New update and new infection detected from AVG
I posted similar topic after previous update but that time I decided update and infection detection are not as connected. My previous post: https://support.mozilla.org/en-US/questions/1120200 But today after the latest update I got notification from AVG again. In my opinion this is a real problem and IS connected with the update. Screenshot attached.
It might be connected with add-on too. I have 96 and some don't have Mozilla links anymore, only links to their sites.
Modified
All Replies (13)
can you please share what's going on in the details/more info section - currently the screenshot & the threat description isn't very meaningful...
philipp said
can you please share what's going on in the details/more info section - currently the screenshot & the threat description isn't very meaningful...
Clicking More Info leads to this common page in AVG http://www.avgthreatlabs.com/eu-en/virus-and-malware-information/content/generic-virus/?name=@unknownMalware&utm_source=TDPU&utm_medium=IDP&PRTYPE=AVF
But previous time before AVG to secure it Malwarebytes found 3 Goobzo viruses and my system started fake Maintenance with 90% CPU usage.
Details have more info:
"";"General behavioral detection, C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UPDATED\FIREFOX.EXE";"Deleted";"File or Directory";"4.5.2016 г., 12:23:30" "";", C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UPDATED\FIREFOX.EXE";"Object was blocked";"Process";"4.5.2016 г., 12:23:30" "";", C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UPDATED\FIREFOX.EXE";"Object was blocked";"Process";"4.5.2016 г., 12:23:30" "";", C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UPDATED\FIREFOX.EXE";"Object was blocked";"Process";"4.5.2016 г., 12:23:30" "";", C:\Windows\SysWOW64\cmd.exe";"Object was blocked";"Process";"4.5.2016 г., 12:23:30" "";", C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe";"Object was blocked";"Process";"4.5.2016 г., 12:23:30" "";", C:\Windows\SysWOW64\rundll32.exe";"Object was blocked";"Process";"4.5.2016 г., 12:23:30" "";", C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe";"Object was blocked";"Process";"4.5.2016 г., 12:23:30" "";", C:\Windows\SysWOW64\cmd.exe";"Object was blocked";"Process";"4.5.2016 г., 12:23:30" "";", C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_21_0_0_213.exe";"Object was blocked";"Process";"4.5.2016 г., 12:23:30" "";", C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_21_0_0_213.exe";"Object was blocked";"Process";"4.5.2016 г., 12:23:30" "";", C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_21_0_0_213.exe";"Object was blocked";"Process";"4.5.2016 г., 12:23:30" "";", C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_21_0_0_213.exe";"Object was blocked";"Process";"4.5.2016 г., 12:23:30" "";", C:\Windows\System32\conhost.exe";"Object was blocked";"Process";"4.5.2016 г., 12:23:30" "";", C:\Windows\SysWOW64\typeperf.exe";"Object was blocked";"Process";"4.5.2016 г., 12:23:30" "";", C:\Windows\System32\conhost.exe";"Object was blocked";"Process";"4.5.2016 г., 12:23:30" "";", C:\Windows\SysWOW64\taskkill.exe";"Object was blocked";"Process";"4.5.2016 г., 12:23:30" "";", C:\Windows\SysWOW64\cmd.exe";"Object was blocked";"Process";"4.5.2016 г., 12:23:30" "";", C:\Windows\SysWOW64\cmd.exe";"Object was blocked";"Process";"4.5.2016 г., 12:23:30" "";", C:\Windows\System32\conhost.exe";"Object was blocked";"Process";"4.5.2016 г., 12:23:30" "";", C:\Windows\SysWOW64\typeperf.exe";"Object was blocked";"Process";"4.5.2016 г., 12:23:30" "";", C:\Windows\System32\conhost.exe";"Object was blocked";"Process";"4.5.2016 г., 12:23:30" "";", C:\Windows\SysWOW64\taskkill.exe";"Object was blocked";"Process";"4.5.2016 г., 12:23:30"
Modified
thanks - in general that folders look genuine. when firefox is downloading an automatic update, the new files will be stored "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UPDATED\" and replace the old files in the program folder once the application is restarted. i think you should primarily get in contact with avast's support about this - if this alone is detected as an abstract bad behaviour that sounds rather bad and like a common source for false positives...
philipp said
thanks - in general that folders look genuine. when firefox is downloading an automatic update, the new files will be stored "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UPDATED\" and replace the old files in the program folder once the application is restarted. i think you should primarily get in contact with avast's support about this - if this alone is detected as an abstract bad behaviour that sounds rather bad and like a common source for false positives...
