X
Tap here to go to the mobile version of the site.

Support Forum

Urgent! Updates for Firefox had viruses in them please help!

Posted

My updates are automatically set to update on their own with Firefox. As soon as they were done my anti-virus notified me that I had one Trojan virus and 2 others. Please help!

My updates are automatically set to update on their own with Firefox. As soon as they were done my anti-virus notified me that I had one Trojan virus and 2 others. Please help!

Additional System Details

Application

  • User Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 6_0 like Mac OS X) AppleWebKit/536.26 (KHTML, like Gecko) Version/6.0 Mobile/10A403 Safari/8536.25

More Information

philipp
  • Top 25 Contributor
  • Moderator
5315 solutions 23477 answers

hello, it's highly unlikely that this problem has been related to a genuine firefox update. for some general advice on how to deal with malware please refer to the following article: Troubleshoot Firefox issues caused by malware

hello, it's highly unlikely that this problem has been related to a genuine firefox update. for some general advice on how to deal with malware please refer to the following article: [[Troubleshoot Firefox issues caused by malware]]

Question owner

I'm sorry, but this absolutely did happen. I looked at the last items that downloaded on my computer and those updates were the last ones. Also, it happened within 1 minute of the updates finishing.

I'm sorry, but this absolutely did happen. I looked at the last items that downloaded on my computer and those updates were the last ones. Also, it happened within 1 minute of the updates finishing.

Question owner

Screenshot below as my full scan was running.

Screenshot below as my full scan was running.
the-edmeister
  • Top 25 Contributor
  • Moderator
5406 solutions 40246 answers

Exactly what is Microsoft Essentials "flagging" as a Trojan virus and two others?
Is MSE up to date?

We have had no other such message about Tuesday's update. If that alert is related to the Firefox update, it should be considered a false positive, and Microsoft should be contacted.

Exactly what is Microsoft Essentials "flagging" as a ''Trojan virus and two others''? <br /> Is MSE up to date? We have had no other such message about Tuesday's update. If that alert is related to the Firefox update, it should be considered a false positive, and Microsoft should be contacted.

Question owner

I'm trying to let you know that something serious has happened, yet you treat me as if I have no idea as to what I am doing. Actually, all my software was updated about 6 hours previously. Also, my husband is a Tech Lead Tier 5 for a major IT Company. He can build computers from the guts up. All of our computers connect through our own network server and that is backed up by a 2.0 TB drive as well. Rest assured that everything is up to date. I guess I'm going to have to get you a report just so you can believe me. I don't appreciate the way you make me feel.

I'm trying to let you know that something serious has happened, yet you treat me as if I have no idea as to what I am doing. Actually, all my software was updated about 6 hours previously. Also, my husband is a Tech Lead Tier 5 for a major IT Company. He can build computers from the guts up. All of our computers connect through our own network server and that is backed up by a 2.0 TB drive as well. Rest assured that everything is up to date. I guess I'm going to have to get you a report just so you can believe me. I don't appreciate the way you make me feel.
ideato 893 solutions 6250 answers

Hello, sorry but the the screenshot said Firefox_setup_16.0.2 !!!! ? ? ?

thank you

Hello, sorry but the the screenshot said Firefox_setup_16.0.2 !!!! ? ? ? thank you
James
  • Top 25 Contributor
  • Moderator
1598 solutions 11291 answers

The current update for Firefox is 22.0 and not the old 16.0.2 as can be seen on Mozilla.org

Other than a certain local contrib build many many years ago, no release of Firefox from Mozilla.org has ever been proven to have a virus/trogan or such as it pretty much ended up being a false positive which was fixed by a update in antivirus. Now if this Firefox setup was downloaded from some random unofficial place then it is possible in being infected.

The current update for Firefox is 22.0 and not the old 16.0.2 as can be seen on Mozilla.org Other than a certain local contrib build many many years ago, no release of Firefox from Mozilla.org has ever been proven to have a virus/trogan or such as it pretty much ended up being a false positive which was fixed by a update in antivirus. Now if this Firefox setup was downloaded from some random unofficial place then it is possible in being infected.

