Closed Bug 286085 Opened 20 years ago Closed 20 years ago

stealpw.exe trojan installed with firefox ver 1.0.1

Categories

(Firefox :: Installer, defect)

Product:
Firefox
Component:
Installer
Platform:
x86
Windows 98
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
VERIFIED INVALID

People

(Reporter: satyrc, Assigned: bugs)

Details

User-Agent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.7.6) Gecko/20050225 Firefox/1.0.1 Build Identifier: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.7.6) Gecko/20050225 Firefox/1.0.1 Today (14 Mar 2005) used the link on Firefox homepage to install the setup 1.0.1.exe ver (4.59MB download, file version 3,12,0,0.) After the install symantic detected pwsteal trojan. I do not have AOL installed. I use earthlink ISP. But after instructing Symantic to quarantine the trojan, no trace of it is in the quarantine file within the symantic systemworks 2001 Norton antivirus section (looked there to cite where exactly the trojan was detected in Windows folder after the Firefox install.) Reproducible: Didn't try Expected Results: Updated to ver 1.0.1 Firefox browser, and not installed viruses nor trojans in the process. In the reboot after the Firefox Setup 1.0.1.exe Symantic detected the PWsteal trojan. I selected "Q" for quarantine and continued with the reboot process. Using the Firefox homepage (http://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official) then the link (http://www.mozilla.org/products/firefox/central.html) there on to report the bug and getting time outs in the Support (http://www.mozilla.org/support/firefox/) and the FAQ (http://www.mozilla.org/support/firefox/faq) links; I went through Mozilla/ bugzilla to document the pwsteal found in the ver1.0.1 update.
It is very likely you picked it up via email.
Even though Norton could not actually quarantine the trojan, it did detect and indicate it orriginated from tGravity (gameing) folder. That folder has been on hd since july 2002, but only in restarting OS after updating firefox ver did Norton detect the torjan. btw... To just off hand post "likely picked up in email" and close a possible bug report will allow valid problems go unnoticed. "In my opinion" does at least tag your guess as a guess and not a resulting conclusion of research or investigation.
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → FIXED
Resolution: FIXED → INVALID
Status: RESOLVED → VERIFIED
QA Contact: bugzilla → installer
You need to log in before you can comment on or make changes to this bug.