Possiible malware attack using Firefox
I believe that there is a malware program using Firefox as a screen. Last night (2/5/2014), I had closed Firefox when a Firefox update message popped up on my screen. It said that Firefox update 27.00.034 (or close to that) was ready to update and gave the option to "start download."
I paused immediately because this is NOT the way that I had ever had Firefox update. It actually was mimicking an original install. Of HUGE concern was that Norton 360 popped up and said that "updater.exe" was "safe." I reopened my Firefox to check the version. It showed 27.0 that my Firefox was up to date. I went back to the fake Firefox download screen that was asking me to "Accept" the terms of use. However, it also had a close box, and so I closed and immediately shut down my computer.
I have not reopened it this morning, but when I do my first action will be to find and remove updater.exe. Somehow I doubt that running a scan of the drive is going to do much since Norton 360 approved the offending program to start out with.
Is this a malware as I strongly suspect, or is it somehow a legitimate program?
My computer is a Windows laptop running Windows 7.
所有回覆 (6)
Whenever you get a message / popup that software / files need to be updated,
DO NOT USE ANY OF THE PROVIDED LINKS.
While this may be a legitimate message, it could also be Malware or a Virus.
Any time you want or need to check for upgrades,
go to the web site of the True Owner of the program in question.
For example, to check out Firefox, go to Mozilla.org
Hi FredMcD,
Thank you for responding. That is exactly what I did do. However, I could not find ANYWHERE on Mozilla (and I spent about 30 minutes trying) where it said what the latest version is. Everything that even came close was I kept ending up at "download the latest version." That was not helpful because 1. I didn't want to download Firefox, and 2. There was nothing there saying what version it was.
The only version "assurance" I had (have) is that my "About Firefox" showed the version (27.0) and "Firefox is up to date." I then checked the Firefox version on my other computer, and it too showed 27.0 and up to date.
Last night, I booted up the PC with the possible problem, and did a search for "updater.exe." There were two of them in my Mozilla folder. Frighteningly they both had the same date/time stamp, and were both the same size (270K). I deleted both of them and emptied the trash, and then ran CCleaner to get rid of temp files and clean the registry. I then ran a full scan through the Norton 360 - even though I had little hope that would help since Norton had displayed updater as a "safe" file and accepted it in the first place.
Now it is just wait and see and keep my fingers crossed.
I posted here for two reasons. 1. To get confirmation that this was either valid Firefox or it wasn't, and I still don't know. I ultimately just went with the assumption that it was malware/virus to be on the safe side (though I am relatively certain that what I did was too little too late as it was allowed by Norton to download and load in the first place).
2. To give the community a heads up that whatever this is, it is out there masquerading as Firefox. Further, it is apparently automatic, and is indistinguishable from Firefox updater.exe.
I have no idea where it came from because I did not download it and was not trying to.
I DO appreciate the advice you have given, though I have never applied this to software I use that has regular updating (like Firefox). Instead, when I get the customary Firefox upgrade prompt I select it and let it run. It would be helpful if there was an option inside Firefox to check for updates.
The only thing that threw a flag for me was that what this program did (in spite of everything else being indistinguishable) was the whole request for permission to upgrade was NOT what Firefox does. Otherwise I would have blithely selected it and gone on.
Unfortunately, the only option at Mozilla is to download the full program - not upgrade an existing install.
I would still like verification of what the most current version is (or where to find it), and whether there was really an issue here or not. And what MIGHT check for this malware/virus that Norton gave its blessing to.
Thank you again FredMcD.
The latest version is Firefox 27 (and the updater inside Firefox's about screen is safe to use, contrary to Fred's erroneous posts around this forum).
Try using the tools at Troubleshoot Firefox issues caused by malware to remove the malware from your machine.
Tyler Downer; I believe that your thought about my post is erroneous.
My post talks about pop-ups, I did not say not to use a programs own
update checker.
rowan; To check Firefox version; Firefox > Help > About Firefox.
This will tell you the current version and check for updates.
Thanks to both of you.
FredMcD, I knew you were talking about popups, but there is a popup that displays when Firefox has an update. That was what made me stop with the program that did popup. It was not the same as the one I am used to with Firefox. Maybe because I have FireFox set to update automatically, I do not have an update prompt on the menu, nor on the About screen.
Tyler, thank you for the link and the current version number. I did check the version within FF on the About window, and that it said my install was 27.0 and up-to-date. What I couldn't find was anyplace at Mozilla that listed what the current version was/is.
Thanks as well for the troubleshooting link. I will give that a try.
Hi rowan, if you find suspicious program in a Mozilla folder in the future, could you make a note of the full path? It could be in one of 3 places, perhaps more:
- Program folder
C:\Program Files (x86)\Mozilla Firefox\...
- Main data folder (hidden)
C:\Users\username\AppData\Roaming\Mozilla\Firefox\...
- Secondary data folder (hidden)
C:\Users\username\AppData\Local\Mozilla\Firefox\...