Closed Bug 334862 Opened 19 years ago Closed 19 years ago

Copy to clipboard doesn't work with this malware installed

Categories

(Firefox :: General, defect)

Product:
Firefox
Component:
General
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
major

Tracking

()

Status:
RESOLVED DUPLICATE of bug 334500

People

(Reporter: cobo_alvaro, Unassigned)

References

(
URL
)

Details

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; es-ES; rv:1.8.0.2) Gecko/20060308 Firefox/1.5.0.2 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; es-ES; rv:1.8.0.2) Gecko/20060308 Firefox/1.5.0.2 After I installed a program with malicious code, the copy to clipboard function (feature) doesn't work anymore. I have followed all the recomendations, uninstalled and reinstalled, and tried everything, and the copy function doesn't work. This is a securuty issue you would be interested because is a kind of virus which afects only to firefox. Reproducible: Always Steps to Reproduce: 1.Execute the programa with the malicious code. 2.try to copy any text or url in Firefox. 3.It copies nothing. The copy function doesn't work anymore. Actual Results: The copy to clipboard function doesn't work anymore I have uninstalled and re-installed cleanly all the software and the nightly release, but the problem keeps. The only thing I haven't done is format the disk and reinstall de OS. I guess this is malicious code wich probably exploit a security hole in Firefox. I'd like to know how should I submit the malicious program to you, so you can study the code and find if there is a security hole. Thanks a lot for this great software.
Is this new.net or a different piece of malware? See http://kb.mozillazine.org/Clipboard_not_working. Under the Windows security model, malware is allowed to tinker with Firefox, so this isn't a security hole in Firefox. It might be a bug in Firefox, though.
Alias: clipboard_work
Group: security
Summary: Copy to clipboard does not work after program instalation → Copy to clipboard doesn't work with this malware installed
I have checked a lot and it is not the new.net malware. I have tried the new.net cleaning utility and it didn't appeared. Also have checked the registry to find if a change have been made, and nothing appeared.
Does it work correctly on trunk? I wonder if the fix for bug 133439 helped. You can grab a recent trunk build (English) from http://ftp.mozilla.org/pub/mozilla.org/firefox/nightly/2006-04-21-04-trunk/.
*** Bug 335186 has been marked as a duplicate of this bug. ***
I have checked the latest trunk and the problem persists. I have chequed the bug # 335186 and is very similar to this with the difference that in my case the mouse scroll and the paste functions works as normal. I have tried the latest nigthly release and the problem persists. I guess the clue is the malicious code I have installed (which is not the new.net code). You can find it at: http://www.guapulolounge.com/bugreport/careful_malicious_code.zip I have tried to reverse engineer this files, but have no luck as long as I am a newbie in this stuff. Regards
I took an XP SP2 machine with Firefox 1.5.0.2, no extensions, no themes, Firefox working fine with respect to copy and pasting. I installed the stuff found in the careful_malicious_code.zip URL (which according to the EULA comes from "advertismen.com" and states the software is designed to make popup ads happen, and copy and paste is now broken. I can not find any firefox files that were modified, either in the test profile, or in the application folder, and there do not appear to be any programs resident in memory (visible through task manager). I'm presently examining the machine for hidden spyware or rootkit type programs to see if that is the source of the problem. I can't really say for certain if this is a Firefox problem (which should probably be fixed) or the side effects of spyware/viruses.
I as well now have this bug... I will be blunt... I was downloading a crack for software off of limewire, ran the exe, and got this... ran it again, advertismen.com the name... also says it can be removed from the add/remove programs in windows but when I looked it wasn't there... so... I'm scanning, and searching, but nothing found right now... anything I should do? [Any Reguards Toward Limewire and Illegal Download I Would Like to Note: The day for illegel download is becoming to risky... Chances of being caught and so many viruses... I think I may stop my play in it soon...]
Those affected, do you have a .dll named: pushowxx.dll (where xx = any number)
Sorry to insist too much about, but I have the malware which caused all this problem in my computer. I am wondering if somebody is able to reverse engineer this malware, it is possible to find which vulnerability in Firefox (or more probably in Windows) it is exploiting. The malware can be downloaded at: http://www.guapulolounge.com/bugreport/careful_malicious_code.zip Aditionally, I have checked the file pushowxx.dll and didn´t found it in my computer.
Yes... Jim Jeffery is right. I haven't realized, but today my AVG antivirus detected this pushow42.dll file and detected as Trojan Horse Clicker.BZO. So, I have changed back the afirefox.exe to firefox.exe and voilá, copy/paste works again. I asume that AVG and the other antivirus didn't have this virus in their databases until yesterday. So. I guess here is the problem: pushow42.dll file / Trojan Horse Clicker.BZO
fixed my problem... had to load windows in dos mode to delete it though... anything I did that is a mystery asked (basically followed the forum Volkmar Kostka linked to [thx for linking])...
Is this the pushow*.dll problem? we really need to start making dupes if it is.
yeah... had two different ones installed (both where pushowXX.dll files) installed... only one I remember is pushow96.dll though... I still have the exe that installed the files... [pushowXX.dll installer/exe]-> RAR Compression-> ZIP Compression...
*** Bug 334343 has been marked as a duplicate of this bug. ***
I had originally commented on this bug on 334343. Found 2 copies of pushowxx.dll on my system. pushow51.dll deleted easily, but pushow94.dll was in use so I had to boot from a CD to get rid of it. So that was definately the prob in my case too. Many thanx for the tip :)
*** This bug has been marked as a duplicate of 334500 ***
Status: UNCONFIRMED → RESOLVED
Closed: 19 years ago
Resolution: --- → DUPLICATE
(In reply to comment #17) > I had originally commented on this bug on 334343. Found 2 copies of > pushowxx.dll on my system. pushow51.dll deleted easily, but pushow94.dll was > in use so I had to boot from a CD to get rid of it. So that was definately the > prob in my case too. Many thanx for the tip :) > yes... I had two and one was easily deleted and the other I had to load my computer in CMD/Dos Mode and go through the commands...
You need to log in before you can comment on or make changes to this bug.