A new adware variant discovered by Malwarebytes silently disables the Safebrowsing filter in Firefox. The adware is called Mintcast and ends up through other software and software bundles on computers. The adware is designed to show advertisements but also disables Firefox's Safebrowsing.
Firefox uses Safebrowsing to warn users for phishing sites and websites with malware. Mintcast disables this so users no longer receive warnings on malicious websites.
The adware creates an user.js file in the user's Firefox profile. This file is automatically loaded when Firefox starts and overwrites any global browser settings. If users manually enable the Safebrowsing filter, it will be disabled again on a restart due to the modified user.js file.
To permanently prevent Mintcast from disabling the Safebrowsing filter after each browser restart users can simply delete user.js or remove the lines the adware has added to it.
The users.js file can be found in the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default.
In the user.js located in that folder the adware has added the following lines, which you can simply remove.
- user_pref(“browser.safebrowsing.downloads.enabled”, false);
- user_pref(“browser.safebrowsing.enabled”, false);
- user_pref(“browser.safebrowsing.malware.enabled”, false);
