Closed
Bug 1292268
Opened 8 years ago
Closed 8 years ago
Crash in chtbrkg.dll@0x30ba1, potentially malware related
Categories
(External Software Affecting Firefox :: Other, defect)
Tracking
(firefox48blocking affected)
RESOLVED
DUPLICATE
of bug 1290403
People
(Reporter: u279076, Unassigned)
Details
(Keywords: crash)
Crash Data
Attachments
(1 obsolete file)
This bug was filed from the Socorro interface and is report bp-78659808-3544-43b5-87fb-2a6052160804. ============================================================= 0 kernelbase.dll RaiseException Ø 1 chtbrkg.dll chtbrkg.dll@0x30ba1 Ø 2 chtbrkg.dll chtbrkg.dll@0x2ce0f Ø 3 chtbrkg.dll chtbrkg.dll@0x29850 Ø 4 chtbrkg.dll chtbrkg.dll@0x11b5d Ø 5 chtbrkg.dll chtbrkg.dll@0x175c2 Ø 6 chtbrkg.dll chtbrkg.dll@0x1c190 Ø 7 chtbrkg.dll chtbrkg.dll@0x181c8 Ø 8 chtbrkg.dll chtbrkg.dll@0x192b3 9 ws2_32.dll WSARecv 10 wsock32.dll recv 11 nss3.dll SocketRead nsprpub/pr/src/io/prsocket.c:617 12 nss3.dll PR_Read nsprpub/pr/src/io/priometh.c:109 13 xul.dll nsSocketInputStream::Read(char*, unsigned int, unsigned int*) netwerk/base/nsSocketTransport2.cpp:396 14 xul.dll mozilla::net::nsHttpConnection::OnWriteSegment(char*, unsigned int, unsigned int*) netwerk/protocol/http/nsHttpConnection.cpp:1678 15 xul.dll mozilla::net::nsHttpTransaction::WritePipeSegment(nsIOutputStream*, void*, char*, unsigned int, unsigned int, unsigned int*) netwerk/protocol/http/nsHttpTransaction.cpp:767 16 xul.dll mozilla::net::nsHttpTransaction::WriteSegments(mozilla::net::nsAHttpSegmentWriter*, unsigned int, unsigned int*) netwerk/protocol/http/nsHttpTransaction.cpp:817 17 xul.dll js::NewObjectWithGivenProto(js::ExclusiveContext*, js::Class const*, JS::Handle<JSObject*>, js::gc::AllocKind, js::NewObjectKind) js/src/jsobjinlines.h:657 18 xul.dll xul.dll@0x24f8b83 19 xul.dll mozilla::net::nsHttpConnection::OnInputStreamReady(nsIAsyncInputStream*) netwerk/protocol/http/nsHttpConnection.cpp:2087 20 xul.dll nsSocketInputStream::OnSocketReady(nsresult) netwerk/base/nsSocketTransport2.cpp:289 21 xul.dll nsSocketTransport::OnSocketReady(PRFileDesc*, short) netwerk/base/nsSocketTransport2.cpp:1953 22 xul.dll nsSocketTransportService::DoPollIteration(bool, mozilla::BaseTimeDuration<mozilla::TimeDurationValueCalculator>*) netwerk/base/nsSocketTransportService2.cpp:1074 23 xul.dll nsSocketTransportService::Run() netwerk/base/nsSocketTransportService2.cpp:853 24 xul.dll nsThread::ProcessNextEvent(bool, bool*) xpcom/threads/nsThread.cpp:994 25 xul.dll NS_ProcessNextEvent(nsIThread*, bool) xpcom/glue/nsThreadUtils.cpp:297 26 xul.dll mozilla::ipc::MessagePumpForNonMainThreads::Run(base::MessagePump::Delegate*) ipc/glue/MessagePump.cpp:355 27 xul.dll MessageLoop::RunHandler() ipc/chromium/src/base/message_loop.cc:227 28 xul.dll MessageLoop::Run() ipc/chromium/src/base/message_loop.cc:201 29 xul.dll nsThread::ThreadFunc(void*) xpcom/threads/nsThread.cpp:396 30 nss3.dll _PR_NativeRunThread nsprpub/pr/src/threads/combined/pruthr.c:397 31 nss3.dll pr_root nsprpub/pr/src/md/windows/w95thred.c:95 32 msvcr120.dll _callthreadstartex f:\dd\vctools\crt\crtw32\startup\threadex.c:376 33 msvcr120.dll msvcr120.dll@0x2c000 34 kernel32.dll BaseThreadInitThunk 35 ntdll.dll __RtlUserThreadStart 36 ntdll.dll _RtlUserThreadStart ============================================================= More reports: https://crash-stats.mozilla.com/signature/?product=Firefox&signature=chtbrkg.dll%400x30ba1 [Tracking Requested - why for this release]: This crash started showing up in Firefox 48 on July 31, 2016 but it looks like this affects versions going back to Firefox 4. I think this is potentially a malicious DLL and we may want to block it.
Flags: needinfo?(sledru)
Comment 1•8 years ago
|
||
Review commit: https://reviewboard.mozilla.org/r/69530/diff/#index_header See other reviews: https://reviewboard.mozilla.org/r/69530/
Updated•8 years ago
|
Attachment #8778174 -
Flags: review?(benjamin)
Comment 3•8 years ago
|
||
Bug 1290403 might be the same issue? There is some analysis in that bug and if it is the same issue Jorge says blocking the addon won't help.
Updated•8 years ago
|
Updated•8 years ago
|
Comment 4•8 years ago
|
||
I see assertions that this is malware, but no evidence. According to crash-stats, this is a Microsoft DLL: "Microsoft Network Filter over [MSAFD Tcpip [TCP/IP]] : 2 : 2 : 1 : 6 : 0x66 : 0x8 : chtbrkg.dll" Is there evidence that this is malware? Also, this is a winsock LSP, so I'm not certain that the DLL blocklist will be able to block it. aklotz, do you remember whether LSPs are blockable?
Flags: needinfo?(aklotz)
Comment 5•8 years ago
|
||
Currently they are not, as blocking an LSP will cause loss of network connectivity. I filed bug 1238735 to investigate a way to do this, but it is somewhat risky IMO.
Flags: needinfo?(aklotz)
(In reply to Benjamin Smedberg [:bsmedberg] from comment #4) > I see assertions that this is malware, but no evidence. I assumed it was malware because when I searched for it I found multiple articles flagging it as malware and no articles citing it as a valid DLL. I cannot provide unassailable evidence that this is definitely malware.
Comment 7•8 years ago
|
||
i'm marking this as a duplicate of bug 1290403. there are a number of different other signatures with the chtbrkg.dll lsp as well...
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → DUPLICATE
Updated•8 years ago
|
Attachment #8778174 -
Flags: review?(benjamin)
Updated•8 years ago
|
Attachment #8778174 -
Attachment is obsolete: true
You need to log in
before you can comment on or make changes to this bug.
Description
•