Firefox.exe suddenly only 2 KB (and IE 1 KB) & flagged up as malware
On January 13 (2015), I was surprised to find my Kaspersky anti-virus software (Pure 3.0 at the time) flagging up the following as malware (trojan):
firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe HEUR:Trojan.WinLNK.StartPage.gena iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe HEUR:Trojan.WinLNK.StartPage.gena eBay Sidebar for Firefox.lnk C:\Users\David\Desktop\eBay Sidebar for Firefox.lnk HEUR:Trojan.WinLNK.StartPage.gena
I followed the instructions to quarantine and re-boot. No problem. After re-boot, I could not access Firefox and discovered that it had indeed been quarantined - along with IE (which I rarely use) and eBay Sidebar for Firefox (which I haven't used in a long time). On restoring these, they are again identified as malware. Further investigation revealed that firefox.exe was only 2 KB in size - and IE was only 1KB.
Kaspersky advised to upgrade to Total Security, which I did and this stopped identifying the files as malware. Full virus checks, including from safe mode, revealed nothing. Running a suite of recommended anti-malware programs did pick up a limited number of bits and pieces (and which I deleted) that Kaspersky didn't, although my research on the net points to them all being the kind of things that produce unwanted adverts on browsers .... not anything that would wipe or rename programs (I didn't see any unwanted ads, though, possibly because of my settings in Firefox, Kaspersky and NoScript).
Kaspersky feels firefox.exe was corrupted (well at 2 KB, it's certainly not right) - although what corrupted it is another question. All other files in \Mozilla Firefox seem to be there, and I have no issues with any other software or files on my PC (just these three). Yet the same thing happened to IE at the same time. That makes a failing hard drive very unlikely indeed - but it does make me suspicious that there was *something* that deliberately did this, which Kaspersky did not pick up. However it would be unusual for decent anti-virus software like Kaspersky to miss something. Further, the same issue should have been occurring widely around the same time, because if everyone around the world were losing their browsers it would have made the news - not to mention advertising malware that corrupts both browsers being rather self-defeating!!
Incidentally, the desktop shortcuts have been replaced by the default Windows icon for programs that don't have a custom-made shortcut. And clicking on what was the Firefox shortcut opens a DOS box, that closes immediately; IE does the same but a "16 bit MS DOS Subsystem" error box appears (those were the days!) with: C:\Users\Public\Desktop\Internet Explorer.lnk The NTVDM CPU has encountered an illegal instruction. CS: 123f IP:012d OP: 8f af 9f 6e ba Choose 'Close' to terminate this application. [Clicking 'close' or 'ignore' both close the DOS box - and that's it. No virus or anything similar is picked up and four anti-malware programs I'm using now show my system to be clean]
So my questions are: (1) Any thoughts as to what happened? (2) I need to get Firefox working again. Can I simply copy firefox.exe from another machine and replace the existing 2 KB firefox.exe, and everything should be fine, as it was before .... or is it not as simple as that?? (I understand Firefox keeps preferences, etc., in separate files).
Thanks in advance for any comments.
Dave
Chosen solution
Sorry you have had this problem
It my be possible and work if you overwrite the problem firefox.exe
However that could cause problems and the usual solution would be to download and install Firefox again from an official site, and using a clean install involving deleting the existing program files. (CARE leave the Firefox profile folders and files alone. In fact it would be worthwhile, as a belts braces precaution; locating and backing them up first )
- See Firefox keeps crashing at startup_try-a-clean-install
- Back up and restore information in Firefox profiles
- Profiles - Where Firefox stores your bookmarks, passwords and other user data_finding-your-profile-without-opening-firefox
As for what happened, you have given a well reasoned and intelligent summary but after the event it is going to be almost impossible to pin it down. Sometimes AV does flag false positives especially temporarily &/Or if not fully updated.
Clean Reinstall
Certain Firefox problems can be solved by performing a Clean reinstall. This means you remove Firefox program files and then reinstall Firefox. Please follow these steps:
Note: You might want to print these steps or view them in another browser.
- Download the latest Desktop version of Firefox from mozilla.org (or choose the download for your operating system and language from this page) and save the setup file to your computer.
- After the download finishes, close all Firefox windows (or open the Firefox menu
and click the close button 
).
- Delete the Firefox installation folder, which is located in one of these locations, by default:
- Windows:
- C:\Program Files\Mozilla Firefox
- C:\Program Files (x86)\Mozilla Firefox
- Mac: Delete Firefox from the Applications folder.
- Linux: If you installed Firefox with the distro-based package manager, you should use the same way to uninstall it - see Install Firefox on Linux. If you downloaded and installed the binary package from the Firefox download page, simply remove the folder firefox in your home directory.
- Windows:
- Now, go ahead and reinstall Firefox:
- Double-click the downloaded installation file and go through the steps of the installation wizard.
- Once the wizard is finished, choose to directly open Firefox after clicking the Finish button.
More information about reinstalling Firefox can be found here.
