsaferextt.biz, uptoolext.com, webdefenderext.com, webprotectext.biz, websuretyext.biz
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.