Closed Bug 570244 Opened 10 years ago Closed 9 years ago

caught virus through email taking to bad url


(Firefox :: Security, defect, critical)

Windows XP
Not set





(Reporter: grotant, Unassigned)


(Blocks 1 open bug, )


User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/ Safari/532.0
Build Identifier: moz 6+? (had to uninstall)

1) received email 2) directed me to** (not full url) 3) logged onto ebay (successfully) 4) that then took me to phish page asking for personal banking info. ebay confirms bad page. 5) have found files which i think are virus located in mozilla/firefox directory 6) removed them 7) scrubbed registry for files 8) reboot 9) retry ebay. problem still there. 10) not present in other browsers 11) uninstalled firefox, reinstalled current version. 12) still have problem 12) cannot find further files on my pc. i can send text file of original email and directory/file names (not files) of bogus files. These are not found anywhere using a google search and virus scans don't find problem.  Have uninstalled firefox until I can remove problem altogether. Other browsers are fine.

Reproducible: Always

Steps to Reproduce:
1. use firefox
2. logon to ebay (sucessfully)
3. be redirected to another url looking mostly like an ebay page though bogus on further inspection. this is asking for banking info 
Actual Results:  
got bad page, stopped. see above re: deleting what i could from pc.

Expected Results:  

email me back if you want text file of original email and directory/file names of bad files
Group: core-security
Could you please upload the names of the files which you thought were malware and where they were located?

Due to the fact there is no way for us to test this bug, it's going to near impossible to confirm it or mark it as invalid.

The site in question seems to be no longer existant.

I'll look into this issue, if you are still having it, but I think it will probably be safe to close this bug.
Sam -  it's been a year since this problem so I don't have much other than what's above.

I did find that it was some sort of "sinowal" virus and came from the domain named above. Don't remember full URL. OS was WIN XP and I could't remove it. Nothing would remove it. I wiped that pc and reloaded it. That's about all I have.
Doesn't really solve this problem, but you can report malware/phishing sites by going to Help > Report Web Forgery in Firefox.

Resolving as INCOMPLETE since there is no new information which can be provided to help identify this bug. Please reopen if this happens again and more information can be provided.

Closed: 9 years ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.