Modified by James

the-edmeister
  • Top 25 Contributor
  • Moderator
5406 solutions 40246 answers

Sorry, we're not trying to diminish your issue, but not one other Firefox user has mentioned a problem like that. And, no one said they didn't believe you.

If you could give us the name of the Trojan virus and the other two files, and the location of those files on your hard drive as per what MSE reported, and we can start investigating your issue.

Sorry, we're not trying to diminish your issue, but not one other Firefox user has mentioned a problem like that. And, no one said they didn't believe you. If you could give us the name of the Trojan virus and the other two files, and the location of those files on your hard drive as per what MSE reported, and we can start investigating your issue.
philipp
  • Top 25 Contributor
  • Moderator
5315 solutions 23477 answers

ideato, when i'm not mistaken the screenshot even shows Firefox_Setup_to.0.2 [1].exe which is a file name that certainly doesn't come from any of mozilla's servers...

@snoopyfan6200, i'm sorry that our replies made you feel that way. however, we're just trying to give you information to the best of our avail. were not doubting the problem you're having, however the source of the problem might be a different one than you think.
there are fake sites/pop-ups out there that imposter an update notification and trick you into installing malicious software disguised as firefox (or anything else with a brand name with high recognition). in case you could still reconstruct from your history or download history from where this file has been downloaded it would be helpful if you could provide this information. you could also report such a site yourself at https://www.mozilla.org/en-US/legal/fraud-report/ so that further action might be taken by mozilla.

a general notice: updates are handled automatically by firefox so you don't have to download anything. you can always trigger updates within the firefox program by going to firefox > help > about firefox...

ideato, when i'm not mistaken the screenshot even shows ''Firefox_Setup_to.0.2 [1].exe'' which is a file name that certainly doesn't come from any of mozilla's servers... @snoopyfan6200, i'm sorry that our replies made you feel that way. however, we're just trying to give you information to the best of our avail. were not doubting the problem you're having, however the source of the problem might be a different one than you think. <br>there are fake sites/pop-ups out there that imposter an update notification and trick you into installing malicious software disguised as firefox (or anything else with a brand name with high recognition). in case you could still reconstruct from your history or download history from where this file has been downloaded it would be helpful if you could provide this information. you could also report such a site yourself at https://www.mozilla.org/en-US/legal/fraud-report/ so that further action might be taken by mozilla. a general notice: updates are handled automatically by firefox so you don't have to download anything. you can always trigger updates within the firefox program by going to ''firefox > help > about firefox''...
ideato 893 solutions 6250 answers

Hello philipp, it seems 16.0.2 to me !

Hello philipp, it seems 16.0.2 to me !
Tyler Downer
  • Top 25 Contributor
  • Moderator
1535 solutions 10714 answers

Helpful Reply

Where did you receive this update notification from? Firefox's built in update doesn't download updates to your downloads folder, but if you fell victim to an update scam then that sounds plausible. It's likely this is one of two things: 1. MSE had a false positive 2. You downloaded an "update" from a fake site trying to trick you into downloading a virus.

Our updates are clean and do not have viruses in them i can guarantee that.

Where did you receive this update notification from? Firefox's built in update doesn't download updates to your downloads folder, but if you fell victim to an update scam then that sounds plausible. It's likely this is one of two things: 1. MSE had a false positive 2. You downloaded an "update" from a fake site trying to trick you into downloading a virus. Our updates are clean and do not have viruses in them i can guarantee that.
stevetex 0 solutions 6 answers

I got a message saying to update Firefox yesterday and the update had a virus. It brings up mixidj v8 toolbar. "About" says I have Firefox 22.0 Currently I am running Housecall. Malwarebytes didn't fix the problem but i think it put something in the vault. Fortunately I have 2 computers and currently running the other one for this message. Looking at Downloads on the Vista computer it says: Firefox_Setup(2).exe 1.0 MB - oi-installer9.com - Yesterday As of writing Trend micro's free housecall hasn't found anything and I use AVG for a virus protector.

