X
Tap here to go to the mobile version of the site.

Support Forum

Anoying fake Amozilla crash report apearing messing up with cursor

Posted

Firefox doesn't crash just a crash report appears NOT a Mozilla one but it says (AMozilla crash reporter) but Mozilla still works doenst crash !! Fully updated and its messing my cursor its like while im typing someone else controls my cursor and clicks somewhere else taking me away from where i am Pleaseeeee helppppp !!

Firefox doesn't crash just a crash report appears NOT a Mozilla one but it says (AMozilla crash reporter) but Mozilla still works doenst crash !! Fully updated and its messing my cursor its like while im typing someone else controls my cursor and clicks somewhere else taking me away from where i am Pleaseeeee helppppp !!

Chosen solution

I had the same problem. Apparently it is a malware that uses a fake firefox to access some websites in the background. It appears in the task managers process list as dmw.exe *32 and says firefox in the description. Don't confuse with dwm.exe, which is a legitimate windows service (Desktop Window Manager).

It is started from C:\Program Files (x86)\Common Files\Lenovo\data.js which is in turn started by a RUN key in the registry. Trying to terminate dmw.exe in the process list, it reappears / restarts immedately. I think I got infected by a malicious download of K-Lite_Codec_Pack_1015_Mega.exe. At least the timestamps would suggest that.

To clean I had to clear the RUN key from the registry first. Run regedit, search for lenovo and clear all keys that point to ...\Lenovo\data.js Then reboot and remove the Lenovo directory under the Common Files directory. Be carefull, if you actually have a Lenovo to not remove legitimate Lenovo files.

If I have the time, I will run it in a sandbox and see what it really does.

Read this answer in context 15

Additional System Details

Application

  • User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36

More Information

philipp
  • Top 10 Contributor
  • Moderator
3285 solutions 15097 answers

In order to be able to find the correct solution to your problem, we require some more non-personal information from you. Please do the following:

  • Click the Firefox button at the top left, then click the Help menu and select Troubleshooting Information from the submenu. If you don't have a Firefox button, click the Help menu at the top and select Troubleshooting Information from the menu.

Now, a new tab containing your troubleshooting information should open.

  • At the top of the page, you should see a button that says "Copy text to clipboard". Click it.
  • Now, go back to your forum post and click inside the reply box. Press Ctrl+V to paste all the information you copied into the forum post.

If you need further information about the Troubleshooting information page, please read the article Use the Troubleshooting Information page to help fix Firefox issues.

Thanks in advance for your help!

In order to be able to find the correct solution to your problem, we require some more non-personal information from you. Please do the following: *Click the Firefox button at the top left, then click the ''Help'' menu and select ''Troubleshooting Information'' from the submenu. If you don't have a Firefox button, click the Help menu at the top and select ''Troubleshooting Information'' from the menu. Now, a new tab containing your troubleshooting information should open. *At the top of the page, you should see a button that says "Copy text to clipboard". Click it. *Now, go back to your forum post and click inside the reply box. Press Ctrl+V to paste all the information you copied into the forum post. If you need further information about the Troubleshooting information page, please read the article [[Use the Troubleshooting Information page to help fix Firefox issues]]. Thanks in advance for your help!
cor-el
  • Top 10 Contributor
  • Moderator
13054 solutions 119545 answers

Can you attach a screenshot?

Use a compressed image type like PNG or JPG to save the screenshot.

Can you attach a screenshot? *http://en.wikipedia.org/wiki/Screenshot *https://support.mozilla.org/kb/how-do-i-create-screenshot-my-problem Use a compressed image type like PNG or JPG to save the screenshot.
Klaus2m5 1 solutions 2 answers

Chosen Solution

I had the same problem. Apparently it is a malware that uses a fake firefox to access some websites in the background. It appears in the task managers process list as dmw.exe *32 and says firefox in the description. Don't confuse with dwm.exe, which is a legitimate windows service (Desktop Window Manager).

It is started from C:\Program Files (x86)\Common Files\Lenovo\data.js which is in turn started by a RUN key in the registry. Trying to terminate dmw.exe in the process list, it reappears / restarts immedately. I think I got infected by a malicious download of K-Lite_Codec_Pack_1015_Mega.exe. At least the timestamps would suggest that.