WARNING: Do not use a third party uninstaller as part of this process. Doing so could permanently delete your Firefox profile data, including but not limited to, extensions, cache, cookies, bookmarks, personal settings and saved passwords. These cannot be easily recovered unless they have been backed up to an external device!
Read this answer in context 👍 1All Replies (4)
Chosen Solution
Sorry you have had this problem
It my be possible and work if you overwrite the problem firefox.exe
However that could cause problems and the usual solution would be to download and install Firefox again from an official site, and using a clean install involving deleting the existing program files. (CARE leave the Firefox profile folders and files alone. In fact it would be worthwhile, as a belts braces precaution; locating and backing them up first )
- See Firefox keeps crashing at startup_try-a-clean-install
- Back up and restore information in Firefox profiles
- Profiles - Where Firefox stores your bookmarks, passwords and other user data_finding-your-profile-without-opening-firefox
As for what happened, you have given a well reasoned and intelligent summary but after the event it is going to be almost impossible to pin it down. Sometimes AV does flag false positives especially temporarily &/Or if not fully updated.
Clean Reinstall
Certain Firefox problems can be solved by performing a Clean reinstall. This means you remove Firefox program files and then reinstall Firefox. Please follow these steps:
Note: You might want to print these steps or view them in another browser.
- Download the latest Desktop version of Firefox from mozilla.org (or choose the download for your operating system and language from this page) and save the setup file to your computer.
- After the download finishes, close all Firefox windows (or open the Firefox menu and click the close button ).
- Delete the Firefox installation folder, which is located in one of these locations, by default:
- Windows:
- C:\Program Files\Mozilla Firefox
- C:\Program Files (x86)\Mozilla Firefox
- Mac: Delete Firefox from the Applications folder.
- Linux: If you installed Firefox with the distro-based package manager, you should use the same way to uninstall it - see Install Firefox on Linux. If you downloaded and installed the binary package from the Firefox download page, simply remove the folder firefox in your home directory.
- Windows:
- Now, go ahead and reinstall Firefox:
- Double-click the downloaded installation file and go through the steps of the installation wizard.
- Once the wizard is finished, choose to directly open Firefox after clicking the Finish button.
More information about reinstalling Firefox can be found here.
WARNING: Do not use a third party uninstaller as part of this process. Doing so could permanently delete your Firefox profile data, including but not limited to, extensions, cache, cookies, bookmarks, personal settings and saved passwords. These cannot be easily recovered unless they have been backed up to an external device!
DaveFF said
On January 13 (2015), I was surprised to find my Kaspersky anti-virus software (Pure 3.0 at the time) flagging up the following as malware (trojan): firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe HEUR:Trojan.WinLNK.StartPage.gena iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe HEUR:Trojan.WinLNK.StartPage.gena eBay Sidebar for Firefox.lnk C:\Users\David\Desktop\eBay Sidebar for Firefox.lnk HEUR:Trojan.WinLNK.StartPage.gena <snip>
Dave
I do not use Kaspersky, but I wonder if that sort of error is a report that a Heuristics check has detected incorrect startup or links, possibly something redirecting browsers to some wrong site, or redirecting links for a browser executable to some false file.
Possibly asking on Kaspersky's own site or some security forum will give you the answer.
Hi John, thanks for the suggestions.
I overwrote the problematic firefox.exe but that didn't work, there was an error message basically saying version 34.0.5 wasn't compatible with 34.0. Evidently some of the files left over were version-specific; maybe it would have worked if the versions were exactly the same.
I backed everything up, did an uninstall, downloaded the latest version of Firefox (now 35.0.1) on another machine, transferred it via USB stick and copied it on to the desk-top.
The installation went fine and it also seamlessly picked up my bookmarks, add-ons, preferences, saved passwords, etc. (phew!!).
Looking at all the evidence, I am inclined to believe that Kaspersky took out both Firefox and IE after erroneously thinking they were infected files. Possibly the disinfection process ripped out the guts of both .exe's and when it still thought they were infected the files were quarantined.
Interesting they advised that by upgrading from Pure 3.0 to Total Security, firefox.exe and IE would not be picked up as malicious (while there were regular automatic updates, unfortunately no update advised that Pure had been superseded by Total Security).
I've now found some similar reports on the net of AV software giving false positives on Firefox 34.0 & 34.0.5, for example in a post dated December 4th 2014 here .... this apparently extending to IE in my case (I've not searched extensively, so there may well be more reports out there). However that it's not being reported widely suggests there are a very specific set of circumstances needed to trigger the false positives. For example, I also have Kaspersky Pure 3.0 and Firefox on another machine but there have been no issues - however that is running Windows 7, not Vista on which I had the problem.
Thanks again for your suggestions, much appreciated!
Dave
Download Firefox Full Installer For All languages And Systems {web link} Save the file. Then;
Using your file browser, open the Programs folder on your computer.
Windows: C:\Program Files C:\Program Files (x86) Mac: Open the "Applications" folder. Linux: Check your user manual.
Look for, and rename any Mozilla and Firefox folders by adding .old to them.
Now run the full installer. If all goes well, remove the OLD folders when you are done.