Hilfe durchsuchen

Vorsicht vor Support-Betrug: Wir fordern Sie niemals auf, eine Telefonnummer anzurufen, eine SMS an eine Telefonnummer zu senden oder persönliche Daten preiszugeben. Bitte melden Sie verdächtige Aktivitäten über die Funktion „Missbrauch melden“.

Weitere Informationen

New update and new infection detected from AVG

  • 13 Antworten
  • 7 haben dieses Problem
  • 1 Aufruf
  • Letzte Antwort von vessto

more options

I posted similar topic after previous update but that time I decided update and infection detection are not as connected. My previous post: https://support.mozilla.org/en-US/questions/1120200 But today after the latest update I got notification from AVG again. In my opinion this is a real problem and IS connected with the update. Screenshot attached.

It might be connected with add-on too. I have 96 and some don't have Mozilla links anymore, only links to their sites.

I posted similar topic after previous update but that time I decided update and infection detection are not as connected. My previous post: https://support.mozilla.org/en-US/questions/1120200 But today after the latest update I got notification from AVG again. In my opinion this is a real problem and IS connected with the update. Screenshot attached. It might be connected with add-on too. I have 96 and some don't have Mozilla links anymore, only links to their sites.
Angefügte Screenshots

Geändert am von vessto

Alle Antworten (13)

more options

can you please share what's going on in the details/more info section - currently the screenshot & the threat description isn't very meaningful...

more options

philipp said

can you please share what's going on in the details/more info section - currently the screenshot & the threat description isn't very meaningful...

Clicking More Info leads to this common page in AVG http://www.avgthreatlabs.com/eu-en/virus-and-malware-information/content/generic-virus/?name=@unknownMalware&utm_source=TDPU&utm_medium=IDP&PRTYPE=AVF

But previous time before AVG to secure it Malwarebytes found 3 Goobzo viruses and my system started fake Maintenance with 90% CPU usage.

Details have more info:

"";"General behavioral detection, C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UPDATED\FIREFOX.EXE";"Deleted";"File or Directory";"4.5.2016 г., 12:23:30" "";", C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UPDATED\FIREFOX.EXE";"Object was blocked";"Process";"4.5.2016 г., 12:23:30" "";", C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UPDATED\FIREFOX.EXE";"Object was blocked";"Process";"4.5.2016 г., 12:23:30" "";", C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UPDATED\FIREFOX.EXE";"Object was blocked";"Process";"4.5.2016 г., 12:23:30" "";", C:\Windows\SysWOW64\cmd.exe";"Object was blocked";"Process";"4.5.2016 г., 12:23:30" "";", C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe";"Object was blocked";"Process";"4.5.2016 г., 12:23:30" "";", C:\Windows\SysWOW64\rundll32.exe";"Object was blocked";"Process";"4.5.2016 г., 12:23:30" "";", C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe";"Object was blocked";"Process";"4.5.2016 г., 12:23:30" "";", C:\Windows\SysWOW64\cmd.exe";"Object was blocked";"Process";"4.5.2016 г., 12:23:30" "";", C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_21_0_0_213.exe";"Object was blocked";"Process";"4.5.2016 г., 12:23:30" "";", C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_21_0_0_213.exe";"Object was blocked";"Process";"4.5.2016 г., 12:23:30" "";", C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_21_0_0_213.exe";"Object was blocked";"Process";"4.5.2016 г., 12:23:30" "";", C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_21_0_0_213.exe";"Object was blocked";"Process";"4.5.2016 г., 12:23:30" "";", C:\Windows\System32\conhost.exe";"Object was blocked";"Process";"4.5.2016 г., 12:23:30" "";", C:\Windows\SysWOW64\typeperf.exe";"Object was blocked";"Process";"4.5.2016 г., 12:23:30" "";", C:\Windows\System32\conhost.exe";"Object was blocked";"Process";"4.5.2016 г., 12:23:30" "";", C:\Windows\SysWOW64\taskkill.exe";"Object was blocked";"Process";"4.5.2016 г., 12:23:30" "";", C:\Windows\SysWOW64\cmd.exe";"Object was blocked";"Process";"4.5.2016 г., 12:23:30" "";", C:\Windows\SysWOW64\cmd.exe";"Object was blocked";"Process";"4.5.2016 г., 12:23:30" "";", C:\Windows\System32\conhost.exe";"Object was blocked";"Process";"4.5.2016 г., 12:23:30" "";", C:\Windows\SysWOW64\typeperf.exe";"Object was blocked";"Process";"4.5.2016 г., 12:23:30" "";", C:\Windows\System32\conhost.exe";"Object was blocked";"Process";"4.5.2016 г., 12:23:30" "";", C:\Windows\SysWOW64\taskkill.exe";"Object was blocked";"Process";"4.5.2016 г., 12:23:30"

