X
Tap here to go to the mobile version of the site.

Support Forum

Download upgrade file Firefox_setup.exe 873 kb, Setup Manager, Optimum Installer, from other than mozilla, did I just infect my pc?

Posted

I was browsing using Firefox, on bing, went to Amtrack web site. Pop up came up saying firefox was out of date. When I ran the down loaded file it had too many extra programs. Which I declined on. But it ran for a while. When I restarted firefox, the screen told me I was out of date, which I did. But what did I down load and run just before the real up date?

File name: Firefox_setup.exe Size: 873KB Under file properties Company: SetupManager Name of Signer: Optimum Installer

Very concerned, please advise, and be aware of the hack

I was browsing using Firefox, on bing, went to Amtrack web site. Pop up came up saying firefox was out of date. When I ran the down loaded file it had too many extra programs. Which I declined on. But it ran for a while. When I restarted firefox, the screen told me I was out of date, which I did. But what did I down load and run just before the real up date? File name: Firefox_setup.exe Size: 873KB Under file properties Company: SetupManager Name of Signer: Optimum Installer Very concerned, please advise, and be aware of the hack

Additional System Details

Installed Plug-ins

  • Shockwave Flash 11.7 r700
  • Google Update
  • Adobe PDF Plug-In For Firefox and Netscape 10.1.7
  • GEPlugin
  • 5.1.20125.0
  • NPRuntime Script Plug-in Library for Java(TM) Deploy
  • Adobe Shockwave for Director Netscape plug-in, version 11.6.5.635
  • The QuickTime Plugin allows you to view a wide variety of multimedia content in Web pages. For more information, visit the QuickTime Web site.
  • Windows Presentation Foundation (WPF) plug-in for Mozilla browsers
  • DRM Netscape Network Object
  • Npdsplay dll
  • DRM Store Netscape Plugin
  • Windows Multimedia Services DRM Store Plug-In

Application

  • Firefox 21.0
  • User Agent: Mozilla/5.0 (Windows NT 5.1; rv:21.0) Gecko/20100101 Firefox/21.0
  • Support URL: http://support.mozilla.org/1/firefox/21.0/WINNT/en-US/

Extensions

  • Adblock Plus 2.2.4 ({d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d})
  • DataJog for webOS 1.1 (jid0-o60PbW5A6zrBSAZATy90sE99FPc@jetpack)
  • Troubleshooter 1.1a (troubleshooter@mozilla.org)
  • Yahoo! Toolbar 2.6.0.20130418072822 ({635abd67-4fe9-1b23-4f01-e679fa7484c1})
  • Ask Toolbar 3.15.15.35882 (toolbar@ask.com) (Inactive)
  • HP Smart Web Printing 4.5 (smartwebprinting@hp.com) (Inactive)
  • Microsoft .NET Framework Assistant 0.0.0 ({20a82645-c095-46ed-80e3-08825760534b}) (Inactive)

Javascript

  • incrementalGCEnabled: True

Graphics

  • adapterDescription: Intel(R) 82845G/GL/GE/PE/GV Graphics Controller
  • adapterDescription2:
  • adapterDeviceID: 0x2562
  • adapterDeviceID2:
  • adapterDrivers: ialmrnt5
  • adapterDrivers2:
  • adapterRAM: Unknown
  • adapterRAM2:
  • adapterVendorID: 0x8086
  • adapterVendorID2:
  • direct2DEnabled: False
  • direct2DEnabledMessage: [u'blockedDriver']
  • directWriteEnabled: False
  • directWriteVersion: 0.0.0.0
  • driverDate: 4-15-2003
  • driverDate2:
  • driverVersion: 6.13.10.3510
  • driverVersion2:
  • info: {u'AzureCanvasBackend': u'skia', u'AzureFallbackCanvasBackend': u'cairo', u'AzureContentBackend': u'none'}
  • isGPU2Active: False
  • numAcceleratedWindows: 0
  • numAcceleratedWindowsMessage: [u'']
  • numTotalWindows: 2
  • webglRendererMessage: [u'']
  • windowLayerManagerType: Basic

