Jump to content
frozen

MBAM 4.1. flagging Firefox 74.0.1

Recommended Posts

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 4/3/20
Protection Event Time: 5:20 PM
Log File: 48bdef2c-75f9-11ea-8a48-90e6ba57cdd5.json

-Software Information-
Version: 4.1.0.56
Components Version: 1.0.859
Update Package Version: 1.0.21864
License: Premium

-System Information-
OS: Windows 10 (Build 18362.720)
CPU: x64
File System: NTFS
User: System

-Ransomware Details-
File: 1
Malware.Ransom.Agent.Generic, C:\Program Files\Mozilla Firefox\firefox.exe, Quarantined, 0, 392685, 0.0.0


(end)

Share this post


Link to post
Share on other sites

***This is an automated reply***

Hi,

Thanks for posting in the Malwarebytes for Windows Help forum.

 

If you are having technical issues with our Windows product, please do the following: 

Spoiler

If you haven’t already done so, please run the Malwarebytes Support Tool and then attach the logs in your next reply:

NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

  1. Download Malwarebytes Support Tool
  2. Once the file is downloaded, open your Downloads folder/location of the downloaded file
  3. Double-click mb-support-X.X.X.XXXX.exe to run the program
    • You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
  4. Place a checkmark next to Accept License Agreement and click Next
  5. You will be presented with a page stating, "Get Started!"
  6. Click the Advanced tab on the left column

    mbst_get_started.jpg
     
  7. Click the Gather Logs button

    mbst_advanced_gather_logs.jpg
     
  8. A progress bar will appear and the program will proceed with getting logs from your computer

    mbst_getting_logs.jpg
     
  9. Upon completion, a file named mbst-grab-results.zip will be found on your Desktop. Click OK

    mbst_log_saved_desktop.jpg
     
  10. Please attach the file in your next reply. Before submitting your reply, be sure to enable "Notify me of replies" like so:

     notify me.jpeg  

Click "Reveal Hidden Contents" below for details on how to attach a file:
 

Spoiler

To save attachments, please click the link as shown below. You can click and drag the files to this bar or you can click the choose files, then browse to where your files are located, select them and click the Open button.

mb_attach.jpg.220985d559e943927cbe3c078b
 

One of our experts will be able to assist you shortly.

 

If you are having licensing issues, please do the following: 

Spoiler

For any of these issues:

  • Renewals
  • Refunds (including double billing)
  • Cancellations
  • Update Billing Info
  • Multiple Transactions
  • Consumer Purchases
  • Transaction Receipt

Please contact our support team at https://support.malwarebytes.com/hc/en-us/requests/new to get help

If you need help looking up your license details, please head here: Find my premium license key

 

 

Thanks in advance for your patience.

-The Malwarebytes Forum Team

 

Share this post


Link to post
Share on other sites
Posted (edited)

I did not get any alert because of FF on four computers.

Edited by KenW

Share this post


Link to post
Share on other sites
Posted (edited)

Hi @frozen

Look at post # 1, click on the "technical" issues there to see the directions to get & run the Support tool.

The researchers /internal team will want to be able to see all the logs from the program.

So....please get , run the support tool.  Attach the ZIP file when all done.

Seems like something is off on that machine.   I just got Firefox 74.0.1 update  / ran a quick scan & regular Threat scan & got no flagging of Firefox.

Edited by Maurice Naggar

Share this post


Link to post
Share on other sites

PS.    After getting the support zip file done.

I notice your program is a bit behind in the Component package version.   Mine is on the very recent C U  1.0.867

Start Malwarebytes.   Click Settings icon   Look on the General tab  & click on Check for Updates.

Let us know the result.

Share this post


Link to post
Share on other sites

I don't know what MBam was doing before but I updated it and did a quick scan and it found nothing and did not automatically quarantine Firefox as it was repeatedly doing.

Share this post


Link to post
Share on other sites

Thank you for the update @frozen and glad the update corrected your issue.

If there is anything else we can assist you with please let us know.

 

Share this post


Link to post
Share on other sites

Sigh another Firefox update another warning/quarantining by Malwarebytes. Restoring the firefox.exe and doing a quick scan finds nothing.

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 4/7/20
Protection Event Time: 9:32 AM
Log File: 8ef6d824-78dc-11ea-bcf4-90e6ba57cdd5.json

-Software Information-
Version: 4.1.0.56
Components Version: 1.0.867
Update Package Version: 1.0.22076
License: Premium

-System Information-
OS: Windows 10 (Build 18362.720)
CPU: x64
File System: NTFS
User: System

-Ransomware Details-
File: 1
Malware.Ransom.Agent.Generic, C:\Program Files\Mozilla Firefox\firefox.exe, Quarantined, 0, 392685, 0.0.0


(end)

 

 

Share this post


Link to post
Share on other sites

Very strange, on my four computers and 25+ computers from clients no problems with FF and Malwarebytes...😲

Share this post


Link to post
Share on other sites

Just updates to FF 75.0 now, nothing happens... All is okay.

