Recent answers to Trojan Horse installed with firefoxhttps://support.mozilla.org/ar/questions/12138822018-04-30T01:31:10-07:00Fwiw and as said, it’s most likely a(nother) false positive by ClamXav probably not worth worrying a2018-04-30T01:31:10-07:00Tonneshttps://support.mozilla.org/ar/questions/1213882#answer-1106556<p>Fwiw and as said, it’s most likely a(nother) false positive by ClamXav probably not worth worrying about. Scan results from other sources as reported above as well as the Firefox installer being downloaded from the original and trusted (Mozilla) source should indicate that. Moreover, I find 5000+ <a href="https://www.google.com/search?hl=en&amp;q=clamxav+%22false+positive%22&amp;oq=clamxav+%22false+positive%22" rel="nofollow">results</a> when searching for ClamXav and "false positive", so this issue doesn’t seem to be entirely new.
</p><p>I do appreciate the TS wants to hear back from ClamXav of course, but IMO reports by any antivirus product or its vendor should never prevail just because it’s <em>paid</em> software. The same goes for issues when running with Firefox and such products - some users even refuse to disable their security software in order to do some proper troubleshooting, only because they paid for it. Not good.
</p>Hi Pkshadow.... Thanks for the tip. I will look into it.
2018-04-30T01:03:42-07:00cosmo13https://support.mozilla.org/ar/questions/1213882#answer-1106549<p>Hi Pkshadow.... Thanks for the tip. I will look into it.
</p>VanessaKing said
I'm still waiting for more detail from ClamXav, too. The definitions should be th2018-04-27T16:52:48-07:00Pkshadowhttps://support.mozilla.org/ar/questions/1213882#answer-1105858<p><em>VanessaKing <a href="#answer-1105114" rel="nofollow">said</a></em>
</p>
<blockquote>
I'm still waiting for more detail from ClamXav, too. The definitions should be the same—even if I am using an older version—but I asked them, to be sure, and am waiting to hear back.
</blockquote>
<p>HI,fyi&nbsp;: if you upload the file to <a href="https://www.virustotal.com/" rel="nofollow">https://www.virustotal.com/</a> it is scanned by 65 anti-virus engines including ClamAV
You can also scan URL's as well it has a Search Feature.
</p>I'm still waiting for more detail from ClamXav, too. The definitions should be the same—even if I am2018-04-25T13:43:18-07:00VanessaKinghttps://support.mozilla.org/ar/questions/1213882#answer-1105114<p>I'm still waiting for more detail from ClamXav, too. The definitions should be the same—even if I am using an older version—but I asked them, to be sure, and am waiting to hear back.
</p>Thanks Tonnes, yes, updated every day.
2018-04-25T03:43:21-07:00cosmo13https://support.mozilla.org/ar/questions/1213882#answer-1104925<p>Thanks Tonnes, yes, updated every day.
</p>My bet is it’s a false positive, yet caused by one Firefox file as confirmed / suggested in this thr2018-04-25T03:37:29-07:00Tonneshttps://support.mozilla.org/ar/questions/1213882#answer-1104924<p>My bet is it’s a false positive, yet caused by one Firefox file as confirmed / suggested in <a href="https://macintouch.com/forums/showthread.php?tid=522&amp;pid=33038#pid33038" rel="nofollow">this thread</a>.
</p>
<blockquote>
"This was caused by the Firefox developers leaving a setting enabled in one of the files embedded within the Firefox.app itself. [...] The developer has pushed out a fix via virus defs. Just update your virus definitions which will prevent the detection from recurring."
</blockquote>
<p>As you update your virus definitions daily, how about commenting in that thread?
</p>Thanks Jefferson. Just an odd thing to show up after all these years and out of the blue. Still wait2018-04-25T01:33:47-07:00cosmo13https://support.mozilla.org/ar/questions/1213882#answer-1104889<p>Thanks Jefferson. Just an odd thing to show up after all these years and out of the blue. Still waiting for ClamXAV to comment.
</p>When I download the .dmg file and submit it to VirusTotal it tests clean:
https://www.virustotal.com2018-04-24T10:11:21-07:00jscher2000https://support.mozilla.org/ar/questions/1213882#answer-1104646<p>When I download the .dmg file and submit it to VirusTotal it tests clean:
</p><p><a href="https://www.virustotal.com/#/file/642a87311a0f264a165c41a3599c681e7272c2dc43a3c1f71ea632223f9a5ad5/detection" rel="nofollow">https://www.virustotal.com/#/file/642a87311a0f264a165c41a3599c681e7272c2dc43a3c1f71ea632223f9a5ad5/detection</a>
</p><p>However, I didn't extract it because I'm on Windows...
</p>Any update on this? Same issue only macOS 10.13.4 and Firefox 59.0.2. ClamXAV v2.18.1/0.100.0 (3610)2018-04-24T09:43:25-07:00cosmo13https://support.mozilla.org/ar/questions/1213882#answer-1104644<p>Any update on this? Same issue only macOS 10.13.4 and Firefox 59.0.2. ClamXAV v2.18.1/0.100.0 (3610)
</p><p>However, the machine I am on now with all of the above info has indicated nothing, but when I run the commands on it to detect the so called Flashback Trojan, I receive the following:
</p><p>Mac-Pro:~ pil13$ defaults read /Applications/Firefox.app/Contents/Info LSEnvironment
{
</p><pre> MallocNanoZone = 0;
</pre>
<p>}
Mac-Pro:~ pil13$
</p><p>Do you know if this indicated another issue, or if this is common in Firefox?