Geändert am von vessto

more options

thanks - in general that folders look genuine. when firefox is downloading an automatic update, the new files will be stored "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UPDATED\" and replace the old files in the program folder once the application is restarted. i think you should primarily get in contact with avast's support about this - if this alone is detected as an abstract bad behaviour that sounds rather bad and like a common source for false positives...

more options

philipp said

thanks - in general that folders look genuine. when firefox is downloading an automatic update, the new files will be stored "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UPDATED\" and replace the old files in the program folder once the application is restarted. i think you should primarily get in contact with avast's support about this - if this alone is detected as an abstract bad behaviour that sounds rather bad and like a common source for false positives...

I'll post a question in AVG Free forum. I'd be glad if it was just false positive. But this warning never happened before FF46. Also Goobzo and fake Maintenance scared me, if it weren't they I'd be much more calm. I mean if it only was AVG, but not Malwarebytes detection and system going strange too.

Geändert am von vessto

more options

Of course its false positive, Mozilla doesnt offer update or executable with malwares.

more options

Oxylatium said

Of course its false positive, Mozilla doesnt offer update or executable with malwares.

It is not false positive and it certainly is not from Mozilla. Most likely it is some add-on or plugin corrupted. As you can see another user has this problem too.

Geändert am von vessto

more options

Just ask AVG , not a Firefox issue

Geändert am von Chris Ilias

more options

Oxylatium said

Just ask AVG , not a Firefox issue

And probably to ask Malwarebytes too, about Goobzo detection, and my own PC about doing things that never did before? I know my PC well, I observe my Task Manager non-stop. Unusual action really occurred. Please, go trolling in another question. I need a real help.

Geändert am von Chris Ilias

more options

I've removed the profanity from Oxylatium's post. Please read the Mozilla Support rules and guidelines, thank you. :)

more options

I saw some scammer posted a reply, many thanks to mods that deleted their reply! Scam links are visible in the email notification but I never open from there, prefer seeing the post here.

more options

Did you post in the AVG forum if so have you got the link please ?

I don't know whether you are aware but there are a lot of fake updates for Firefox on the internet at present. Many of the current batch are using an orange splash screen with authentic looking logos. They had .exe files but are now using .js files.

There is a related contributors discussion you may wish to glance at /forums/contributors/712056?last=69678

As you have already had one recent malware issue it may be worth scanning your computer again with all the tools listed in

And as the new fake updates are sometimes associated with a particularly dangerous and difficult to deal with Kovter Trojan you may wish to use a dedicated removal tool for that. The tool runs very quickly and either announces nothing is found or generates a short log file if it finds and removes anything.

more options

vessto said

I saw some scammer posted a reply, many thanks to mods that deleted their reply!

Not deleted, was marked as spam which makes it visible to only mods/admins.

more options

John99 said

Did you post in the AVG forum if so have you got the link please ? I don't know whether you are aware but there are a lot of fake updates for Firefox on the internet at present. Many of the current batch are using an orange splash screen with authentic looking logos. They had .exe files but are now using .js files. There is a related contributors discussion you may wish to glance at /forums/contributors/712056?last=69678 As you have already had one recent malware issue it may be worth scanning your computer again with all the tools listed in And as the new fake updates are sometimes associated with a particularly dangerous and difficult to deal with Kovter Trojan you may wish to use a dedicated removal tool for that. The tool runs very quickly and either announces nothing is found or generates a short log file if it finds and removes anything.

Yes, I asked in AVG but they sent me a ticket which I should accept so they to investigate remotely my PC. I'm still in doubt if to agree to that. I stopped responding here because now I got notifications from AVG about Opera and Opera Beta updates which widened the problem. I informed AVG about that too. I installed TOR and it has also warning everytime I just open it but imho there the problem is the deep web, not a real infection.

I always update Mozilla from About button or when it tells me there's update. I never update from the web.

First time when I got Mozilla detection and I didn't secured it thinking it is false positive. That time I got 3 infections. After that I secure every AVG detection. If 3 of my browsers have infection when update that might also mean that an extension I use in all of them is infected. I doubt this is ABP. The other extension I have in 3 is Click&Clean. Maybe my investigation should target extensions, not the same browsers which have legal updates.

Thank you for the links, will check them!