Join the AMA (Ask Me Anything) with the Firefox leadership team to celebrate Firefox 20th anniversary and discuss Firefox’s future on Mozilla Connect. Mark your calendar on Thursday, November 14, 18:00 - 20:00 UTC!

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Trojan found in downloaded STUB file

more options

I recently downloaded Firefox Stub Installer and checked it through Anti Virus multiscanner and it reports the following:

Anity AVL Trojan/Win32.SGeneric

Cylance reports the file UNSAFE for use.

File looks ok and is digitally signed also. The only conclusion I can draw from this is Mozilla was somehow hacked or Mozilla is up to some nefarious deeds with end users. Either way I would like people to know and be aware.

I recently downloaded Firefox Stub Installer and checked it through Anti Virus multiscanner and it reports the following: Anity AVL Trojan/Win32.SGeneric Cylance reports the file UNSAFE for use. File looks ok and is digitally signed also. The only conclusion I can draw from this is Mozilla was somehow hacked or Mozilla is up to some nefarious deeds with end users. Either way I would like people to know and be aware.

Chosen solution

AntonyMagnus said

The only conclusion I can draw from this is Mozilla was somehow hacked or Mozilla is up to some nefarious deeds with end users. Either way I would like people to know and be aware.

False positives happens every so often with new major or minor Firefox versions on Windows, especially after release or update and then gets fixed in a definitions update for antivirus client.

If this trojan claim was was indeed true then this would not be the only thread and would be a hot top here, at independent mozillaZine forums and elsewhere.

Except for many years ago (15+ ?) a contrib locale build of a Firefox Release perhaps being infected as Firefox did not have other locales officially for Releases until it got to version 1.0, there has not been any official builds of Firefox for Windows, Mac OSX, or Linux that did indeed come with something like a trojan or virus or such.

Read this answer in context 👍 1

All Replies (4)

more options

If you downloaded the installer from www.mozilla.org, than it is the official installer. It was likely a false positive. I'd suggest reporting to cylance that there is a false positive, and then updating your definitions

more options

AntonyMagnus said

I recently downloaded Firefox Stub Installer and checked it through Anti Virus multiscanner and it reports the following: Anity AVL Trojan/Win32.SGeneric Cylance reports the file UNSAFE for use. File looks ok and is digitally signed also.

You did this scan on Virustotal.com ?

Cylance has been doing a false positive with Firefox versions (both stub and setup for Windows) for perhaps over a year now and I have seen Anity do false positives on virustoal also. I remember seeing comments that Cylance in this case it's detection used on site is different from the application.

Also even though the stub installer concept (for Windows) on www.mozilla.org has existed since Firefox 18.0, it still occasionally gets false positives with some antivirus clients (after a recent new major or minor version release) while the full offline setups for Windows from www.mozilla.org/firefox/all/ rarely gets false positives in comparison.

Modified by James

more options

Chosen Solution

AntonyMagnus said

The only conclusion I can draw from this is Mozilla was somehow hacked or Mozilla is up to some nefarious deeds with end users. Either way I would like people to know and be aware.

False positives happens every so often with new major or minor Firefox versions on Windows, especially after release or update and then gets fixed in a definitions update for antivirus client.

If this trojan claim was was indeed true then this would not be the only thread and would be a hot top here, at independent mozillaZine forums and elsewhere.

Except for many years ago (15+ ?) a contrib locale build of a Firefox Release perhaps being infected as Firefox did not have other locales officially for Releases until it got to version 1.0, there has not been any official builds of Firefox for Windows, Mac OSX, or Linux that did indeed come with something like a trojan or virus or such.

Modified by James

more options

Thanks for your replies, I had no idea that it was a false positive. I figured it was but to be on the safe side I submitted the file to my own AV for analysis. I also thought it would be prudent to let Mozilla know of this potential breach. The file appeared to be legit and signed, but... you never know. It also pays in the end for everybody if Mozilla reviews its security. So this could be a good thing too?.

In another side note and somewhat off topic I also downloaded Comodo Dragon browser and had similar findings. Ikarus reported infections and I also reported it to them.


Lastly yes, I did use Virus Total I do it for all files now no matter what. I also utilize OPSWAT.

Thanks again!