Jump to content

Firefox FP - Rootkit.dropper

koxi

By koxi
in File Detections

 Share

Recommended Posts

koxi

koxi

Posted
Posted

Installed Malwarebytes on a fresh w7 32bit install and when I tried to install firefox from this http://www.mozilla.org/da/firefox/new/#download-fx

 

I get this in my logs: DETECTION C:\Users\Nick\firefox.exe Rootkit.Dropper QUARANTINE , now the things I don't understand is the filename is "FirefoxSetupStub25.exe", which looks really really weird to me however its the official website for firefox, so I doubt it's real unless they have been hacked and my KIS doesn't pick anything up.

 

However KIS mention in KSN that less than 1000 KSN users have used this program (Firefox, Mozilla) 

Comodo analyse: http://camas.comodo.com/cgi-bin/submit?file=e943c327e380eeddc0563d7ae6e6cc5a8521d1f1dff5f7dae406645ba1597211

 

Virustotal (1 / 47) : https://www.virustotal.com/da/file/e943c327e380eeddc0563d7ae6e6cc5a8521d1f1dff5f7dae406645ba1597211/analysis/1384091096/

 

I've added a ZIP folder with the setup file, remember scanning the file doesn't alert malwarebyte, installing does. 

 

Other things to note:

 

Malwarebyte is update @ 10-11-2013.

 

 

 

Could you report back if this is infected or not?

Firefox Setup Stub 25.0.zip

Link to post
Share on other sites
daledoc1

daledoc1

Posted
Posted

Hi, koxi:
 
It looks as if Fatdcuk has you fixed up for the FP on the Fx installer. ;)
(IIRC there was a similar case last week: https://forums.malwarebytes.org/index.php?showtopic=136126 ?)

 

Just to add a bit about the stub installer question....
 
Yes, Mozilla has recently moved to a "stub" installer. 

If you want the full installer, you need to click the "download a fresh copy" link or the "systems & languages" button under the green download button at https://www.mozilla.org, in order to get to the full list of installers for all languages and platforms. Here is the URL (for me, in the US): https://www.mozilla.org/en-US/firefox/all/

 

6F0UfAH.png

PHa7h2H.png
 
HTH,
 
daledoc1

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.