Share this post


Link to post
Share on other sites

Ya and its only occurring during the automatic update that it flags the exe. When I restore the firefox.exe and do a scan nothing is found. 

Share this post


Link to post
Share on other sites

This is something for malwarebytes team, to look further into your case.

Share this post


Link to post
Share on other sites

@frozen

Can you consistently reproduce this detection? I see you've encountered multiple detections involving Firefox.exe.

Are you performing any manual steps at all that trigger the detection or simply allowing Firefox to update automatically in the background?

Could you zip up the C:\ProgramData\Malwarebytes\MBAMService\ARW folder and provide it for us please.

Share this post


Link to post
Share on other sites
12 minutes ago, LiquidTension said:

@frozen

Can you consistently reproduce this detection? I see you've encountered multiple detections involving Firefox.exe.

Are you performing any manual steps at all that trigger the detection or simply allowing Firefox to update automatically in the background?

Could you zip up the C:\ProgramData\Malwarebytes\MBAMService\ARW folder and provide it for us please.

I am going to the Help | About Firefox and if there is an update showing up I click on the button that Firefox shows on the About page. When it updates and I believe finishes that is when MBAM flags it and auto quarantines it. I then have to go into MBAM and restore it. It has happened w 74.0.1 and 75 upgrade. It did not happen prior to upgrade to 74.01 

ARW.zip

Share this post


Link to post
Share on other sites

Thanks for this information.

If you're able to reproduce this detection once more, it'd be very helpful if we could collect some additional troubleshooting information to assist our efforts with fixing this issue.

  • Open Malwarebytes -> Settings -> Enable "Event log data".
  • Download and run Process Monitor: https://docs.microsoft.com/en-us/sysinternals/downloads/procmon
  • Reproduce the firefox.exe detection.
  • Stop and save the Process Monitor capture.
    • Click File -> Capture Events to stop the capture.
    • Click Save and follow the prompts to save the logs.
  • Provide logs:
    • Rerun the Malwarebytes Support Tool and gather logs.
    • Drag and drop the Process Monitor log into the mbst-grab-results.zip saved to your Desktop.
    • Zip up C:\ProgramData\Malwarebytes\MBAMService\ARW once more.

Share this post


Link to post
Share on other sites

Sorry but its not reproducible unless there is an update available for Firefox as I mentioned previously. Downloading the exe installer from Mozilla does NOT cause the issue to occur. Only clicking on the Update Firefox button on the About Firefox if there is an update available causes it to occur.

 

Share this post


Link to post
Share on other sites

Might I suggest reviewing your Firefox add-ons and for those with special settings like uBlock or NoScript, etc. exporting their settings to backup file. Write down or screen shot the add-ons you have. Then reset Firefox back to default settings and add back in the extensions you want.

So far you're the only one I've seen ever report this issue which leads me to believe that maybe something is unique about your Firefox installation.

 

Share this post


Link to post
Share on other sites

The thing is that prior to 74.0.1 the update procedure did not cause any issues and I am not using any new extensions in Firefox.  I have disabled some of these extensions but the problem is hard to test since it requires Mozilla to push out an update for Firefox and I tell Firefox to update for the problem to show up. Disabling some of these extensions may show whether they are the cause of it but even if that is the case there is no way I could narrow down what extension is the issue.

 

Share this post


Link to post
Share on other sites

You could uninstall Firefox. Then install an older build on purpose. Then check for updates and see if it happens again

 

Share this post


Link to post
Share on other sites

I tried that and when I installed the older version 73 of Firefox I was given this error message. I  created a new profile and had no issues w MBAM. 

Annotation 2020-04-09 222348.jpg

Share this post


Link to post
Share on other sites

I uninstalled Firefox 75. Restored a backup of a profile for FFox 74.0 which is the last version of Firefox that MBAM did not flag.  I installed Firefox 74 started it up and checked for updates. It downloaded the update and applied it without issue.  

Share this post


Link to post
Share on other sites

Maybe it has something to do with the new Firefox version 75.0 that now installs an Telemetry program on your PC?

Firefox 75 comes with a new telemetry agent that sends information about your operating system and your default browser to Firefox every day.

For some time, Firefox has been collecting telemetry data about how you use the browser, such as the number of web pages you visit, safe-browsing information, the number of open tabs and windows, what add-ons are installed, and more.

This telemetry data is kept for 13 months and IP addresses listed in server logs are deleted every 30 days.

 

 

Share this post


Link to post
Share on other sites

No, the telemetry should have no bearing. Unless I'm reading the reply wrong, so far all your updates are now working well without an issue with Malwarebytes, which is what I was hoping/expecting.

 

Share this post


Link to post
Share on other sites

They are but the update was being flagged as Ransomware during normal update process not once but twice. It was NOT being flagged when I did the latest test. Could MBAM of been flagging something in Firefox cache files that was not in the backup that I had used for the last test? I am grasping at straws here on what the heck was going on. 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.