I'll post a question in AVG Free forum. I'd be glad if it was just false positive. But this warning never happened before FF46. Also Goobzo and fake Maintenance scared me, if it weren't they I'd be much more calm. I mean if it only was AVG, but not Malwarebytes detection and system going strange too.
Modified
Of course its false positive, Mozilla doesnt offer update or executable with malwares.
Oxylatium said
Of course its false positive, Mozilla doesnt offer update or executable with malwares.
It is not false positive and it certainly is not from Mozilla. Most likely it is some add-on or plugin corrupted. As you can see another user has this problem too.
Modified
Just ask AVG , not a Firefox issue
Modified
Oxylatium said
Just ask AVG , not a Firefox issue
And probably to ask Malwarebytes too, about Goobzo detection, and my own PC about doing things that never did before? I know my PC well, I observe my Task Manager non-stop. Unusual action really occurred. Please, go trolling in another question. I need a real help.
Modified
I've removed the profanity from Oxylatium's post. Please read the Mozilla Support rules and guidelines, thank you. :)
I saw some scammer posted a reply, many thanks to mods that deleted their reply! Scam links are visible in the email notification but I never open from there, prefer seeing the post here.
Did you post in the AVG forum if so have you got the link please ?
I don't know whether you are aware but there are a lot of fake updates for Firefox on the internet at present. Many of the current batch are using an orange splash screen with authentic looking logos. They had .exe files but are now using .js files.
There is a related contributors discussion you may wish to glance at /forums/contributors/712056?last=69678
As you have already had one recent malware issue it may be worth scanning your computer again with all the tools listed in
And as the new fake updates are sometimes associated with a particularly dangerous and difficult to deal with Kovter Trojan you may wish to use a dedicated removal tool for that. The tool runs very quickly and either announces nothing is found or generates a short log file if it finds and removes anything.
- See and follow links and instructions from Symantec report -> tool
vessto said
I saw some scammer posted a reply, many thanks to mods that deleted their reply!
Not deleted, was marked as spam which makes it visible to only mods/admins.
John99 said
Did you post in the AVG forum if so have you got the link please ? I don't know whether you are aware but there are a lot of fake updates for Firefox on the internet at present. Many of the current batch are using an orange splash screen with authentic looking logos. They had .exe files but are now using .js files. There is a related contributors discussion you may wish to glance at /forums/contributors/712056?last=69678 As you have already had one recent malware issue it may be worth scanning your computer again with all the tools listed in And as the new fake updates are sometimes associated with a particularly dangerous and difficult to deal with Kovter Trojan you may wish to use a dedicated removal tool for that. The tool runs very quickly and either announces nothing is found or generates a short log file if it finds and removes anything.
- See and follow links and instructions from Symantec report -> tool
Yes, I asked in AVG but they sent me a ticket which I should accept so they to investigate remotely my PC. I'm still in doubt if to agree to that. I stopped responding here because now I got notifications from AVG about Opera and Opera Beta updates which widened the problem. I informed AVG about that too. I installed TOR and it has also warning everytime I just open it but imho there the problem is the deep web, not a real infection.
I always update Mozilla from About button or when it tells me there's update. I never update from the web.
First time when I got Mozilla detection and I didn't secured it thinking it is false positive. That time I got 3 infections. After that I secure every AVG detection. If 3 of my browsers have infection when update that might also mean that an extension I use in all of them is infected. I doubt this is ABP. The other extension I have in 3 is Click&Clean. Maybe my investigation should target extensions, not the same browsers which have legal updates.
Thank you for the links, will check them!