</p><p>I have contacted ClamXAV as well, but want to know why Firefox is showing this response, so I posted it here.
</p>I'm way ahead of you. I uninstalled it immediately after getting the alert and I've opened a ticket 2018-04-15T02:21:59-07:00VanessaKinghttps://support.mozilla.org/ar/questions/1213882#answer-1101288<p>I'm way ahead of you. I uninstalled it immediately after getting the alert and I've opened a ticket with ClamXav.
</p><p>I'll update this when I hear back, thanks.
</p>VanessaKing said
Thanks… No, it's another page, close but:
https://www.mozilla.org/en-US/firefox/2018-04-15T02:13:02-07:00Happy112https://support.mozilla.org/ar/questions/1213882#answer-1101285<p><em>VanessaKing <a href="#answer-1101274" rel="nofollow">said</a></em>
</p>
<blockquote>
Thanks… No, it's another page, close but:
<a href="https://www.mozilla.org/en-US/firefox/releases/" rel="nofollow">https://www.mozilla.org/en-US/firefox/releases/</a>
</blockquote>
<p>Nothing wrong with that page.
</p><p>But if it would set your mind at ease, maybe you could uninstall the previously downloaded version and download from here&nbsp;:
</p><p><a href="https://www.mozilla.org/en-US/firefox/all/?q=English%20(British)" rel="nofollow">https://www.mozilla.org/en-US/firefox/all/?q=English%20(British)</a>
</p><p>And/or maybe contact ClamXAV Sentry Support&nbsp;:
</p><p><a href="https://www.clamxav.com/support/" rel="nofollow">https://www.clamxav.com/support/</a>
</p>Thanks… No, it's another page, close but:
https://www.mozilla.org/en-US/firefox/releases/
2018-04-15T01:20:00-07:00VanessaKinghttps://support.mozilla.org/ar/questions/1213882#answer-1101274<p>Thanks… No, it's another page, close but:
</p><p><a href="https://www.mozilla.org/en-US/firefox/releases/" rel="nofollow">https://www.mozilla.org/en-US/firefox/releases/</a>
</p>VanessaKing said
I think the page my download originated from was the page that has all of the lat2018-04-14T21:43:59-07:00Happy112https://support.mozilla.org/ar/questions/1213882#answer-1101222<p><em>VanessaKing <a href="#answer-1101218" rel="nofollow">said</a></em>
</p>
<blockquote>
I think the page my download originated from was the page that has all of the latest versions of FF.
</blockquote>
<p>So does this page&nbsp;:
</p><p><a href="https://www.mozilla.org/firefox/all/" rel="nofollow">https://www.mozilla.org/firefox/all/</a>
</p><p>I just thought I'd make it easier on you by selecting your language ......
</p>Downloads from the Mozilla CDN server should be fine.
You can verify the file by using the KEY and c2018-04-14T21:34:23-07:00cor-elhttps://support.mozilla.org/ar/questions/1213882#answer-1101220<p>Downloads from the Mozilla CDN server should be fine.
</p><p>You can verify the file by using the KEY and checksum file.
</p>
<ul><li><a href="https://download-installer.cdn.mozilla.net/pub/firefox/releases/59.0.2/" rel="nofollow">https://download-installer.cdn.mozilla.net/pub/firefox/releases/59.0.2/</a>
</li><li><a href="/questions/1020249" rel="nofollow">/questions/1020249</a> How to use the SHA512SUMS.ASC
</li></ul>Sorry, to clarify, I downloaded FF from mozilla.org and the installer link I included earlier is the2018-04-14T21:29:45-07:00VanessaKinghttps://support.mozilla.org/ar/questions/1213882#answer-1101218<p>Sorry, to clarify, I downloaded FF from <a href="http://mozilla.org" rel="nofollow">mozilla.org</a> and the installer link I included earlier is the same as the one I got just now from the link you sent—thanks anyhow.
</p><p>I think the page my download originated from was the page that has all of the latest versions of FF.
</p><p>The resulting download is the same, though:
<a href="https://download-installer.cdn.mozilla.net/pub/firefox/releases/59.0.2/mac/en-GB/Firefox%2059.0.2.dmg" rel="nofollow">https://download-installer.cdn.mozilla.net/pub/firefox/releases/59.0.2/mac/en-GB/Firefox%2059.0.2.dmg</a>
</p>Hi,
It's best to download Firefox from here :
https://www.mozilla.org/en-US/firefox/all/?q=En2018-04-14T21:23:29-07:00Happy112https://support.mozilla.org/ar/questions/1213882#answer-1101216<p>Hi,
</p><p>It's best to download Firefox from here&nbsp;:
</p><p><a href="https://www.mozilla.org/en-US/firefox/all/?q=English%20(British)" rel="nofollow">https://www.mozilla.org/en-US/firefox/all/?q=English%20(British)</a>
</p>