I got a message saying to update Firefox yesterday and the update had a virus. It brings up mixidj v8 toolbar. "About" says I have Firefox 22.0 Currently I am running Housecall. Malwarebytes didn't fix the problem but i think it put something in the vault. Fortunately I have 2 computers and currently running the other one for this message. Looking at Downloads on the Vista computer it says: Firefox_Setup(2).exe 1.0 MB - oi-installer9.com - Yesterday As of writing Trend micro's free housecall hasn't found anything and I use AVG for a virus protector.
Tyler Downer
  • Top 25 Contributor
  • Moderator
1535 solutions 10714 answers

Helpful Reply

Did you download this update from an official Mozilla site? (mozilla.org) it looks like you didn't since that file doesn't look legit. That's why you have something non-standard bundled into it.

Did you download this update from an official Mozilla site? (mozilla.org) it looks like you didn't since that file doesn't look legit. That's why you have something non-standard bundled into it.
the-edmeister
  • Top 25 Contributor
  • Moderator
5406 solutions 40246 answers

stevetex,

That sure sounds like a fake update - Mozilla has nothing to do with Firefox_Setup(2).exe 1.0 MB - oi-installer9.com, the file size is way too small, and an actual Firefox update wouldn't come in an .exe file.

My advice is to run a deep scan with AVG and see what it comes up with.


If what you got wasn't a virus, it might be malware and you should do some malware scans.

Install, update, and run these programs in this order. They are listed in order of efficacy.
(Not all programs detect the same Malware, so you may need to run them all to solve your problem.)
These programs are all free for personal use, but some have limited functionality in the "free mode" - but those are features you really don't need to find and remove the problem that you have.
Note: If your Malware infection is bad enough and you are mis-directed to URL's other than what is posted, you may have to use a different PC to download these programs and use a USB stick to transfer them to the afflicted PC.

Malwarebytes' Anti-Malware - http://www.malwarebytes.org/mbam.php
SuperAntispyware - http://www.superantispyware.com/
AdAware - http://www.lavasoftusa.com/software/adaware/
Spybot Search & Destroy - http://www.safer-networking.org/en/index.html
Windows Defender: Home Page - http://windows.microsoft.com/en-US/wi.../windows-defender

stevetex, That sure sounds like a fake update - Mozilla has nothing to do with '''Firefox_Setup(2).exe 1.0 MB - oi-installer9.com''', the file size is way too small, and an actual Firefox update wouldn't come in an '''.exe''' file. My advice is to run a deep scan with AVG and see what it comes up with. ------ If what you got wasn't a '''''virus''''', it might be malware and you should do some malware scans. Install, update, and run these programs in this order. They are listed in order of efficacy.<br />'''''(Not all programs detect the same Malware, so you may need to run them all to solve your problem.)''''' <br />These programs are all free for personal use, but some have limited functionality in the "free mode" - but those are features you really don't need to find and remove the problem that you have.<br /> ''Note: If your Malware infection is bad enough and you are mis-directed to URL's other than what is posted, you may have to use a different PC to download these programs and use a USB stick to transfer them to the afflicted PC.'' Malwarebytes' Anti-Malware - [http://www.malwarebytes.org/mbam.php] <br /> SuperAntispyware - [http://www.superantispyware.com/] <br /> AdAware - [http://www.lavasoftusa.com/software/adaware/] <br /> Spybot Search & Destroy - [http://www.safer-networking.org/en/index.html] <br /> Windows Defender: Home Page - [http://windows.microsoft.com/en-US/windows7/products/features/windows-defender]
stevetex 0 solutions 6 answers

Will do, but Housecall is still ploughing through my C drive. Oh, one thing I did see, using Ztree was a file in the C directory C:\END dated yesterday and all it has in it are 9 bytes: ConduitOK

