If you think a bug might affect users in the 57 release, please set the correct tracking and status flags for Release Management.

Attempts repeated downloads of an infected file, and triggers nonstop virus warnings

RESOLVED INCOMPLETE

Status

()

Firefox
Security
--
critical
RESOLVED INCOMPLETE
8 years ago
5 years ago

People

(Reporter: jeslar360, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [testday-20120615], URL)

(Reporter)

Description

8 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1.2) Gecko/20090729 Firefox/3.5.2
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1.2) Gecko/20090729 Firefox/3.5.2

I believe this is a brute force attack site, under the guise of someone trying to peddle security software.  (In part due to bad grammar)

It pops up a warning that the computer is vulnerable to attack, and that I should click OK to scan it.

I close it (X out of the dialog)

It then starts triggering many virus warnings, and opens many download windows for "Install.exe"

It pretends to be a Windows Defender implementation, and shows a view of My Computer, with the correct HardDrive partitions, and states in red under each of them a number with the words "Infected" or "Infected Files" under them.

When the page is closed, all virus warnings stop as well as download attempts.

this seriously bogs down the browser, and more.

Reproducible: Always

Steps to Reproduce:
1.Go to this page: http://windows.sranoscan.info/25/030wLGBzLGBzL==
2.When it pops up the dialog, [X] out of it.
3.Wait for the attempted downloads to start, along with the virus warnings in the Cache folder, under the "AppData" directory, or equivalent for the version of windows being used. 
Actual Results:  
The site kept on trying to download the executable Install.Exe, and these warnings kept coming up:

Virus or unwanted program 'TR/Dropper.Gen [trojan]'
detected in file 'C:\Users\Jestin Larson\AppData\Local\Mozilla\Firefox\Profiles\2xtk84zf.default\Cache\ECB1272Cd01.
Action performed: Deny access

Expected Results:  
I would have assumed there would have been a protection, to prevent whatever method they use for this scare tactic to work.

I use Avira AntiVir (Latest Update)
(Reporter)

Updated

8 years ago
Priority: -- → P1

Comment 1

8 years ago
I have had the same problem, and as a result, have uninstalled Mozilla Firefox.  I tried a fresh download, but the same thing happens, multiple windows flashing red warnings about corrupt/infected files. I have to quickly "X" out of it.  My McAfee does not seem to notice there may be a problem, nor does Spybot, or Registry First Aid.  I cannot use Firefox (although I like it very much) until this is resolved.

Comment 2

8 years ago
I am using Windows XP sp2, attempting to use Firefox 3.5
Duplicate of this bug: 343911
Note: Priority should only be set by developers please. resetting to --
See https://bugzilla.mozilla.org/page.cgi?id=fields.html#priority
Priority: P1 → --

Comment 5

5 years ago
The URL http://windows.sranoscan.info/25/030wLGBzLGBzL== is no longer valid.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → INCOMPLETE
Whiteboard: [testday-20120615]
You need to log in before you can comment on or make changes to this bug.