Eheka Pytyvõha

Emboyke pytyvõha apovai. Ndorojeruremo’ãi ehenói térã eñe’ẽmondóvo pumbyrýpe ha emoherakuãvo marandu nemba’etéva. Emombe’u tembiapo imarãkuaáva ko “Marandu iñañáva” rupive.

Kuaave

Malware program halts Firefox due to finding a heap spray.

  • 8 Mbohovái
  • 3 oguereko ko apañuãi
  • 1 Hecha
  • Mbohovái ipaháva skennett

more options

After updating to Firefox 55.0.3, my malware software HitmanPro.Alert immediately halts the program from running, saying that there is malware present, see below for details. I uninstalled Firefox with Revo Uninstaller Pro, rebooted, downloaded it from the Mozilla site, and installed it fresh with the same results. Running a malware scan with HitmanPro only finds tracking cookies. I repeated the whole procedure (stubborn I am) to get the same warning and inability to use Firefox.

Anything I can do to be able to use my favorite browser again?

Many thanks for help, Shirley


Here are the details from the HitmanPro.Alert event log:

Attack intercepted
Firefox 55.0.3 has been stopped due to malicious software
  C:\Windows\System32\winlogon.exe [676]
winlogon.exe

-	System
		-	Provider
			[ Name] 	HitmanPro.Alert
		-	EventID	911
			[ Qualifiers] 	0
			Level	2
			Task	9
			Keywords	0x80000000000000
		-	TimeCreated
			[ SystemTime] 	2017-09-08T19:11:11.961567600Z
			EventRecordID	831875
			Channel	Application
			Computer	LEOPARD-SAK
			Security

-	EventData
			C:\Program Files\Mozilla Firefox\firefox.exe			
			HeapSpray			
			Mitigation HeapSpray 

Platform 10.0.15063/x64 v604 06_9e 
PID 15200 
Application C:\Program Files\Mozilla Firefox\firefox.exe 
Description Firefox 55.0.3
 
#00 0000023B64A86000 L00021000; CycleLen=2048; NumDetections=65
48 54 54 50 53 3A 2F 2F 53 2E 59 49 4D 47 2E 43 4F 4D 2F 5A 5A 2F 43 4F 4D 42 4F 3F 59 55 49 3A 33 2E 31 32 2E 30 2F 41 50 50 2D 54 52 41 4E 53 49 54 49 4F 4E 53 2F 41 50 50 2D 54 52 41 4E 53 49 54 49 
#01 0000023B64A65000 L00021000; CycleLen=2048; NumDetections=65
48 54 54 50 53 3A 2F 2F 53 2E 59 49 4D 47 2E 43 4F 4D 2F 5A 5A 2F 43 4F 4D 42 4F 3F 59 55 49 3A 33 2E 31 32 2E 30 2F 41 50 50 2D 54 52 41 4E 53 49 54 49 4F 4E 53 2F 41 50 50 2D 54 52 41 4E 53 49 54 49 
#02 0000023B64A44000 L00021000; CycleLen=2048; NumDetections=65
48 54 54 50 53 3A 2F 2F 53 2E 59 49 4D 47 2E 43 4F 4D 2F 5A 5A 2F 43 4F 4D 42 4F 3F 59 55 49 3A 33 2E 31 32 2E 30 2F 41 50 50 2D 54 52 41 4E 53 49 54 49 4F 4E 53 2F 41 50 50 2D 54 52 41 4E 53 49 54 49 
#03 0000023B64A23000 L00021000; CycleLen=2048; NumDetections=65
48 54 54 50 53 3A 2F 2F 53 2E 59 49 4D 47 2E 43 4F 4D 2F 5A 5A 2F 43 4F 4D 42 4F 3F 59 55 49 3A 33 2E 31 32 2E 30 2F 41 50 50 2D 54 52 41 4E 53 49 54 49 4F 4E 53 2F 41 50 50 2D 54 52 41 4E 53 49 54 49 
#04 0000023B64A02000 L00021000; CycleLen=2048; NumDetections=65
48 54 54 50 53 3A 2F 2F 53 2E 59 49 4D 47 2E 43 4F 4D 2F 5A 5A 2F 43 4F 4D 42 4F 3F 59 55 49 3A 33 2E 31 32 2E 30 2F 41 50 50 2D 54 52 41 4E 53 49 54 49 4F 4E 53 2F 41 50 50 2D 54 52 41 4E 53 49 54 49 
#05 00000223ED75B000 L00021000; CycleLen=2048; NumDetections=65
48 54 54 50 53 3A 2F 2F 53 2E 59 49 4D 47 2E 43 4F 4D 2F 5A 5A 2F 43 4F 4D 42 4F 3F 59 55 49 3A 33 2E 31 32 2E 30 2F 41 50 50 2D 54 52 41 4E 53 49 54 49 4F 4E 53 2F 41 50 50 2D 54 52 41 4E 53 49 54 49 
#06 0000023B649C8000 L00021000; CycleLen=2048; NumDetections=65
48 54 54 50 53 3A 2F 2F 53 2E 59 49 4D 47 2E 43 4F 4D 2F 5A 5A 2F 43 4F 4D 42 4F 3F 59 55 49 3A 33 2E 31 32 2E 30 2F 41 50 50 2D 54 52 41 4E 53 49 54 49 4F 4E 53 2F 41 50 50 2D 54 52 41 4E 53 49 54 49 
#07 0000023B649A7000 L00021000; CycleLen=2048; NumDetections=65
48 54 54 50 53 3A 2F 2F 53 2E 59 49 4D 47 2E 43 4F 4D 2F 5A 5A 2F 43 4F 4D 42 4F 3F 59 55 49 3A 33 2E 31 32 2E 30 2F 41 50 50 2D 54 52 41 4E 53 49 54 49 4F 4E 53 2F 41 50 50 2D 54 52 41 4E 53 49 54 49 
#08 0000023B64986000 L00021000; CycleLen=2048; NumDetections=65
48 54 54 50 53 3A 2F 2F 53 2E 59 49 4D 47 2E 43 4F 4D 2F 5A 5A 2F 43 4F 4D 42 4F 3F 59 55 49 3A 33 2E 31 32 2E 30 2F 41 50 50 2D 54 52 41 4E 53 49 54 49 4F 4E 53 2F 41 50 50 2D 54 52 41 4E 53 49 54 49 

