Closed
Bug 512406
Opened 15 years ago
Closed 15 years ago
Blocklist NPFFAddOn.dll [@ NPFFAddOn.dll@0x11867]
Categories
(Toolkit :: Blocklist Policy Requests, defect)
Tracking
()
RESOLVED
FIXED
People
(Reporter: morgamic, Assigned: morgamic)
References
Details
(Keywords: crash, topcrash)
Crash Data
Attachments
(3 files)
NPFFAddOn.dll needs to be blocklisted for all apps, all versions. It is adware.
Comment 1•15 years ago
|
||
I wrote this up not knowing morgamic was filing a bug... Per bug 512122 and the sheer rate of crashes coming in, we seem to be getting hit by malware that's latching on to Firefox and causing it to crash. afaict, there is no legit website for "NPFFAddOn.dll" which is installed in a "Internet Saving Optimizer" directory. We should blocklist this dll immediately, the faster the better. It's clearly causing crashes and has spiked up 10 fold in the last two days. Please block all versions of NPFFAddOn.dll. If this turns out to be a legit extension, we can unblock it later after it's no longer crashing us.
Assignee | ||
Comment 2•15 years ago
|
||
INSERT INTO `blplugins` (`name`, `guid`, `min`, `max`, `os`, `xpcomabi`, `description`, `filename`) VALUES (NULL, '{ec8030f7-c20a-464f-9b0e-13a3a9e97384}', NULL, '*', NULL, NULL, NULL, 'NPFFAddOn.dll');
Assignee | ||
Comment 3•15 years ago
|
||
Needs mozilla.com list item at: http://www.mozilla.com/en-US/blocklist/ Will wait to see what happens tomorrow.
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
FWIW, there's been a huge drop (from ~ 5% of reports to just one) in people reporting popup ads that they can't get rid of over the past week.
Comment 5•15 years ago
|
||
From looking at infected files from users, this seems to be loaded as a xpcom component instead of a plugin, despite the np prefix. Plugin blocklisting doesn't affect this case, so we should also blocklist the wrapper extension that is inserting this component. The extension is usually in C:\Program Files\Internet Saving Optimizer\ and/or C:\Program Files\Media Access Startup on affected machines.
FWIW, we're still seeing crashes but the blocklist may have helped with the popups.
Assignee | ||
Comment 7•15 years ago
|
||
Should we blocklist the extension component too
Comment 8•15 years ago
|
||
This is the install.rdf from the Internet Saving Optimizer extension, obtained from a user on support.mozilla.com. The ID "{2224E955-00E9-4613-A844-CE69FCCAAE91}" should be blocked for all applications, all versions, as well as the name/description of "NP Helper Class".
Updated•15 years ago
|
Severity: normal → critical
Updated•15 years ago
|
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Assignee | ||
Comment 9•15 years ago
|
||
We can't blog extensions based on name, but I could add that for plugins.
Comment 10•15 years ago
|
||
(In reply to comment #9) > We can't blog extensions based on name, but I could add that for plugins. I don't think that name has ever been used as a plugin, so blocking it there wouldn't do any good. In any case, the extension ID should be blocked ASAP.
Can we do it on the GUID for the extension part? Is make much crashing for our users, thus sad.
Keywords: topcrash
Summary: Blocklist NPFFAddOn.dll → Blocklist NPFFAddOn.dll [@ NPFFAddOn.dll@0x11867]
Assignee | ||
Comment 12•15 years ago
|
||
Added blocklist entry for {2224e955-00e9-4613-a844-ce69fccaae91}. This should go out in a few hours; waiting for IT.
Assignee | ||
Comment 13•15 years ago
|
||
<emItem id="{2224e955-00e9-4613-a844-ce69fccaae91}"/> is on prod. Resolving.
Status: REOPENED → RESOLVED
Closed: 15 years ago → 15 years ago
Resolution: --- → FIXED
For Firefox 3.5.3 crashes within the last 7 days, NPFFAddOn.dll@0x11867 is #18; for crashes in the last 1 day it's #24, so this seems perhaps to be helping a little bit. Perhaps it takes the blocklist some time to get updated, especially for people who are crashing a lot?
Comment 15•15 years ago
|
||
The blocklist.xml shipped with the application (http://mxr.mozilla.org/mozilla-central/source/browser/app/blocklist.xml) does not yet include this update, so new users who crash on startup won't be protected.
Comment 16•15 years ago
|
||
For the last 1 day period, the crashes (Windows Firefox 3.5.3) are back to #14, so I don't think this helped.
dtownsend: see comment 15, please. Need to update the shipped blocklist.xml ASAP.
Updated•13 years ago
|
Crash Signature: [@ NPFFAddOn.dll@0x11867]
Updated•8 years ago
|
Product: addons.mozilla.org → Toolkit
You need to log in
before you can comment on or make changes to this bug.
Description
•