Malware program halts Firefox due to finding a heap spray.
After updating to Firefox 55.0.3, my malware software HitmanPro.Alert immediately halts the program from running, saying that there is malware present, see below for details. I uninstalled Firefox with Revo Uninstaller Pro, rebooted, downloaded it from the Mozilla site, and installed it fresh with the same results. Running a malware scan with HitmanPro only finds tracking cookies. I repeated the whole procedure (stubborn I am) to get the same warning and inability to use Firefox.
Anything I can do to be able to use my favorite browser again?
Many thanks for help, Shirley
Here are the details from the HitmanPro.Alert event log:
Attack intercepted Firefox 55.0.3 has been stopped due to malicious software C:\Windows\System32\winlogon.exe [676] winlogon.exe - System - Provider [ Name] HitmanPro.Alert - EventID 911 [ Qualifiers] 0 Level 2 Task 9 Keywords 0x80000000000000 - TimeCreated [ SystemTime] 2017-09-08T19:11:11.961567600Z EventRecordID 831875 Channel Application Computer LEOPARD-SAK Security - EventData C:\Program Files\Mozilla Firefox\firefox.exe HeapSpray Mitigation HeapSpray Platform 10.0.15063/x64 v604 06_9e PID 15200 Application C:\Program Files\Mozilla Firefox\firefox.exe Description Firefox 55.0.3 #00 0000023B64A86000 L00021000; CycleLen=2048; NumDetections=65 48 54 54 50 53 3A 2F 2F 53 2E 59 49 4D 47 2E 43 4F 4D 2F 5A 5A 2F 43 4F 4D 42 4F 3F 59 55 49 3A 33 2E 31 32 2E 30 2F 41 50 50 2D 54 52 41 4E 53 49 54 49 4F 4E 53 2F 41 50 50 2D 54 52 41 4E 53 49 54 49 #01 0000023B64A65000 L00021000; CycleLen=2048; NumDetections=65 48 54 54 50 53 3A 2F 2F 53 2E 59 49 4D 47 2E 43 4F 4D 2F 5A 5A 2F 43 4F 4D 42 4F 3F 59 55 49 3A 33 2E 31 32 2E 30 2F 41 50 50 2D 54 52 41 4E 53 49 54 49 4F 4E 53 2F 41 50 50 2D 54 52 41 4E 53 49 54 49 #02 0000023B64A44000 L00021000; CycleLen=2048; NumDetections=65 48 54 54 50 53 3A 2F 2F 53 2E 59 49 4D 47 2E 43 4F 4D 2F 5A 5A 2F 43 4F 4D 42 4F 3F 59 55 49 3A 33 2E 31 32 2E 30 2F 41 50 50 2D 54 52 41 4E 53 49 54 49 4F 4E 53 2F 41 50 50 2D 54 52 41 4E 53 49 54 49 #03 0000023B64A23000 L00021000; CycleLen=2048; NumDetections=65 48 54 54 50 53 3A 2F 2F 53 2E 59 49 4D 47 2E 43 4F 4D 2F 5A 5A 2F 43 4F 4D 42 4F 3F 59 55 49 3A 33 2E 31 32 2E 30 2F 41 50 50 2D 54 52 41 4E 53 49 54 49 4F 4E 53 2F 41 50 50 2D 54 52 41 4E 53 49 54 49 #04 0000023B64A02000 L00021000; CycleLen=2048; NumDetections=65 48 54 54 50 53 3A 2F 2F 53 2E 59 49 4D 47 2E 43 4F 4D 2F 5A 5A 2F 43 4F 4D 42 4F 3F 59 55 49 3A 33 2E 31 32 2E 30 2F 41 50 50 2D 54 52 41 4E 53 49 54 49 4F 4E 53 2F 41 50 50 2D 54 52 41 4E 53 49 54 49 #05 00000223ED75B000 L00021000; CycleLen=2048; NumDetections=65 48 54 54 50 53 3A 2F 2F 53 2E 59 49 4D 47 2E 43 4F 4D 2F 5A 5A 2F 43 4F 4D 42 4F 3F 59 55 49 3A 33 2E 31 32 2E 30 2F 41 50 50 2D 54 52 41 4E 53 49 54 49 4F 4E 53 2F 41 50 50 2D 54 52 41 4E 53 49 54 49 #06 0000023B649C8000 L00021000; CycleLen=2048; NumDetections=65 48 54 54 50 53 3A 2F 2F 53 2E 59 49 4D 47 2E 43 4F 4D 2F 5A 5A 2F 43 4F 4D 42 4F 3F 59 55 49 3A 33 2E 31 32 2E 30 2F 41 50 50 2D 54 52 41 4E 53 49 54 49 4F 4E 53 2F 41 50 50 2D 54 52 41 4E 53 49 54 49 #07 0000023B649A7000 L00021000; CycleLen=2048; NumDetections=65 48 54 54 50 53 3A 2F 2F 53 2E 59 49 4D 47 2E 43 4F 4D 2F 5A 5A 2F 43 4F 4D 42 4F 3F 59 55 49 3A 33 2E 31 32 2E 30 2F 41 50 50 