Process Trace
1 C:\Program Files\Mozilla Firefox\firefox.exe [15200] 
2 C:\Windows\explorer.exe [8772] 
3 C:\Windows\System32\userinit.exe [3848] 
4 C:\Windows\System32\winlogon.exe [676] winlogon.exe
After updating to Firefox 55.0.3, my malware software HitmanPro.Alert immediately halts the program from running, saying that there is malware present, see below for details. I uninstalled Firefox with Revo Uninstaller Pro, rebooted, downloaded it from the Mozilla site, and installed it fresh with the same results. Running a malware scan with HitmanPro only finds tracking cookies. I repeated the whole procedure (stubborn I am) to get the same warning and inability to use Firefox. Anything I can do to be able to use my favorite browser again? Many thanks for help, Shirley --------------------------------------- Here are the details from the HitmanPro.Alert event log: <pre><nowiki>Attack intercepted Firefox 55.0.3 has been stopped due to malicious software C:\Windows\System32\winlogon.exe [676] winlogon.exe - System - Provider [ Name] HitmanPro.Alert - EventID 911 [ Qualifiers] 0 Level 2 Task 9 Keywords 0x80000000000000 - TimeCreated [ SystemTime] 2017-09-08T19:11:11.961567600Z EventRecordID 831875 Channel Application Computer LEOPARD-SAK Security - EventData C:\Program Files\Mozilla Firefox\firefox.exe HeapSpray Mitigation HeapSpray Platform 10.0.15063/x64 v604 06_9e PID 15200 Application C:\Program Files\Mozilla Firefox\firefox.exe Description Firefox 55.0.3 #00 0000023B64A86000 L00021000; CycleLen=2048; NumDetections=65 48 54 54 50 53 3A 2F 2F 53 2E 59 49 4D 47 2E 43 4F 4D 2F 5A 5A 2F 43 4F 4D 42 4F 3F 59 55 49 3A 33 2E 31 32 2E 30 2F 41 50 50 2D 54 52 41 4E 53 49 54 49 4F 4E 53 2F 41 50 50 2D 54 52 41 4E 53 49 54 49 #01 0000023B64A65000 L00021000; CycleLen=2048; NumDetections=65 48 54 54 50 53 3A 2F 2F 53 2E 59 49 4D 47 2E 43 4F 4D 2F 5A 5A 2F 43 4F 4D 42 4F 3F 59 55 49 3A 33 2E 31 32 2E 30 2F 41 50 50 2D 54 52 41 4E 53 49 54 49 4F 4E 53 2F 41 50 50 2D 54 52 41 4E 53 49 54 49 #02 0000023B64A44000 L00021000; CycleLen=2048; NumDetections=65 48 54 54 50 53 3A 2F 2F 53 2E 59 49 4D 47 2E 43 4F 4D 2F 5A 5A 2F 43 4F 4D 42 4F 3F 59 55 49 3A 33 2E 31 32 2E 30 2F 41 50 50 2D 54 52 41 4E 53 49 54 49 4F 4E 53 2F 41 50 50 2D 54 52 41 4E 53 49 54 49 #03 0000023B64A23000 L00021000; CycleLen=2048; NumDetections=65 48 54 54 50 53 3A 2F 2F 53 2E 59 49 4D 47 2E 43 4F 4D 2F 5A 5A 2F 43 4F 4D 42 4F 3F 59 55 49 3A 33 2E 31 32 2E 30 2F 41 50 50 2D 54 52 41 4E 53 49 54 49 4F 4E 53 2F 41 50 50 2D 54 52 41 4E 53 49 54 49 #04 0000023B64A02000 L00021000; CycleLen=2048; NumDetections=65 48 54 54 50 53 3A 2F 2F 53 2E 59 49 4D 47 2E 43 4F 4D 2F 5A 5A 2F 43 4F 4D 42 4F 3F 59 55 49 3A 33 2E 31 32 2E 30 2F 41 50 50 2D 54 52 41 4E 53 49 54 49 4F 4E 53 2F 41 50 50 2D 54 52 41 4E 53 49 54 49 #05 00000223ED75B000 L00021000; CycleLen=2048; NumDetections=65 48 54 54 50 53 3A 2F 2F 53 2E 59 49 4D 47 2E 43 4F 4D 2F 5A 5A 2F 43 4F 4D 42 4F 3F 59 55 49 3A 33 2E 31 32 2E 30 2F 41 50 50 2D 54 52 41 4E 53 49 54 49 4F 4E 53 2F 41 50 50 2D 54 52 41 4E 53 49 54 49 #06 0000023B649C8000 L00021000; CycleLen=2048; NumDetections=65 48 54 54 50 53 3A 2F 2F 53 2E 59 49 4D 47 2E 43 4F 4D 2F 5A 5A 2F 43 4F 4D 42 4F 3F 59 55 49 3A 33 2E 31 32 2E 30 2F 41 50 50 2D 54 52 41 4E 53 49 54 49 4F 4E 53 2F 41 50 50 2D 54 52 41 4E 53 49 54 49 #07 0000023B649A7000 L00021000; CycleLen=2048; NumDetections=65 48 54 54 50 53 3A 2F 2F 53 2E 59 49 4D 47 2E 43 4F 4D 2F 5A 5A 2F 43 4F 4D 42 4F 3F 59 55 49 3A 33 2E 31 32 2E 30 2F 41 50 50 2D 54 52 41 4E 53 49 54 49 4F 4E 53 2F 41 50 50 2D 54 52 41 4E 53 49 54 49 #08 0000023B64986000 L00021000; CycleLen=2048; NumDetections=65 48 54 54 50 53 3A 2F 2F 53 2E 59 49 4D 47 2E 43 4F 4D 2F 5A 5A 2F 43 4F 4D 42 4F 3F 59 55 49 3A 33 2E 31 32 2E 30 2F 41 50 50 2D 54 52 41 4E 53 49 54 49 4F 4E 53 2F 41 50 50 2D 54 52 41 4E 53 49 54 49 Process Trace 1 C:\Program Files\Mozilla Firefox\firefox.exe [15200] 2 C:\Windows\explorer.exe [8772] 3 C:\Windows\System32\userinit.exe [3848] 4 C:\Windows\System32\winlogon.exe [676] winlogon.exe </nowiki></pre>

