Immediately after upgrading to Firefox 6.0, I got a trojan virus in a file called Motive Client.
The virus is called Trojan Horse generic24.TSU. AVG spotted the virus and moved it to it's virus vault but the folder remains. Is this folder relative to Firefox?
Additional System Details
Just once or twice
This started when...
Firefox 6.0 was upgraded
- Office Plugin for Netscape Navigator
- NPRuntime Script Plug-in Library for Java(TM) Deploy
- Adobe PDF Plug-In For Firefox and Netscape 10.1.0
- The QuickTime Plugin allows you to view a wide variety of multimedia content in Web pages. For more information, visit the QuickTime Web site.
- The Hulu Desktop Plugin allows Hulu.com to integrate with the Hulu Desktop application.
- Shockwave Flash 10.3 r183
- iTunes Detector Plug-in
- Next Generation Java Plug-in 1.6.0_26 for Mozilla browsers
- Motive Plugin for Mozilla Browsers
- User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:6.0) Gecko/20100101 Firefox/6.0
my AVG software detected this same virus today; but i have *not* upgraded: i'm running 5.0
i think this has something to do w/ my ISP (at&t); one of the infected files was ATT-SST_Installer, which makes the second time i've gotten a trojan from ATT-identified tools; the first time was immediately after at&t auto-installed a wireless setup tool, which AVG later identified as a backdoor generic trojan
also, my google searches are being redirected on the "at&t powered by yahoo" server " -- even the mail link on my email account on this yahoo portal would redirect to at&t/yahoo search results http://search.yahoo.com/404handler?... with the same weird search terms inserted [i.e., 'us lrd yahoo! ahrc buy dale'] very consistently; now when it happens the search terms are 'my yahoo! mail' which at least make sense, but does not diminish my concern about/suspicion of this partnership
Modified by cjjenssen
Thanks for your help. Your adventure seemed to be the same as mine so I called ATT - my carrier, as well - and they confirmed that the file Motive Client was one they installed to help us solve our problems without bothering their tech guys and I can delete it without a problem. Thanks again.
Trojan Generic24 Removal tip
PLEASE NOTE: The latest versions of this trojan including generic24.cgol are extremely dangerous and if not stopped immediately may require a full re-install of Windows OS. Files and data may also be lost.
Generic 24 can infect FireFox, and creates a folder in C:\Documents and Settings\Username\Application Data\Mozilla with additional virus components. If Firefox has been infected (this happened to me)
- Basic removal must be done in SAFE MODE!
- Turn off system restore first!
- run your AV software
- Uninstall FireFox
- Find the Folder Mozilla as mentioned and DELETE this folder
- Edit Windows Registry to remove all references to Mozilla, Firefox and Generic24, and any other files the anti virus scan found!
- Perform another Anti Virus scan
Re-install the best browser available: Firefox
If the virus is found in other folders - uninstall any applications associated with the folder, and proceed as above!
Please also read the supporting article links here - they will be updated as I get more info on this latest threat
Do not leave this virus - it will cause a lot of damage - it must be removed urgently
Early removal tips: http://graphiclineweb.wordpress.com/2.../trojan_generic24/
More information is also available on my website link text
I am will post further information and technical support articles as they become available on both my sites
Modified by graphiclineweb