2D 54 52 41 4E 53 49 54 49 4F 4E 53 2F 41 50 50 2D 54 52 41 4E 53 49 54 49 #08 0000023B64986000 L00021000; CycleLen=2048; NumDetections=65 48 54 54 50 53 3A 2F 2F 53 2E 59 49 4D 47 2E 43 4F 4D 2F 5A 5A 2F 43 4F 4D 42 4F 3F 59 55 49 3A 33 2E 31 32 2E 30 2F 41 50 50 2D 54 52 41 4E 53 49 54 49 4F 4E 53 2F 41 50 50 2D 54 52 41 4E 53 49 54 49 Process Trace 1 C:\Program Files\Mozilla Firefox\firefox.exe [15200] 2 C:\Windows\explorer.exe [8772] 3 C:\Windows\System32\userinit.exe [3848] 4 C:\Windows\System32\winlogon.exe [676] winlogon.exe
Modificato da cor-el il
Soluzione scelta
I stumbled on a solution last night. Unrelated to this problem, I ran CCleaner, which cleared Firefox's cache, history, and cookies. After rebooting, Firefox had no Hitman alert and has been working smoothly since. I don't know why this cleared up the problem, but I'm happy.
In the meantime, I had contacted HitmanPro.Alert support. They just got back to me this morning and I passed along my experience.
Thanks so much for the responses on this forum. You guys are great.
Shirley
Leggere questa risposta nel contesto 👍 1Tutte le risposte (8)
My apologies for posting the details above twice. Shirley
This is possibly a problem with a false positive in Hitman pro.
Try to contact their support to see if they are aware of this.
We have seen more report about this software.
- [/questions/1174086 firefox update triggers hitmanpro alert
You didn't respond to a pop-up or a page with an update alert?
cor-el said
You didn't respond to a pop-up or a page with an update alert?
Checked out the article you referenced and I have definitely not responded to any fake update alerts.
cor-el said
This is possibly a problem with a false positive in Hitman pro. Try to contact their support to see if they are aware of this.
I'm going to contact Hitman Pro support.
If you got a legitimate update from Firefox like via "Help -> About Firefox" then you should have gotten malware or a virus and in that case it is likely a false positive. To be sure about this you should contact the Hitman website for support.
Hi Shirley, I don't know why Firefox would run those Windows executables at startup. Could you try starting in Firefox's Safe Mode? In Safe Mode, Firefox temporarily deactivates extensions, hardware acceleration, and some other advanced features to help you assess whether these are causing the problem.
If Firefox is not running: Hold down the Shift key when starting Firefox.
If Firefox is running: You can restart Firefox in Safe Mode using either:
- "3-bar" menu button > "?" button > Restart with Add-ons Disabled
- Help menu > Restart with Add-ons Disabled
and OK the restart.
Both scenarios: A small dialog should appear. Click "Start in Safe Mode" (not Refresh).
Any improvement? (More info: Diagnose Firefox issues using Troubleshoot Mode)
Soluzione scelta
I stumbled on a solution last night. Unrelated to this problem, I ran CCleaner, which cleared Firefox's cache, history, and cookies. After rebooting, Firefox had no Hitman alert and has been working smoothly since. I don't know why this cleared up the problem, but I'm happy.
In the meantime, I had contacted HitmanPro.Alert support. They just got back to me this morning and I passed along my experience.
Thanks so much for the responses on this forum. You guys are great.
Shirley