Crashes [@ nsWindow::SetTitle(nsAString_internal) ] due to Win32/Urlbot.NAN Trojan

RESOLVED INVALID

Status

()

--
critical
RESOLVED INVALID
8 years ago
8 years ago

People

(Reporter: t.orlowski, Unassigned)

Tracking

(Blocks: 1 bug, {crash})

1.9.2 Branch
x86
Windows XP
crash
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(crash signature)

Attachments

(3 attachments)

(Reporter)

Description

8 years ago
User-Agent:       Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 1.1.4322)
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13

I'm using Firefox on the my desktop (VMware host) for about 3 years. I was upgrading FF many times without a problem but recently I decided to upgrade to currently the latest 3.6.13 and after that, every opening page results in crash.
I'm behind proxy so default pages opening after insallation simply don't want to load. If I'll stop their loading, set up correct proxy and try to open any page (including any html or txt file from my PC) FF is crashing. The same happens in safe mode so I do not corelate my issue with any FF add-ons.
Genearally whole application seems to be functional, I can go to any menu, all options etc... but if I'll try to open any link (can be even about:config) FF is crashing.
If FF would like to restore session after crash .... it is crashing again :), so I'm not able to open FF at all, then I have to delete sessionrestore.js file in my profile to have a possibility to obtain main app window.

Uninstalling FF with deleting all settings (including whole profile) does not help. Issue still persist. Even backout to previously installed and funcional version 3.6.0 or isntallation of beta 4.0 or FF portable finishes with the same problem.

Please kindly help.
Best Regards.

PS: Unfortunatelly I'm not able to send crash dump using "standard" method because of Breakpad not supporting proxy, so I'll add it to this bug report + stacktrace done with WinDbg which points to access violation by xul!nsWindow::SetTitle

Reproducible: Always

Steps to Reproduce:
1.Open Firefox
2.Try to open any page, no matter is it remote or local

Actual Results:  
FF is crashing

Expected Results:  
Simply open requested link

I believe my problem may be specific to my OS configuration. It is VMware host accessible via Wyse terminal, so possibly some 3rd party software may cause these crashes. On the same day I was upgrading VMware tools on my host, however I do not have any proofs for its being related 
I'm sure I do not have any malware/viruses on my host.
(Reporter)

Updated

8 years ago
Version: unspecified → 3.6 Branch
(Reporter)

Comment 1

8 years ago
Created attachment 514301 [details]
WinDbg stacktrace
(Reporter)

Comment 2

8 years ago
Created attachment 514303 [details]
crash dump file (from safe mode)
(Reporter)

Comment 3

8 years ago
Created attachment 514304 [details]
crash extrafile (from safe mode)

Updated

8 years ago
Keywords: crash
What Thingy is that
0013f5d4 10085a9f poladfax!DllCanUnloadNow+0x380b4
in the Stacktrace?
(Reporter)

Comment 5

8 years ago
Bingo. Thanks for that tip XtC4UaLL. I've missed that.
That dll was malware :(. It has been clasified as Win32/Urlbot.NAN trojan by ESET online scanner. Sorry for bothering with that and wasting your time with this, but **** Symantec Antivirus I have since OS install never found it as a threat! So I thought I'm running clean OS. Bad assumption. Thankfully first online tool found that dll as rogue and UnDLL tool helped me to remove it. Now my lovely FF is back.

Thanks again for help and putting me on right track.
Cheers
Status: UNCONFIRMED → RESOLVED
Last Resolved: 8 years ago
Resolution: --- → INVALID
Thanks for reporting back and sorry for you ;-)

Per https://crash-stats.mozilla.com/query/query?product=Firefox&version=ALL%3AALL&platform=windows&branch=1.9.2&branch=2.0&range_value=1&range_unit=weeks&query_search=signature&query_type=contains&query=nsWindow%3A%3ASetTitle&build_id=&process_type=any&hang_type=any&do_query=1 this is very low on 1.9.2/2.0.
Component: General → Widget: Win32
Product: Firefox → Core
QA Contact: general → win32
Summary: Crashes on every page load (including safe mode).Stacktrace points to xul.dll!nsWindow::SetTitle → Crashes [@ nsWindow::SetTitle(nsAString_internal) ] due to Win32/Urlbot.NAN Trojan
Version: 3.6 Branch → 1.9.2 Branch

Updated

8 years ago
Blocks: 512788
(Assignee)

Updated

8 years ago
Crash Signature: [@ nsWindow::SetTitle(nsAString_internal) ]
You need to log in before you can comment on or make changes to this bug.