Google search asking for captchas

If you are a scientific person, you should restore those files and see if the problem reappears.
Otherwise we are talking about magic and voodooism. :slight_smile:
Because, again, the antivirus hasn’t detected any virus in those two files.

1 Like

Your title change was not the problem.

I still block ads.

People are latching onto the Mozilla thing which was weeks ago. Had nothing to do with this problem.

This was a virus. Every computer on my network, all 7+ of them, popped up that screen. Didn’t matter if it was Windows 10 with Opera, Epiphany under Ubuntu 20, or Falkon.

This was a virus. I realize nobody in the Fedora community wants to believe that, but nuking those files and rebooting the one and only Fedora 33 machine on the network eliminated the problem for all my computers. It has now been well over 2 days and not one has popped up with the Google “suspicious activity” screen. My Internet connection even seems a bit faster. Even the default Microsoft Edge browser was throwing up that screen when attempting a Google search.

This had nothing to do with an adblocker under Mozilla. Firefox was removed from every machine many weeks ago.

I’m not a noob.

I’ve been in IT over 30 years. I even write an award winning technical book series.

For decades beginning hackers had the mantra “If it has a Guest account I’m God!” Most of the Linux world just smiled and nodded. Confident they didn’t need to wear a mask or wash their hands.

Roughly 30 years and millions of hacked systems later the world finally learned about ShellShock.

ShellShock is no where near the only vulnerability that has been baked into the platform since early days. I’m not naive enough to grasp at that false straw.

As a side note: A very good friend and former co-worker of mine has now buried 2 brothers, 2 sisters, and an aunt from COVID-19. All of them lived in different states/houses.

Wear a mask and wash your hands. We got to 500,000+ dead entirely due to people refusing to do those simple things.

No. I have a line of site Internet provider. I’m not on Google Internet. I have name brand router equipment.

Since nuking those files and rebooting Fedora, every machine on my network can once again do a Google search. No Captcha screens. Previously it did not matter what OS or what browser, the captcha came up every time.

This just shows again that you not read properly what ppl write you.

I’m alone home behind the computer not wearing a mask and not washing my hands all 5 minutes. When i leave my home of course I use a mask and I also wash/clean my hands whenever i enter in a shop !

Well, that is your opinion.

Deleting those two files which were flagged by the virus scanner freed up being able to search for every other machine on the network regardless of OS it was running or browser it was using.

After I change Firefox’s Enhanced Tracking Protection setting, one of the most popular website in the world (not started with a ‘G’, started complaining about suspicious activities detected in my network.

Should I hurry up to install ClamAV and scan all my files?

1 Like


It just shows you shouldn’t joke about wearing masks and washing hands because a lot of people have attended a lot of virtual funerals and making such jokes is viciously insensitive. I buried my own father in October amid this pandemic after being locked out of the nursing home over the last few months of his life.

People standing in line to flag my posts pointing out a virus on my Fedora 33 machine as inappropriate


But they allow totally insensitive comments like yours to fly through as proper social behavior.

Blocked captcha had nothing to do with this. It was a virus.

If the community wants to do this:

That’s fine. I have one more rounds of RPM builds to make certain work and then I will put a different distro on that box.

I’m sorry when I offended you and I’m really sorry for your loss. Also sorry for everyone who lost Family members or good friends.

I will delete my replies, even if it was just a comparison and not a joke.

I asked the user to remove the part of covid19 and the replies of me. It look likes he not had time or he was to busy to insist on his meaning. So I added the part again who shows that I do make a comparison and not are joking about covid-19 and the simple advice’s of protecting with mask and washing hands.

1 Like

Again, sorry. The virus scanner didn’t flagged them as viruses. It has flagged them as encrypted archives and it is unable to scan their content.

However I propose to stop this thread.


Anyone can use Google DNS on his computer ( and, I see it alarmingly common among smaller ISPs (either on their internal devices or client routers) and troubleshooting suggestions.

Most of us here find that correlation unwarrnated (something else must have caused change of Google behaviour), yet there’s multitude of suggestions how you can verify it. We, as much as you, want to be sure, only you can check your computer.

I already wrote in post#14 my suggestions. Here are virustotal results for files from linux git (same as on my computer, straight from Fedora):

ClamAV’s heuristic check marks this file as suspicious due to an archive encryption. Probably harmless.

Search your logs for those checksums and you’ll know whether you had the same files as the rest of us:

$ sha256sum /usr/lib/firmware/vxge/*
9018db660d4df4be1a2dd89f0de41eeb0e0891aeca0a5cfaf3f2a86c8f7d139d  /usr/lib/firmware/vxge/X3fw.ncf
31d335b83af4a51b415a86c8a77515543fab085e3bdd4343882ac9f41cdf5694  /usr/lib/firmware/vxge/X3fw-pxe.ncf

Even if your files turns out different, if you don’t have hardware I mentioned in previous post, those files are never loaded on your computer and have no impact. That would mean that something else swapped them and was messing with your computer and theoretically could store some encrypted data in files known to be encrypted and existing on linux PCs. Source of such virus would most probably be something outside of Fedora repositories. We have no idea what was installed or executed on your computer. Oh, and deleting non-executable files wouldn’t remove potential malware from your computer, it would still be there.

If same thing was happening on many devices in your network, any of devices could have be the culprit, since all of them share external IP.


If same thing was happening on many devices in your network, any of devices could have be the culprit, since all of them share external IP.

That statement ignores the fact every other machine on the network scanned clean. The only machine to report any issues was the one and only Fedora 33 machine.

Every other machine is fine now.

I just came here to give you a heads up. I do not believe the virus came from the repos.

If this community wants to deny deny deny, that’s fine. I’ve downloaded an non-RedHat based distro that uses RPMs to use for RPM package creation to verify the scripts.

Given the community response here I certainly won’t ever trust any RedHat based distro nor will I recommend one to a client as part of my professional life.

Agreed. We should stop.

Sorry. I’m going to close this topic since it is not going anywhere.