Closed Bug 516743 Opened 11 years ago Closed 3 years ago
crash [@ protect
.dll@0x3182 ] -- block protect .dll?
saw this comment in crash reports from today. protect.dll@0x3182 I have developed some type of problem with my web browsing that consists of all hyperlinks of all sites going to either globexonline.com or thefeedyard.com. I believe thi s virus has caused the crash and am having trouble fixing it. http://www.google.com/search?q=register+mcafee&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a Firefox 3.0.14 Windows NT 6.0.6001 Service Pack 1 20090914-crashdata.csv http://crash-stats.mozilla.com/report/index/27d81425-7699-49e2-87b1-108642090913 protect.dll appears to be associated with a variety of threats http://www.threatexpert.com/files/protect.dll.html need to keep an eye out for increase number of crashes and instances of this .dll.
instances of protect.dll in 20090901-crashdata.csv 271 instances of protect.dll in 20090902-crashdata.csv 207 instances of protect.dll in 20090903-crashdata.csv 168 instances of protect.dll in 20090904-crashdata.csv 191 instances of protect.dll in 20090905-crashdata.csv 164 instances of protect.dll in 20090906-crashdata.csv 197 instances of protect.dll in 20090907-crashdata.csv 193 instances of protect.dll in 20090908-crashdata.csv 157 instances of protect.dll in 20090909-crashdata.csv 134 instances of protect.dll in 20090910-crashdata.csv 109 instances of protect.dll in 20090911-crashdata.csv 109 instances of protect.dll in 20090912-crashdata.csv 140 instances of protect.dll in 20090913-crashdata.csv 125 instances of protect.dll in 20090914-crashdata.csv 145
both globexonline.com and thefeedyard.com appear to be registered to anonymous site owners in ru. Domain servers in listed order: ns2.x-casino.biz ns1.x-casino.biz Registrant: loads dewfewfer *********@ya.ru) ewfewqfe Dneefwqf Dnipropetrovsk Oblast,49000 UA Tel. +380.0979625314
we should add this one to the malware stuff on sumo. the number of crashes is just currently running just below x86.dll reports. might be 2cd overall in malware related crashes.
We can't block random dlls. we can block plugins (npXXXX.dll) and addons (which might prevent them loading dll's). There are purely windows mechanisms for injecting libraries into other processes that are currently out of our control. If we get Electrolysis running we might be able to block dlls in child processes the way green-border does in Chrome.
I'm marking this bug as WORKSFORME as bug crashlog signature didn't appear from a long time (over half year).
Status: NEW → RESOLVED
Crash Signature: [@ protect.dll@0x3182 ]
Closed: 3 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.