Closed
Bug 1292268
Opened 8 years ago
Closed 8 years ago
Crash in chtbrkg.dll@0x30ba1, potentially malware related
Categories
(External Software Affecting Firefox :: Other, defect)
Tracking
(firefox48blocking affected)
RESOLVED
DUPLICATE
of bug 1290403
People
(Reporter: u279076, Unassigned)
Details
(Keywords: crash)
Crash Data
Attachments
(1 obsolete file)
This bug was filed from the Socorro interface and is report bp-78659808-3544-43b5-87fb-2a6052160804. ============================================================= 0 kernelbase.dll RaiseException Ø 1 chtbrkg.dll chtbrkg.dll@0x30ba1 Ø 2 chtbrkg.dll chtbrkg.dll@0x2ce0f Ø 3 chtbrkg.dll chtbrkg.dll@0x29850 Ø 4 chtbrkg.dll chtbrkg.dll@0x11b5d Ø 5 chtbrkg.dll chtbrkg.dll@0x175c2 Ø 6 chtbrkg.dll chtbrkg.dll@0x1c190 Ø 7 chtbrkg.dll chtbrkg.dll@0x181c8 Ø 8 chtbrkg.dll chtbrkg.dll@0x192b3 9 ws2_32.dll WSARecv 10 wsock32.dll recv 11 nss3.dll SocketRead nsprpub/pr/src/io/prsocket.c:617 12 nss3.dll PR_Read nsprpub/pr/src/io/priometh.c:109 13 xul.dll nsSocketInputStream::Read(char*, unsigned int, unsigned int*) netwerk/base/nsSocketTransport2.cpp:396 14 xul.dll mozilla::net::nsHttpConnection::OnWriteSegment(char*, unsigned int, unsigned int*) netwerk/protocol/http/nsHttpConnection.cpp:1678 15 xul.dll mozilla::net::nsHttpTransaction::WritePipeSegment(nsIOutputStream*, void*, char*, unsigned int, unsigned int, unsigned int*) netwerk/protocol/http/nsHttpTransaction.cpp:767 16 xul.dll mozilla::net::nsHttpTransaction::WriteSegments(mozilla::net::nsAHttpSegmentWriter*, unsigned int, unsigned int*) netwerk/protocol/http/nsHttpTransaction.cpp:817 17 xul.dll js::NewObjectWithGivenProto(js::ExclusiveContext*, js::Class const*, JS::Handle<JSObject*>, js::gc::AllocKind, js::NewObjectKind) js/src/jsobjinlines.h:657 18 xul.dll xul.dll@0x24f8b83 19 xul.dll mozilla::net::nsHttpConnection::OnInputStreamReady(nsIAsyncInputStream*) netwerk/protocol/http/nsHttpConnection.cpp:2087 20 xul.dll nsSocketInputStream::OnSocketReady(nsresult) netwerk/base/nsSocketTransport2.cpp:289 21 xul.dll nsSocketTransport::OnSocketReady(PRFileDesc*, short) netwerk/base/nsSocketTransport2.cpp:1953 22 xul.dll nsSocketTransportService::DoPollIteration(bool, mozilla::BaseTimeDuration<mozilla::TimeDurationValueCalculator>*) netwerk/base/nsSocketTransportService2.cpp:1074 23 xul.dll nsSocketTransportService::Run() netwerk/base/nsSocketTransportService2.cpp:853 24 xul.dll nsThread::ProcessNextEvent(bool, bool*) xpcom/threads/nsThread.cpp:994 25 xul.dll NS_ProcessNextEvent(nsIThread*, bool) xpcom/glue/nsThreadUtils.cpp:297 26 xul.dll mozilla::ipc::MessagePumpForNonMainThreads::Run(base::MessagePump::Delegate*) ipc/glue/MessagePump.cpp:355 27 xul.dll MessageLoop::RunHandler() ipc/chromium/src/base/message_loop.cc:227 28 xul.dll MessageLoop::Run() ipc/chromium/src/base/message_loop.cc:201 29 xul.dll nsThread::ThreadFunc(void*) xpcom/threads/nsThread.cpp:396 30 nss3.dll _PR_NativeRunThread nsprpub/pr/src/threads/combined/pruthr.c:397 31 nss3.dll pr_root nsprpub/pr/src/md/windows/w95thred.c:95 32 msvcr120.dll _callthreadstartex f:\dd\vctools\crt\crtw32\startup\threadex.c:376 33 msvcr120.dll msvcr120.dll@0x2c000 34 kernel32.dll BaseThreadInitThunk 35 ntdll.dll __RtlUserThreadStart 36 ntdll.dll _RtlUserThreadStart ============================================================= More reports: https://crash-stats.mozilla.com/signature/?product=Firefox&signature=chtbrkg.dll%400x30ba1 [Tracking Requested - why for this release]: This crash started showing up in Firefox 48 on July 31, 2016 but it looks like this affects versions going back to Firefox 4. I think this is potentially a malicious DLL and we may want to block it.
Flags: needinfo?(sledru)
|
||
Comment 1•8 years ago
|
||
Review commit: https://reviewboard.mozilla.org/r/69530/diff/#index_header See other reviews: https://reviewboard.mozilla.org/r/69530/
|
|
||
Updated•8 years ago
|
Attachment #8778174 -
Flags: review?(benjamin)
|
||
Comment 3•8 years ago
|
||
Bug 1290403 might be the same issue? There is some analysis in that bug and if it is the same issue Jorge says blocking the addon won't help.
|
|
||
Updated•8 years ago
|
|
|
||
Updated•8 years ago
|
|
||
Comment 4•8 years ago
|
||
I see assertions that this is malware, but no evidence. According to crash-stats, this is a Microsoft DLL: "Microsoft Network Filter over [MSAFD Tcpip [TCP/IP]] : 2 : 2 : 1 : 6 : 0x66 : 0x8 : chtbrkg.dll" Is there evidence that this is malware? Also, this is a winsock LSP, so I'm not certain that the DLL blocklist will be able to block it. aklotz, do you remember whether LSPs are blockable?
Flags: needinfo?(aklotz)
|
||
Comment 5•8 years ago
|
||
Currently they are not, as blocking an LSP will cause loss of network connectivity. I filed bug 1238735 to investigate a way to do this, but it is somewhat risky IMO.
Flags: needinfo?(aklotz)
(In reply to Benjamin Smedberg [:bsmedberg] from comment #4) > I see assertions that this is malware, but no evidence. I assumed it was malware because when I searched for it I found multiple articles flagging it as malware and no articles citing it as a valid DLL. I cannot provide unassailable evidence that this is definitely malware.
|
||
Comment 7•8 years ago
|
||
i'm marking this as a duplicate of bug 1290403. there are a number of different other signatures with the chtbrkg.dll lsp as well...
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → DUPLICATE
|
|
||
Updated•8 years ago
|
Attachment #8778174 -
Flags: review?(benjamin)
|
|
||
Updated•8 years ago
|
Attachment #8778174 -
Attachment is obsolete: true
You need to log in
before you can comment on or make changes to this bug.
Description
•