X
Tap here to go to the mobile version of the site.
Your Firefox is out of date and may contain a security risk! Upgrade Firefox

Support Forum

Immediately after upgrading to Firefox 6.0, I got a trojan virus in a file called Motive Client.

Posted

The virus is called Trojan Horse generic24.TSU. AVG spotted the virus and moved it to it's virus vault but the folder remains. Is this folder relative to Firefox?

Additional System Details

This happened

Just once or twice

This started when...

Firefox 6.0 was upgraded

Installed Plug-ins

  • Office Plugin for Netscape Navigator
  • 1.9.0042.0
  • NPRuntime Script Plug-in Library for Java(TM) Deploy
  • Adobe PDF Plug-In For Firefox and Netscape 10.1.0
  • The QuickTime Plugin allows you to view a wide variety of multimedia content in Web pages. For more information, visit the QuickTime Web site.
  • The Hulu Desktop Plugin allows Hulu.com to integrate with the Hulu Desktop application.
  • Shockwave Flash 10.3 r183
  • iTunes Detector Plug-in
  • Next Generation Java Plug-in 1.6.0_26 for Mozilla browsers
  • 4.0.60531.0
  • NPWLPG
  • Motive Plugin for Mozilla Browsers

Application

  • User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:6.0) Gecko/20100101 Firefox/6.0

More Information

cjjenssen 0 solutions 1 answers

Helpful Reply

my AVG software detected this same virus today; but i have *not* upgraded: i'm running 5.0

i think this has something to do w/ my ISP (at&t); one of the infected files was ATT-SST_Installer, which makes the second time i've gotten a trojan from ATT-identified tools; the first time was immediately after at&t auto-installed a wireless setup tool, which AVG later identified as a backdoor generic trojan

also, my google searches are being redirected on the "at&t powered by yahoo" server " -- even the mail link on my email account on this yahoo portal would redirect to at&t/yahoo search results http://search.yahoo.com/404handler?... with the same weird search terms inserted [i.e., 'us lrd yahoo! ahrc buy dale'] very consistently; now when it happens the search terms are 'my yahoo! mail' which at least make sense, but does not diminish my concern about/suspicion of this partnership

Modified by cjjenssen

Question owner

Thanks for your help. Your adventure seemed to be the same as mine so I called ATT - my carrier, as well - and they confirmed that the file Motive Client was one they installed to help us solve our problems without bothering their tech guys and I can delete it without a problem. Thanks again.

graphiclineweb 0 solutions 1 answers

Trojan Generic24 Removal tip

PLEASE NOTE: The latest versions of this trojan including generic24.cgol are extremely dangerous and if not stopped immediately may require a full re-install of Windows OS. Files and data may also be lost.

Generic 24 can infect FireFox, and creates a folder in C:\Documents and Settings\Username\Application Data\Mozilla with additional virus components. If Firefox has been infected (this happened to me)

  • Basic removal must be done in SAFE MODE!
  • Turn off system restore first!
  • run your AV software
  • Uninstall FireFox
  • Find the Folder Mozilla as mentioned and DELETE this folder
  • Edit Windows Registry to remove all references to Mozilla, Firefox and Generic24, and any other files the anti virus scan found!
  • Perform another Anti Virus scan

Re-install the best browser available: Firefox

If the virus is found in other folders - uninstall any applications associated with the folder, and proceed as above!

Please also read the supporting article links here - they will be updated as I get more info on this latest threat

Do not leave this virus - it will cause a lot of damage - it must be removed urgently

Supporting articles:

Early removal tips: http://graphiclineweb.wordpress.com/2.../trojan_generic24/

More information is also available on my website link text

I am will post further information and technical support articles as they become available on both my sites

Modified by graphiclineweb