To clean I had to clear the RUN key from the registry first. Run regedit, search for lenovo and clear all keys that point to ...\Lenovo\data.js Then reboot and remove the Lenovo directory under the Common Files directory. Be carefull, if you actually have a Lenovo to not remove legitimate Lenovo files.

If I have the time, I will run it in a sandbox and see what it really does.

I had the same problem. Apparently it is a malware that uses a fake firefox to access some websites in the background. It appears in the task managers process list as dmw.exe *32 and says firefox in the description. Don't confuse with dwm.exe, which is a legitimate windows service (Desktop Window Manager). It is started from C:\Program Files (x86)\Common Files\Lenovo\data.js which is in turn started by a RUN key in the registry. Trying to terminate dmw.exe in the process list, it reappears / restarts immedately. I think I got infected by a malicious download of K-Lite_Codec_Pack_1015_Mega.exe. At least the timestamps would suggest that. To clean I had to clear the RUN key from the registry first. Run regedit, search for lenovo and clear all keys that point to ...\Lenovo\data.js Then reboot and remove the Lenovo directory under the Common Files directory. Be carefull, if you actually have a Lenovo to not remove legitimate Lenovo files. If I have the time, I will run it in a sandbox and see what it really does.
iillkkaayy 0 solutions 13 answers

THANKYOU. i remember installing k-lite codec pack.

I removed the lenovo from my regedit. I now will restart my laptop (which is HP) and delete the folder. This was VERY helpfull !

THANKYOU. i remember installing k-lite codec pack. I removed the lenovo from my regedit. I now will restart my laptop (which is HP) and delete the folder. This was VERY helpfull !
BrainScan 0 solutions 1 answers

Hello

I have the same problem with dwm.exe *32 with descrition firefox, that keeps the trying connect to malware sites all the time. Problem is i dont have any C:\Program Files (x86)\Common Files\Lenovo\data.js and cant find which registry seems to be the problem.

Hello I have the same problem with dwm.exe *32 with descrition firefox, that keeps the trying connect to malware sites all the time. Problem is i dont have any C:\Program Files (x86)\Common Files\Lenovo\data.js and cant find which registry seems to be the problem.
iillkkaayy 0 solutions 13 answers

start 'msconfig' disable the .vbs script and other unnecessary things. delete the lenovo map and it will be all fine

start 'msconfig' disable the .vbs script and other unnecessary things. delete the lenovo map and it will be all fine
Klaus2m5 1 solutions 2 answers

Helpful Reply

There seem to be other versions of this malware. It has been arround since 2012 or even earlier. A more generic approach to clean up:

  • Find dmw.exe or whatever your malware firefox is called by searching the whole windows drive (c: most of the time). Property details of the executable would show it as firefox 3.6.3 dated 31-Mar-2010. Files much newer than the executable in the same directory are the added malware payloads/scripts.
  • Remove any registry entries pointing to the directory you found (probably a run key to some kind of script in the same directory).
  • Reboot and then remove the directory.

If you are unsure about any of the above steps please ask a friend to help with the clean up!

edit: according to a post on the codec.com forum a new version of the malware exists installing to C:\Program Files (x86)\Common Files\eImagineTechnologyGroup and came from a download on sourceforge again.

There seem to be other versions of this malware. It has been arround since 2012 or even earlier. A more generic approach to clean up: * Find dmw.exe or whatever your malware firefox is called by searching the whole windows drive (c: most of the time). Property details of the executable would show it as firefox 3.6.3 dated 31-Mar-2010. Files much newer than the executable in the same directory are the added malware payloads/scripts. * Remove any registry entries pointing to the directory you found (probably a run key to some kind of script in the same directory). * Reboot and then remove the directory. If you are unsure about any of the above steps please ask a friend to help with the clean up! edit: according to a post on the codec.com forum a new version of the malware exists installing to C:\Program Files (x86)\Common Files\eImagineTechnologyGroup and came from a download on sourceforge again.

Modified by Klaus2m5