Moambuepyre cor-el rupive

Ñemoĩporã poravopyre

I stumbled on a solution last night. Unrelated to this problem, I ran CCleaner, which cleared Firefox's cache, history, and cookies. After rebooting, Firefox had no Hitman alert and has been working smoothly since. I don't know why this cleared up the problem, but I'm happy.

In the meantime, I had contacted HitmanPro.Alert support. They just got back to me this morning and I passed along my experience.

Thanks so much for the responses on this forum. You guys are great.

Shirley

Emoñe’ẽ ko mbohavái ejeregua reheve 👍 1

Opaite Mbohovái (8)

more options

My apologies for posting the details above twice. Shirley

more options

This is possibly a problem with a false positive in Hitman pro.

Try to contact their support to see if they are aware of this.

We have seen more report about this software.

more options

You didn't respond to a pop-up or a page with an update alert?

more options

cor-el said

You didn't respond to a pop-up or a page with an update alert?


Checked out the article you referenced and I have definitely not responded to any fake update alerts.

more options

cor-el said

This is possibly a problem with a false positive in Hitman pro. Try to contact their support to see if they are aware of this.

I'm going to contact Hitman Pro support.

more options

If you got a legitimate update from Firefox like via "Help -> About Firefox" then you should have gotten malware or a virus and in that case it is likely a false positive. To be sure about this you should contact the Hitman website for support.

more options

Hi Shirley, I don't know why Firefox would run those Windows executables at startup. Could you try starting in Firefox's Safe Mode? In Safe Mode, Firefox temporarily deactivates extensions, hardware acceleration, and some other advanced features to help you assess whether these are causing the problem.

If Firefox is not running: Hold down the Shift key when starting Firefox.

If Firefox is running: You can restart Firefox in Safe Mode using either:

  • "3-bar" menu button > "?" button > Restart with Add-ons Disabled
  • Help menu > Restart with Add-ons Disabled

and OK the restart.

Both scenarios: A small dialog should appear. Click "Start in Safe Mode" (not Refresh).

Any improvement? (More info: Diagnose Firefox issues using Troubleshoot Mode)

more options

Ñemoĩporã poravopyre

I stumbled on a solution last night. Unrelated to this problem, I ran CCleaner, which cleared Firefox's cache, history, and cookies. After rebooting, Firefox had no Hitman alert and has been working smoothly since. I don't know why this cleared up the problem, but I'm happy.

In the meantime, I had contacted HitmanPro.Alert support. They just got back to me this morning and I passed along my experience.

Thanks so much for the responses on this forum. You guys are great.

Shirley