Modified Preferences

  • browser.cache.disk.capacity: 358400
  • browser.cache.disk.smart_size.first_run: False
  • browser.cache.disk.smart_size.use_old_max: False
  • browser.cache.disk.smart_size_cached_value: 358400
  • browser.places.smartBookmarksVersion: 4
  • browser.startup.homepage: http://www.ask.com/?l=dis&o=102808&gct=hp
  • browser.startup.homepage_override.buildID: 20130511120803
  • browser.startup.homepage_override.mstone: 21.0
  • dom.w3c_touch_events.expose: False
  • extensions.lastAppVersion: 21.0
  • network.cookie.prefsMigrated: True
  • places.database.lastMaintenance: 1371606436
  • places.history.expiration.transient_current_max_pages: 53635
  • plugin.disable_full_page_plugin_for_types: application/pdf
  • privacy.sanitize.migrateFx3Prefs: True
  • security.warn_viewing_mixed: False

Misc

  • User JS: No
  • Accessibility: No
david_winiecki 0 solutions 7 answers

Helpful Reply

I am not a security expert, but until you get a more detailed answer from someone else, please make sure you have a good antivirus program (like Microsoft Security Essentials http://windows.microsoft.com/en-us/windows/security-essentials-download) installed.

Out of curiosity, do you know the URL for the Amtrack website you were on?

I am not a security expert, but until you get a more detailed answer from someone else, please make sure you have a good antivirus program (like Microsoft Security Essentials http://windows.microsoft.com/en-us/windows/security-essentials-download) installed. Out of curiosity, do you know the URL for the Amtrack website you were on?
david_winiecki 0 solutions 7 answers

Helpful Reply

It looks like you wanted amtrak, not amtrack.

It looks like you wanted amtrak, not amtrack.
cor-el
  • Top 10 Contributor
  • Moderator
12118 solutions 112638 answers

You should never respond to such a pop-up to update a program, but always go to its own website to get the latest updates.
If you respond to such a pop-up on a web page then this may always be an effort to infect you with malware.


Do a malware check with some malware scanning programs on the Windows computer.
Please scan with all programs because each program detects different malware.

Make sure that you update each program to get the latest version of their databases before doing a scan.

You can also do a check for a rootkit infection with TDSSKiller.

See also:

You should never respond to such a pop-up to update a program, but always go to its own website to get the latest updates.<br /> If you respond to such a pop-up on a web page then this may always be an effort to infect you with malware. ----- Do a malware check with some malware scanning programs on the Windows computer.<br> Please scan with all programs because each program detects different malware. Make sure that you update each program to get the latest version of their databases before doing a scan. *Malwarebytes' Anti-Malware:<br>http://www.malwarebytes.org/mbam.php *SuperAntispyware:<br>http://www.superantispyware.com/ *Microsoft Safety Scanner:<br>http://www.microsoft.com/security/scanner/en-us/default.aspx *Windows Defender: Home Page:<br>http://www.microsoft.com/windows/products/winfamily/defender/default.mspx *Spybot Search & Destroy:<br>http://www.safer-networking.org/en/index.html *AdwCleaner:<br>http://www.bleepingcomputer.com/download/adwcleaner/<br>http://www.softpedia.com/get/Antivirus/Removal-Tools/AdwCleaner.shtml *Kasperky Free Security Scan:<br>http://www.kaspersky.com/security-scan You can also do a check for a rootkit infection with TDSSKiller. *Anti-rootkit utility TDSSKiller:<br>http://support.kaspersky.com/5350?el=88446 See also: *"Spyware on Windows": http://kb.mozillazine.org/Popups_not_blocked
James
  • Top 25 Contributor
  • Moderator
640 solutions 4770 answers

This a earlier upload I did of of same file. https://www.virustotal.com/en/file/6b4ad5d27c24539fb5577b38f56b49cdbe1caa247184752193b45a6fa5ecc14a/analysis/1371096292/ Detection ratio: 12 / 47

The tiny file size should have been a big clue in that it was not a full Firefox setup download from Mozilla.org

This a earlier upload I did of of same file. https://www.virustotal.com/en/file/6b4ad5d27c24539fb5577b38f56b49cdbe1caa247184752193b45a6fa5ecc14a/analysis/1371096292/ Detection ratio: 12 / 47 The tiny file size should have been a big clue in that it was not a full Firefox setup download from Mozilla.org