Closed Bug 362994 Opened 18 years ago Closed 18 years ago

Possible Trojan in FF 2 installer

Categories

(Firefox :: Installer, defect)

x86
Windows XP
defect
Not set
critical

Tracking

()

RESOLVED INVALID

People

(Reporter: rjackh, Unassigned)

Details

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727) Build Identifier: Firefox 2.0 Installer In attempting to reinstall Firefox 2 from an installer file that came directly from Firefox, my AVG antivirus stated that the Trojan "PSW.Lineage.PQ" was found in the file InstallOptions.dll now located in C:\Documents and Setting\Pop\Local Settings\Temp\nssC.tmp\InstallOptions.dll. The installer file is version 4.42.0.0 size 5.62 MB. It has been a while since this file was downloaded. I still have the installer file, and the AVG event log, and the virus vault copy of the dll file. Reproducible: Always Steps to Reproduce: 1. Have AVG Free 7.5.409 loaded and active with virus database 268.15.13/ 2. Run the Firefox 2.0 setup installer size 5,763 KB (maybe just my copy?) 3. AVG warning will appear every time Actual Results: AVG warning pops up identifying the Trojan and location. Offers to fix, ignore, or put in vault. I have "fixed" but did not continue with installation. I have also put in vault, but did not continue with installation. Expected Results: I stopped trying to use this file and loaded an earlier version of Firefox from the Firefox web site. Not had a virus? I suspect this is either a> a false positive, or b> the file was infected AFTER getting on my system. Rather than simply deleting the file and downloading another copy, I thought I'd report this to both you, and to McAfee for evaluation.
This is most likely either a false positive (http://nsis.sourceforge.net/NSIS_False_Positives) or the result of some other virus/trojan already on your system contaminating the executable.
since this is just a case of false positive, marking this INVALID
Status: UNCONFIRMED → RESOLVED
Closed: 18 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.