xpicleanup.exe reported as trojan

RESOLVED INVALID

Status

()

RESOLVED INVALID
12 years ago
12 years ago

People

(Reporter: rh59er, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

12 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1) Gecko/20060917 BonEcho/2.0
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1) Gecko/20060917 BonEcho/2.0

Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1) Gecko/20060917 BonEcho/2.0 - Build ID: 2006091703 nightly build.  
Trojan detected in xpicleanup.exe 
AVG Free found Trojan horse PSW.Generic2.ILX in C:\Program Files\Firefox\xpicleanup.exe
Running on 2 machines.  Replicated itself 18 times on one machine and 36 times on my main machine as a numbered .exe file residing in C:\Program Files\Firefox\xpicleanup.exe


Reproducible: Always

Actual Results:  
AVG Free detected and 'healed'.



Just downloaded, but not umpacked latest nightly zip /pub/mozilla.org/firefox/tinderbox-builds/pacifica-vm-mozilla1.8
AVG found 1 infected file.
This is probably just a false positive, and I can't coerce any information out of Google or the AVG website.
(Reporter)

Comment 2

12 years ago
Bon Echo just updated itself and I got another warning from AVG.  Same file.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1) Gecko/20060917 BonEcho/2.0

I get also every day a virus warning, but in my case the antivirus software sees a virus signature in urlclassifier2.sqlite in my branch profile. Every day a new fresh virus, generated by Firefox seems plain nonsense to me.
The trojan report is bogus. The xpicleanup.exe file from the 20060916 and 0918 builds are identical in size, and differ by only a single byte (cmp says at char 249, line 2). Builds are also virus scanned automatically.

Please tell AVG that they are making false reports.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 12 years ago
Resolution: --- → INVALID

Comment 5

12 years ago
the urlclassifier2.sqlite report in comment 3 might be related to https://bugzilla.mozilla.org/show_bug.cgi?id=329715

try removing the file and see if the reports go away.

Comment 6

12 years ago
I sent a request to http://www.grisoft.com/doc/28637/lng/us/tpl/tpl01 to have the signature that AVG Free is detecting in xpicleanup.exe removed as a false postitive, or provide us with more details on any possible problem.

Comment 8

12 years ago
cool!  good work.
You need to log in before you can comment on or make changes to this bug.