Closed Bug 286085 Opened 20 years ago Closed 20 years ago

stealpw.exe trojan installed with firefox ver 1.0.1

Categories

(Firefox :: Installer, defect)

Product:
Firefox
Component:
Installer
Platform:
x86
Windows 98
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
VERIFIED INVALID

People

(Reporter: satyrc, Assigned: bugs)

Details

User-Agent:       Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.7.6) Gecko/20050225 Firefox/1.0.1
Build Identifier: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.7.6) Gecko/20050225 Firefox/1.0.1

Today (14 Mar 2005) used the link on Firefox homepage to install the setup
1.0.1.exe ver (4.59MB download, file version 3,12,0,0.) After the install
symantic detected pwsteal trojan. I do not have AOL installed. I use earthlink
ISP. But after instructing Symantic to quarantine the trojan, no trace of it is
in the quarantine file within the symantic systemworks 2001 Norton antivirus
section (looked there to cite where exactly the trojan was detected in Windows
folder after the Firefox install.)

Reproducible: Didn't try



Expected Results:  
Updated to ver 1.0.1 Firefox browser, and not installed viruses nor trojans in
the process.

In the reboot after the Firefox Setup 1.0.1.exe Symantic detected the PWsteal
trojan. I selected "Q" for quarantine and continued with the reboot process.
Using the Firefox homepage
(http://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official)
then the link (http://www.mozilla.org/products/firefox/central.html) there on to
report the bug and getting time outs in the Support
(http://www.mozilla.org/support/firefox/) and the FAQ
(http://www.mozilla.org/support/firefox/faq) links; I went through Mozilla/
bugzilla to document the pwsteal found in the ver1.0.1 update.
It is very likely you picked it up via email.


Even though Norton could not actually quarantine the trojan, it did detect and
indicate it orriginated from tGravity (gameing) folder. That folder has been on
hd since july 2002, but only in restarting OS after updating firefox ver did
Norton detect the torjan.
btw...  To just off hand post "likely picked up in email" and close a possible
bug report will allow valid problems go unnoticed. "In my opinion" does at least
tag your guess as a guess and not a resulting conclusion of research or
investigation.
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → FIXED
Resolution: FIXED → INVALID
Status: RESOLVED → VERIFIED
QA Contact: bugzilla → installer
You need to log in before you can comment on or make changes to this bug.