Closed Bug 509265 Opened 15 years ago Closed 12 years ago

Attempts repeated downloads of an infected file, and triggers nonstop virus warnings

Categories

(Firefox :: Security, defect)

Product:
Firefox
Component:
Security
Platform:
x86
Windows Vista
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED INCOMPLETE

People

(Reporter: jeslar360, Unassigned)

References

(
URL
)

Details

(Whiteboard: [testday-20120615]) 

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1.2) Gecko/20090729 Firefox/3.5.2
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1.2) Gecko/20090729 Firefox/3.5.2

I believe this is a brute force attack site, under the guise of someone trying to peddle security software.  (In part due to bad grammar)

It pops up a warning that the computer is vulnerable to attack, and that I should click OK to scan it.

I close it (X out of the dialog)

It then starts triggering many virus warnings, and opens many download windows for "Install.exe"

It pretends to be a Windows Defender implementation, and shows a view of My Computer, with the correct HardDrive partitions, and states in red under each of them a number with the words "Infected" or "Infected Files" under them.

When the page is closed, all virus warnings stop as well as download attempts.

this seriously bogs down the browser, and more.

Reproducible: Always

Steps to Reproduce:
1.Go to this page: http://windows.sranoscan.info/25/030wLGBzLGBzL==
2.When it pops up the dialog, [X] out of it.
3.Wait for the attempted downloads to start, along with the virus warnings in the Cache folder, under the "AppData" directory, or equivalent for the version of windows being used. 
Actual Results:  
The site kept on trying to download the executable Install.Exe, and these warnings kept coming up:

Virus or unwanted program 'TR/Dropper.Gen [trojan]'
detected in file 'C:\Users\Jestin Larson\AppData\Local\Mozilla\Firefox\Profiles\2xtk84zf.default\Cache\ECB1272Cd01.
Action performed: Deny access

Expected Results:  
I would have assumed there would have been a protection, to prevent whatever method they use for this scare tactic to work.

I use Avira AntiVir (Latest Update)
Priority: -- → P1
I have had the same problem, and as a result, have uninstalled Mozilla Firefox.  I tried a fresh download, but the same thing happens, multiple windows flashing red warnings about corrupt/infected files. I have to quickly "X" out of it.  My McAfee does not seem to notice there may be a problem, nor does Spybot, or Registry First Aid.  I cannot use Firefox (although I like it very much) until this is resolved.
I am using Windows XP sp2, attempting to use Firefox 3.5
Note: Priority should only be set by developers please. resetting to --
See https://bugzilla.mozilla.org/page.cgi?id=fields.html#priority
Priority: P1 → --
The URL http://windows.sranoscan.info/25/030wLGBzLGBzL== is no longer valid.
Status: UNCONFIRMED → RESOLVED
Closed: 12 years ago
Resolution: --- → INCOMPLETE
Whiteboard: [testday-20120615]
You need to log in before you can comment on or make changes to this bug.