User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1a3) Gecko/20060707 BonEcho/2.0a3 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1a3) Gecko/20060707 BonEcho/2.0a3 C:\PROGRA~1\BONECH~1\updates\0\updater.exe Win32:Sality-W Virus/Worm 0628-0, 07/10/2006 Unsure if this was indeed a worm or just acting like one, but had to hit ignore for activity for BON ECHO to visit upgrading manually. Reproducible: Always Steps to Reproduce: 1. Click ICON for Bon Echo 2. AVAST has detected Win32:Sality-W in C:\PROGRA~1\BONECH~1\updates\0\updater.exe 3. Clicked ignore for Bon Echo to launch and manually down Nightly Install NOTE ** This is the first time I've seen this reaction to anti-virus previous builds did not act like this. To determine if this is a real threat, please run viral sweep on nightly build. Would not like to have this embeded before we release Firefox 2.
Have you confirmed that your system is clean ? It could be that you acquired this virus since you last installed a nightly build.
Seems like a false positive to me. You can see this very often with AVG, Avast and previously also with Antivir. Antivir has changed into Avira and I have never seen mis detection anymore.
*** Bug 344112 has been marked as a duplicate of this bug. ***
Per Bug 344112 and comment #0 this affects software update (e.g. updater.exe) and not the installer. Over to Software Update This appears to be a false positive detected by Avast.
For the record, we received today in Mozilla Europe emails two similar reports from AVAST users, both found this virus in updater.exe in regular mozilla firefox builds (22.214.171.124) downloaded from mozilla.com/mozilla europe. One of the reports had a screen capture which confirmed that the Avast version was also 0628-0. I haven't been able to reproduce this bug on my windows partition with avast installed, maybe the problem is only affecting one specific mirror ? Marking as New since we have already 4 different people who witnessed it in the last hours, probably a false positibe though.
Pascal, could you attach the screen shot to this bug?
Just in case could you get a copy of updater.exe from one of the people that reported this and attach it to this bug? I've also tried to reproduce without any success but I am using 0628-1.
Found the following and it appears this was a false positive and is already fixed in the latest Avast virus definitions http://forum.avast.com/index.php?topic=22075.0
ok, marking as INVALID
The Virus has been contained, but was detected after AVAST ran a scheduled bootg scan and found it the root directory along with the directory for Bon-Echo. Since I removed the nightly built and download the new version of MindField situation was contained. But the screenshot was exactly what i Had just could not be contained or deleted until the product was fully removed.
We're now tracking such bugs. This doesn't mean it's something we can fix, merely something we hope to be able to point vendors to so they can investigate. This is an automated message.
Closing old bugs in the Plugins component. We aren't going to track issues in 3rd-party plugins in the Mozilla bug tracker. In addition, support for NPAPI plugins will be removed at the end of this year; for more details see the post at https://blog.mozilla.org/futurereleases/2015/10/08/npapi-plugins-in-firefox/ If there is a serious bug in Firefox, it needs to be filed in the "Core" product, "Plug-Ins" component.