Closed
Bug 402857
Opened 17 years ago
Closed 15 years ago
Worm detected in the addons
Categories
(Firefox :: General, defect)
Tracking
()
RESOLVED
INCOMPLETE
People
(Reporter: jazajay, Unassigned)
Details
(Whiteboard: [CLOSEME 2010-07-30])
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.9) Gecko/20071025 Firefox/2.0.0.9
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.9) Gecko/20071025 Firefox/2.0.0.9
Hi my spyware checker recently deleted a worm that was found in my add-ons. Heres the information it gave and a list of my addons. Keep up the good work.
07/11/2007 08:17:27 C:\Documents and Settings\james\Application Data\Mozilla\Firefox\Profiles\n5ey60jz.default\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}\chrome\ieview.jar/content\reloaded.html Worm.Win32.Feebs.gen, Deleted
Addons installed
-British dictionary //latest installed addon. All scans before this didn't find any worms!
-Firefox companion for ebay //never any problems before
-File download manager //never any problems before
-Google site indexer //never any problems before
-IE view //never any problems before
-Niche watch tool //never any problems before
-search status //never any problems before
-seo quake
-seo quake with ask
-talkback //never any problems before
-verification engine //recent addon
-web developer //never any problems before
Reproducible: Didn't try
Steps to Reproduce:
1.
2.
3.
Actual Results:
Nothing the worm was deleted
|
||
Comment 1•17 years ago
|
||
I think {6e84150a-d526-41f1-a480-a67d3fed910d} is "IE View".
|
||
Comment 2•17 years ago
|
||
You don't say what version of IE View or which spyware checker. I took the current version of IE View (1.3.4) served by addons.mozilla.org and ran it past the 31 different scanners at www.virustotal.com and found no problems.
I looked at the reloaded.html file in the official copy and found nothing malicious and nothing that I could reasonably imagine would make a scanner suspicious.
That seems to leave three possibilities
1) you got an evil copy of IE View from somewhere other than addons.mozilla.org
2) something hacked your local copy of IE View
3) it's a false positive from your scanner
My best guess would be "3". "2" seems extremely unlikely: local malware would just drop in an extra file, not modify an existing HTML file buried inside a .jar file -- too much work. You would know whether "1" was possible or not.
You could check in with the tech support folks and see if other people with your brand of scanner are reporting similar things. See the links at http://www.mozilla.com/support -- the on-line chat option probably gives you the most immediate feedback but is sometimes thinly staffed. Worth trying first I'd think.
|
||
Comment 3•15 years ago
|
||
This bug was originally reported on Firefox 2.x or older, which is no longer supported and will not be receiving any more updates. I strongly suggest that you update to Firefox 3.6.6 or later, update your plugins (flash, adobe, etc.), and retest in a new profile. If you still see the issue with the updated Firefox, please post here. Otherwise, please close as RESOLVED > WORKSFORME
http://www.mozilla.com
http://support.mozilla.com/kb/Managing+profiles
http://support.mozilla.com/kb/Safe+mode
Whiteboard: [CLOSEME 2010-07-30]
Version: unspecified → 2.0 Branch
|
|
||
Comment 4•15 years ago
|
||
No reply, INCOMPLETE. Please retest with Firefox 3.6.8 or later and a new profile (http://support.mozilla.com/kb/Managing+profiles). If you continue to see this issue with the newest firefox and a new profile, then please comment on this bug.
Status: UNCONFIRMED → RESOLVED
Closed: 15 years ago
Resolution: --- → INCOMPLETE
You need to log in
before you can comment on or make changes to this bug.
Description
•