If you think a bug might affect users in the 57 release, please set the correct tracking and status flags for Release Management.

when opening Bon Echo, an alert from AVAST detected Win32:Sality-W

RESOLVED INCOMPLETE

Status

Plugins Graveyard
Avast AV
--
major
RESOLVED INCOMPLETE
11 years ago
a year ago

People

(Reporter: John Hilla, Unassigned)

Tracking

Details

(URL)

Attachments

(1 attachment)

(Reporter)

Description

11 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1a3) Gecko/20060707 BonEcho/2.0a3
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1a3) Gecko/20060707 BonEcho/2.0a3

C:\PROGRA~1\BONECH~1\updates\0\updater.exe
Win32:Sality-W
Virus/Worm
0628-0, 07/10/2006

Unsure if this was indeed a worm or just acting like one, but had to hit ignore for activity for BON ECHO to visit upgrading manually.

Reproducible: Always

Steps to Reproduce:
1. Click ICON for Bon Echo
2. AVAST has detected Win32:Sality-W in C:\PROGRA~1\BONECH~1\updates\0\updater.exe
3. Clicked ignore for Bon Echo to launch and manually down Nightly Install

NOTE ** This is the first time I've seen this reaction to anti-virus previous builds did not act like this.




To determine if this is a real threat, please run viral sweep on nightly build. Would not like to have this embeded before we release Firefox 2.
Have you confirmed that your system is clean ? It could be that you acquired this virus since you last installed a nightly build.
Seems like a false positive to me. You can see this very often with AVG, Avast and previously also with Antivir. Antivir has changed into Avira and I have never seen mis detection anymore.
*** Bug 344112 has been marked as a duplicate of this bug. ***
Per Bug 344112 and comment #0 this affects software update (e.g. updater.exe) and not the installer. Over to Software Update

This appears to be a false positive detected by Avast.
Component: Installer → Software Update
QA Contact: installer → software.update
For the record, we received today in Mozilla Europe emails two similar reports from AVAST users, both found this virus in updater.exe in regular mozilla firefox builds (1.5.0.4) downloaded from mozilla.com/mozilla europe. One of the reports had a screen capture which confirmed that the Avast version was also 0628-0.

I haven't been able to reproduce this bug on my windows partition with avast installed, maybe the problem is only affecting one specific mirror ?

Marking as New since we have already 4 different people who witnessed it in the last hours, probably a false positibe though. 
Status: UNCONFIRMED → NEW
Ever confirmed: true
Pascal, could you attach the screen shot to this bug?
Created attachment 228748 [details]
screenshot showing the virus detection

adding screenshot
Just in case could you get a copy of updater.exe from one of the people that reported this and attach it to this bug? I've also tried to reproduce without any success but I am using 0628-1.
Found the following and it appears this was a false positive and is already fixed in the latest Avast virus definitions
http://forum.avast.com/index.php?topic=22075.0
ok, marking as INVALID
Status: NEW → RESOLVED
Last Resolved: 11 years ago
Resolution: --- → INVALID
(Reporter)

Comment 11

11 years ago
The Virus has been contained, but was detected after AVAST ran a scheduled bootg scan and found it the root directory along with the directory for Bon-Echo. Since I removed the nightly built and download the new version of MindField situation was contained. But the screenshot was exactly what i Had just could not be contained or deleted until the product was fully removed.
(Assignee)

Updated

9 years ago
Product: Firefox → Toolkit

Comment 12

7 years ago
We're now tracking such bugs. This doesn't mean it's something we can fix, merely something we hope to be able to point vendors to so they can investigate. This is an automated message.
Status: RESOLVED → UNCONFIRMED
Component: Application Update → Avast AV
Ever confirmed: false
Product: Toolkit → Plugins
QA Contact: application.update → avast-antivirus
Resolution: INVALID → ---

Comment 13

a year ago
Closing old bugs in the Plugins component. We aren't going to track issues in 3rd-party plugins in the Mozilla bug tracker. In addition, support for NPAPI plugins will be removed at the end of this year; for more details see the post at https://blog.mozilla.org/futurereleases/2015/10/08/npapi-plugins-in-firefox/

If there is a serious bug in Firefox, it needs to be filed in the "Core" product, "Plug-Ins" component.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 11 years agoa year ago
Resolution: --- → INCOMPLETE
(Assignee)

Updated

a year ago
Product: Plugins → Plugins Graveyard
You need to log in before you can comment on or make changes to this bug.