All users were logged out of Bugzilla on October 13th, 2018

Possible Trojan in FF 2 installer

RESOLVED INVALID

Status

()

--
critical
RESOLVED INVALID
12 years ago
12 years ago

People

(Reporter: rjackh, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

12 years ago
User-Agent:       Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)
Build Identifier: Firefox 2.0 Installer

In attempting to reinstall Firefox 2 from an installer file that came directly from Firefox, my AVG antivirus stated that the Trojan "PSW.Lineage.PQ" was found in the file InstallOptions.dll now located in C:\Documents and Setting\Pop\Local Settings\Temp\nssC.tmp\InstallOptions.dll.  The installer file is version 4.42.0.0 size 5.62 MB.  It has been a while since this file was downloaded.  I still have the installer file, and the AVG event log, and the virus vault copy of the dll file.

Reproducible: Always

Steps to Reproduce:
1. Have AVG Free 7.5.409 loaded and active with virus database 268.15.13/ 
2. Run the Firefox 2.0 setup installer size 5,763 KB (maybe just my copy?)
3. AVG warning will appear every time

Actual Results:  
AVG warning pops up identifying the Trojan and location.  Offers to fix, ignore, or put in vault.  I have "fixed" but did not continue with installation. I have also put in vault, but did not continue with installation.

Expected Results:  
I stopped trying to use this file and loaded an earlier version of Firefox from the Firefox web site.

Not had a virus?

I suspect this is either a> a false positive, or b> the file was infected AFTER getting on my system.  Rather than simply deleting the file and downloading another copy, I thought I'd report this to both you, and to McAfee for evaluation.
This is most likely either a false positive (http://nsis.sourceforge.net/NSIS_False_Positives) or the result of some other virus/trojan already on your system contaminating the executable.

Comment 3

12 years ago
since this is just a case of false positive, marking this

INVALID
Status: UNCONFIRMED → RESOLVED
Last Resolved: 12 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.