The name conduit appears somewhere, I think, with the problem but I don't want to mess around now with Housecall running. The creation date was 7/31 at 21:06

Will do, but Housecall is still ploughing through my C drive. Oh, one thing I did see, using Ztree was a file in the C directory C:\END dated yesterday and all it has in it are 9 bytes: ConduitOK The name conduit appears somewhere, I think, with the problem but I don't want to mess around now with Housecall running. The creation date was 7/31 at 21:06
stevetex 0 solutions 6 answers

The message must have said something like your browser or Mozilla needs updating, do it now. Hit this link. I guess it must have looked like a message from you guys otherwise I would have been suspicious. Can't really remember any details now.

The message must have said something like your browser or Mozilla needs updating, do it now. Hit this link. I guess it must have looked like a message from you guys otherwise I would have been suspicious. Can't really remember any details now.
jscher2000
  • Top 10 Contributor
8775 solutions 71736 answers

Hi stevetex, Conduit makes a range of "Community Toolbar" add-ons. They take over certain search features and may otherwise do surprising things.

If you can recall installing a Community Toolbar or find one on your add-ons list, that may well explain the Conduit references. (Unless there is a new Conduit I'm not familiar with.)

orange Firefox button (or Tools menu) > Add-ons > Extensions category

MixiDJ is another program that seems to be unpopular with forum visitors. Perhaps the two were bundled together?

Hi stevetex, Conduit makes a range of "Community Toolbar" add-ons. They take over certain search features and may otherwise do surprising things. If you can recall installing a Community Toolbar or find one on your add-ons list, that may well explain the Conduit references. (Unless there is a new Conduit I'm not familiar with.) orange Firefox button (or Tools menu) > Add-ons > Extensions category MixiDJ is another program that seems to be unpopular with forum visitors. Perhaps the two were bundled together?
kobe 441 solutions 5048 answers

Hi the site you "downloaded firefox" from is a known distributor of malware

So id use the programs the-edmeister suggested as a good start. And report the url to.

Thanks in advance!

Hi the site you "downloaded firefox" from is a known distributor of malware * http://www.mywot.com/en/scorecard/oi-installer9.com?utm_source=addon&utm_content=contextmenu So id use the programs the-edmeister suggested as a good start. And report the url to. * http://www.mozilla.org/en-US/legal/fraud-report/index.html Thanks in advance!
stevetex 0 solutions 6 answers

While Housecall is still running I used Ztree to pull a catalog of all files that had a change time of around the time I saw the END file created. I have the catalog of files in a Text doc if anybody is interest which I can send if it might help anybody.

While Housecall is still running I used Ztree to pull a catalog of all files that had a change time of around the time I saw the END file created. I have the catalog of files in a Text doc if anybody is interest which I can send if it might help anybody.

Question owner

Hello everyone, Sorry I haven't replied back in a while, life's been kinda crazy here lately. If memory serves me this updated on it's own. I learned my lesson a long time ago not to believe what it on the screen when an update shows up. I will usually go to the task manager and end all my tasks and then go to that particular site to update instead. I've seen many sites provided for searching for malware for free...but you may have to pay...Can I please get a reputable site to scan for malware and viruses that I do not have to pay extra for? We use MSE for our antivirus software. Sorry I flew a bit off the handle before about not being treated fairly. That was left over's from Zynga. Need I say more... lol Any help appreciated.

Hello everyone, Sorry I haven't replied back in a while, life's been kinda crazy here lately. If memory serves me this updated on it's own. I learned my lesson a long time ago not to believe what it on the screen when an update shows up. I will usually go to the task manager and end all my tasks and then go to that particular site to update instead. I've seen many sites provided for searching for malware for free...but you may have to pay...Can I please get a reputable site to scan for malware and viruses that I do not have to pay extra for? We use MSE for our antivirus software. Sorry I flew a bit off the handle before about not being treated fairly. That was left over's from Zynga. Need I say more... lol Any help appreciated.