Closed
Bug 516743
Opened 15 years ago
Closed 7 years ago
crash [@ protect.dll@0x3182 ] -- block protect.dll?
Categories
(Firefox :: Security, defect)
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: chofmann, Unassigned)
References
(Blocks 1 open bug)
Details
(Keywords: user-doc-needed, Whiteboard: [notacrash])
Crash Data
saw this comment in crash reports from today.
protect.dll@0x3182
I have developed some type of problem with my web browsing that consists of all hyperlinks of all sites going to either globexonline.com or thefeedyard.com. I believe thi
s virus has caused the crash and am having trouble fixing it.
http://www.google.com/search?q=register+mcafee&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a
Firefox 3.0.14 Windows NT 6.0.6001 Service Pack 1
20090914-crashdata.csv http://crash-stats.mozilla.com/report/index/27d81425-7699-49e2-87b1-108642090913
protect.dll appears to be associated with a variety of threats
http://www.threatexpert.com/files/protect.dll.html
need to keep an eye out for increase number of crashes and instances of this .dll.
|
Reporter | |
Comment 1•15 years ago
|
||
instances of protect.dll in 20090901-crashdata.csv 271 instances of protect.dll in 20090902-crashdata.csv 207 instances of protect.dll in 20090903-crashdata.csv 168 instances of protect.dll in 20090904-crashdata.csv 191 instances of protect.dll in 20090905-crashdata.csv 164 instances of protect.dll in 20090906-crashdata.csv 197 instances of protect.dll in 20090907-crashdata.csv 193 instances of protect.dll in 20090908-crashdata.csv 157 instances of protect.dll in 20090909-crashdata.csv 134 instances of protect.dll in 20090910-crashdata.csv 109 instances of protect.dll in 20090911-crashdata.csv 109 instances of protect.dll in 20090912-crashdata.csv 140 instances of protect.dll in 20090913-crashdata.csv 125 instances of protect.dll in 20090914-crashdata.csv 145
|
|
Reporter | |
Comment 2•15 years ago
|
||
both globexonline.com and thefeedyard.com appear to be registered to anonymous site owners in ru.
Domain servers in listed order:
ns2.x-casino.biz
ns1.x-casino.biz
Registrant:
loads
dewfewfer *********@ya.ru)
ewfewqfe
Dneefwqf
Dnipropetrovsk Oblast,49000
UA
Tel. +380.0979625314|
|
Reporter | |
Comment 3•15 years ago
|
||
we should add this one to the malware stuff on sumo. the number of crashes is just currently running just below x86.dll reports. might be 2cd overall in malware related crashes.
Keywords: user-doc-needed
|
||
Comment 4•15 years ago
|
||
We can't block random dlls. we can block plugins (npXXXX.dll) and addons (which might prevent them loading dll's). There are purely windows mechanisms for injecting libraries into other processes that are currently out of our control. If we get Electrolysis running we might be able to block dlls in child processes the way green-border does in Chrome.
|
||
Updated•15 years ago
|
Whiteboard: [notacrash]
|
||
Comment 5•7 years ago
|
||
I'm marking this bug as WORKSFORME as bug crashlog signature didn't appear from a long time (over half year).
Status: NEW → RESOLVED
Crash Signature: [@ protect.dll@0x3182 ]
Closed: 7 years ago
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•