Search Support

Virustotal 3 anti-virus engines detecting FirefoxInstaller exe

  • 6 replies
  • 1 has this problem
  • 83 views
  • Last reply by Natalie

more options

I downloaded the Firefox installer from https://www.mozilla.org/en-US/firefox/download/thanks/ and scanned the file on Virustotal and 3 of the anti-virus engines detected it, 2 as trojan, 1 as malware. Here is the link to the VT scan: https://www.virustotal.com/gui/file/1f008f615561276c2c7c9dbf9ac07a0319dd7ec54d65f365d7e1cf2b5b70b216/detection. Is there a problem with this file?

All Replies (6)

more options

Hi Natalie, I have not heard of these antivirus engines before:

  • Antiy-AVL
  • Bkav
  • Jiangmin

If the small stub installer makes you nervous, do you want to check the full installer? You can download it from here:

https://www.mozilla.org/firefox/all/#product-desktop-release

The U.S. English 64-bit full installer for 73.0.1 has a detection on one engine on VirusTotal:

Someone who tested all recent versions of Firefox found Jiangmin shows the same detection for all of them: http://forums.mozillazine.org/viewtopic.php?p=14858115#p14858115

If that vendor's opinion is important to you, you'll need to inquire with them about that detection.

Helpful?

more options

Thank you for pointing that out. I searched before I asked about this here but didn't find that Mozillazine post. I was concerned that someone might have MITM'd me because I asked about this problem in another forum on a different site and a person there said that he downloaded Firefox files and didn't get any detections on Virustotal. So naturally I was worried getting 3 on the Firefox Installer. I've never heard of those anti-virus' either. So I'll verify the hashes for my Firefox downloads and install FF. Did you get those 3 detections on the FF Installer too?

Helpful?

more options

Hi Natalie, I did not test the small stub installer.

Helpful?

more options

The small stub installer needs to download the Firefox installation files from internet. Some AV software may find that suspicious and thus flag the installer despite the file being signed. If you have such AV software or otherwise want to be sure then best is to use the full installer.

Helpful?

more options

jscher2000 & cor-el,

Thanks for your info. I really appreciate it. I think I can go ahead and download the full installer, check the hash and then install Firefox now, knowing that I am not the only one that has detections for the Firefox files on Virustotal.

Helpful?

more options

cor-el said

The small stub installer needs to download the Firefox installation files from internet. Some AV software may find that suspicious and thus flag the installer despite the file being signed. If you have such AV software or otherwise want to be sure then best is to use the full installer.

Do you know what this means, I found it on the "Community" tab of the Virustotal detection scan for the 73.0.1 full installer downloaded from the link you posted above? It says this:

"#malware MIOCs - Latest Malware Analysis worldwide

  1. CodeGreenLabs

codegreen.ae"

And also on Virustotal, on the Behavior Tab:

Files Opened C:\Users\<USER>\AppData\Local\Google\Chrome\User Data\Local State C:\Users\<USER>\Searches\desktop.ini C:\Users\<USER>\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat C:\Users\<USER>\Videos\desktop.ini C:\Users\<USER>\Saved Games\desktop.ini C:\Users\desktop.ini C:\Users\<USER>\AppData\Local\Temp\7zs-sfx.pe32 C:\Users\<USER>\Pictures\desktop.ini C:\Windows\Fonts\staticcache.dat C:\Users\<USER>\Downloads\desktop.ini

I am trying to learn about what the other things on VT mean.

The hash that Virustotal gave me, d9557b6859c2872632abe36aa214cfb61e76e033bcb558fe76c28f8687f6c469, matches the hash from the mozilla hashes at https://ftp.mozilla.org/pub/firefox/releases/73.0.1/SHA256SUMS: d9557b6859c2872632abe36aa214cfb61e76e033bcb558fe76c28f8687f6c469 win64/en-US/Firefox Setup 73.0.1.exe

... if anyone's interested : )

Helpful?

Ask a question

You must log in to your account to reply to posts. Please start a new question, if you do not have an account yet.