Closed
Bug 362994
Opened 18 years ago
Closed 18 years ago
Possible Trojan in FF 2 installer
Categories
(Firefox :: Installer, defect)
Tracking
()
RESOLVED
INVALID
People
(Reporter: rjackh, Unassigned)
Details
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)
Build Identifier: Firefox 2.0 Installer
In attempting to reinstall Firefox 2 from an installer file that came directly from Firefox, my AVG antivirus stated that the Trojan "PSW.Lineage.PQ" was found in the file InstallOptions.dll now located in C:\Documents and Setting\Pop\Local Settings\Temp\nssC.tmp\InstallOptions.dll. The installer file is version 4.42.0.0 size 5.62 MB. It has been a while since this file was downloaded. I still have the installer file, and the AVG event log, and the virus vault copy of the dll file.
Reproducible: Always
Steps to Reproduce:
1. Have AVG Free 7.5.409 loaded and active with virus database 268.15.13/
2. Run the Firefox 2.0 setup installer size 5,763 KB (maybe just my copy?)
3. AVG warning will appear every time
Actual Results:
AVG warning pops up identifying the Trojan and location. Offers to fix, ignore, or put in vault. I have "fixed" but did not continue with installation. I have also put in vault, but did not continue with installation.
Expected Results:
I stopped trying to use this file and loaded an earlier version of Firefox from the Firefox web site.
Not had a virus?
I suspect this is either a> a false positive, or b> the file was infected AFTER getting on my system. Rather than simply deleting the file and downloading another copy, I thought I'd report this to both you, and to McAfee for evaluation.
Comment 1•18 years ago
|
||
This is most likely either a false positive (http://nsis.sourceforge.net/NSIS_False_Positives) or the result of some other virus/trojan already on your system contaminating the executable.
Comment 2•18 years ago
|
||
AVG has detected this false positive previously
http://forums.winamp.com/showthread.php?threadid=261253
Comment 3•18 years ago
|
||
since this is just a case of false positive, marking this
INVALID
Status: UNCONFIRMED → RESOLVED
Closed: 18 years ago
Resolution: --- → INVALID
You need to log in
before you can comment on or make changes to this bug.
Description
•