xpicleanup.exe reported as trojan

RESOLVED INVALID

Status

()

Product:
Firefox
Component:
Build Config
Status:
RESOLVED INVALID
Reported:
12 years ago
Modified:
12 years ago

People

(Reporter: rh59er, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details
(Reporter)

Description

12 years ago 
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1) Gecko/20060917 BonEcho/2.0
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1) Gecko/20060917 BonEcho/2.0

Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1) Gecko/20060917 BonEcho/2.0 - Build ID: 2006091703 nightly build.  
Trojan detected in xpicleanup.exe 
AVG Free found Trojan horse PSW.Generic2.ILX in C:\Program Files\Firefox\xpicleanup.exe
Running on 2 machines.  Replicated itself 18 times on one machine and 36 times on my main machine as a numbered .exe file residing in C:\Program Files\Firefox\xpicleanup.exe


Reproducible: Always

Actual Results:  
AVG Free detected and 'healed'.



Just downloaded, but not umpacked latest nightly zip /pub/mozilla.org/firefox/tinderbox-builds/pacifica-vm-mozilla1.8
AVG found 1 infected file.

Comment 1

12 years ago 
This is probably just a false positive, and I can't coerce any information out of Google or the AVG website.
(Reporter)

Comment 2

12 years ago 
Bon Echo just updated itself and I got another warning from AVG.  Same file.

Comment 3

12 years ago 
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1) Gecko/20060917 BonEcho/2.0

I get also every day a virus warning, but in my case the antivirus software sees a virus signature in urlclassifier2.sqlite in my branch profile. Every day a new fresh virus, generated by Firefox seems plain nonsense to me.

Comment 4

12 years ago 
The trojan report is bogus. The xpicleanup.exe file from the 20060916 and 0918 builds are identical in size, and differ by only a single byte (cmp says at char 249, line 2). Builds are also virus scanned automatically.

Please tell AVG that they are making false reports.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 12 years ago
Resolution: --- → INVALID

Comment 5

12 years ago 
the urlclassifier2.sqlite report in comment 3 might be related to https://bugzilla.mozilla.org/show_bug.cgi?id=329715

try removing the file and see if the reports go away.

Comment 6

12 years ago 
I sent a request to http://www.grisoft.com/doc/28637/lng/us/tpl/tpl01 to have the signature that AVG Free is detecting in xpicleanup.exe removed as a false postitive, or provide us with more details on any possible problem.

Comment 8

12 years ago 
cool!  good work.
You need to log in before you can comment on or make changes to this bug.