virus/trojan found in mozilla cache

RESOLVED INVALID

Status

()

Firefox
Security
--
critical
RESOLVED INVALID
12 years ago
12 years ago

People

(Reporter: tino, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

12 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.12) Gecko/20050915 Firefox/1.0.7
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.12) Gecko/20050915 Firefox/1.0.7

I recently ran a virus scan using kaspersky anvitvirus 5.0.527  on windows xp pro service pack one, and it found tojans in the mozilla cache despite me clearing mozillas cache when Im done using it. since I cannot include file attachments in this bug report I pasted the kasperksy virus info below.
I dont know what website I went to or what I was doing to download these viruses as I did not know they were there till I installed kaspersky, and obviously reporducing this issues is a bad idia.
kaspersky deleted the infected files and I deleted all the cache folders with no problems to the mozilla program functionality/stability, also FYI I have java dissabled 90% of the time on mozilla but I leave java script enabled as allot of websites wont work with it dissabled.
I am a fan of mozilla but have had many issues with the reliablilty of the software such as the first time I installed mozilla many months back, i reset my computer after i installed mozilla and windows wouldnt boot up, I had to run the windows repair option when booting off of the windows xp cd to restore my windows OS. for all I know these trojans have been on my pc from day one and worries me about how secure mozilla actually is compaired to how secure it claims to be, if possible feel free to e-mail me with any comments about this issue as I would like to see what your have to say about it.

D:\Documents and Settings\xeonic.XOENIC\Application Data\Mozilla\Firefox\Profiles\z2rmxuz1.default\Cache(6)\519332E2d01/z2rmxuz1;is a Trojan Trojan-Downloader.JS.IstBar.u;4/6/2006 2:44:14 PM

D:\Documents and Settings\xeonic.XOENIC\Application Data\Mozilla\Firefox\Profiles\z2rmxuz1.default\Cache(6)\519332E2d01;is a Trojan Trojan-Downloader.JS.IstBar.u;4/6/2006 2:44:20 PM

D:\Documents and Settings\xeonic.XOENIC\Application Data\Mozilla\Firefox\Profiles\z2rmxuz1.default\Cache(6)\CE828995d01;is a potentially dangerous program Exploit.Win32.MS05-013.gen;4/6/2006 2:44:20 PM

D:\Documents and Settings\xeonic.XOENIC\Application Data\Mozilla\Firefox\Profiles\z2rmxuz1.default\Cache(6)\E7A8ACEDd01/z2rmxuz1;is a Trojan Trojan-Downloader.JS.IstBar.u;4/6/2006 2:44:24 PM

D:\Documents and Settings\xeonic.XOENIC\Application Data\Mozilla\Firefox\Profiles\z2rmxuz1.default\Cache(6)\E7A8ACEDd01;is a Trojan Trojan-Downloader.JS.IstBar.u;4/6/2006 2:44:28 PM

D:\Documents and Settings\xeonic.XOENIC\Application Data\Mozilla\Firefox\Profiles\z2rmxuz1.default\Cache(6)\E7C8ACEDd01/z2rmxuz1;is a Trojan Trojan-Downloader.JS.IstBar.u;4/6/2006 2:44:28 PM

D:\Documents and Settings\xeonic.XOENIC\Application Data\Mozilla\Firefox\Profiles\z2rmxuz1.default\Cache(6)\E7C8ACEDd01;is a Trojan Trojan-Downloader.JS.IstBar.u;4/6/2006 2:44:32 PM

D:\Documents and Settings\xeonic.XOENIC\Application Data\Mozilla\Firefox\Profiles\z2rmxuz1.default\Cache(6)\E7D8ACEDd01/z2rmxuz1;is a Trojan Trojan-Downloader.JS.IstBar.u;4/6/2006 2:44:32 PM

D:\Documents and Settings\xeonic.XOENIC\Application Data\Mozilla\Firefox\Profiles\z2rmxuz1.default\Cache(6)\E7D8ACEDd01;is a Trojan Trojan-Downloader.JS.IstBar.u;4/6/2006 2:44:36 PM



Reproducible: Didn't try
Those aren't the actual Trojan programs, those are the IE webpage exploits that attempt to give you Trojans. All that means is that you surfed sites that contained malicious code, and the good and bad bits of the pages are cached. In these cases those are all IE-only exploits.

It's worth looking them up when you see these to make sure someone hasn't invented Firefox malware, but if you had been vulnerable then by time the bad stuff is in your cache it's most likely already been run. If your anti-virus has a real-time scanning feature you can turn it on to get alerted as these are downloaded, and then you'll know which sites to avoid in the future (you may be safe so far, but these places have demonstrated that if they could get a Firefox exploit in the future they would have no qualms about using it).

For technical support see links at http://www.mozilla.org/support/
Group: security
Status: UNCONFIRMED → RESOLVED
Last Resolved: 12 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.