URGENT - ARE LATEST VERSIONS OF FIREFOX DOWNLOADS INFECTED WITH MALWARE/ADWARE?
It is VERY URGENT that the following is looked into by Mozilla Firefox and anyone else who uses this browser, as it would appear that the latest installation downloads from Mozilla Firefox (GB-EN) for versions 28.0 and 29 (and quite possibly previous versions) ARE THEMSELVES INFECTED with malware/adware. This is the only conclusion I can come to after repeated resets of my computers to factory settings, and everything is fine until I re-download Mozilla Firefox and select it as default browser, then the following happens when my Office 365 account is accessed:
In Office 365, if I select the 'File' menu and 'Office Account', then click on the 'Manage Account' button, TWO tabs on the default browser (if it is Firefox) are opened and the SECOND tab is a malware/adware page, usually called something like www.74f.com or another URL or server with a number, and sometimes this has an email address on the adware page that opens. This only happens when Mozilla Firefox is the default browser - it does not happen in Internet Explorer. In IE, the second tab is the correct tab for the Account in Office 365.
This has caused me to do repeated resets to factory default settings on my two laptops, one running Windows 8.1 64 bit and one running Windows 7 64 bit, and everything is fine when re-installation of all programs is complete and IE is the default browser. As soon as Mozilla Firefox is downloaded - the latest versions 28 or 29, and Firefox is set as the default browser, the malware/adware tab reopens in Office 365, as above.
On doing a search on what www.74f.com is, it appears to be registered on servers in China.
The malware/adware seems to be directly connected with the download and installation of the latest versions of Firefox. PLEASE INVESTIGATE URGENTLY - as although Firefox has always been my favourite browser, there is no way I am ever going to use it again unless this is solved, as I am fed up with doing factory resets of my computers to solve this. Each time I re-install Firefox it happens again, to a previously clean system.
모든 댓글 (19)
It is VERY URGENT that the following is looked into by Mozilla Firefox and anyone else who uses this browser, as it would appear that the latest installation downloads from Mozilla Firefox (GB-EN) for versions 28.0 and 29 (and quite possibly previous versions) ARE THEMSELVES INFECTED with malware/adware.
Where did you download these files? From what site?
From here: http://www.mozilla.org/en-GB/firefox/new/
It is this file: Firefox Setup Stub 29.0.1.exe from download-installer.cdn.mozilla.net. It has also happened with version 28.0 download.
Some security software flags the small Firefox stub installer as malware, but this is a false positive.
You can contact the website of you AV software to inform them about this.
They probably already know this, but they should take action if they respect their clients as such a thing shouldn't happen.
You can instead download the full Firefox installer and save the file to the desktop and start the installation with a double-click on the desktop icon.
You can find the full version of the current Firefox 29.0 release in all languages and for all Operating Systems here:
Firefox 29.0 and especially 28.0 has been out more than long enough for it to be discovered it was not clean if it was true.
I uploaded the en-GB language of 29.0 and 29.0.1 Firefox Setup Stub and Firefox Setup from http://download.cdn.mozilla.net/pub/mozilla.org/firefox/releases/ to virus total and they were clean as as Firefox versions from Mozilla has always been. With the exception I recall from a long time ago during when it was Firebird as the other languages besides en-US were contrib builds and one was found to be infected.
Firefox Setup Stub 29.0.exe Detection ratio: 0 / 52 https://www.virustotal.com/en/file/9a27ea48655a33e1cb322521390835ea3b0d9c645ab87ab1faea4b4bcf366773/analysis/1399840034/
Firefox Setup 29.0.exe Detection ratio: 0 / 52
https://www.virustotal.com/en/file/b325cd3e3a502e1017f356c85ddd3cc2f676aab8628e85f0f5be895cb5b42c84/analysis/1399840258/
Firefox Setup Stub 29.0.1.exe Detection ratio: 0 / 52 https://www.virustotal.com/en/file/622a6603e6d58d793cf179d2ece94b21370ff306eff99145592f301deb8cd027/analysis/1399840601/
Firefox Setup 29.0.1.exe Detection ratio: 0 / 52 https://www.virustotal.com/en/file/ae527e7f1f4b79e6f10b3398c4b7ec9c7c2f318dfe901b8cdf92f7165fff71dc/analysis/1399840801/
Still think the en-GB version of Firefox 29.0/29.0.1 is infected?. As said some AV software have made false positives on the stub installers at times.
Also just because you appear to be getting it in Firefox does not automatically mean it came with Firefox.
글쓴이 James 수정일시
Thanks for all the above responses.
I have both AVG Internet Security 2014 and Spybot, but it wasn't either of these that flagged it up, they didn't find it.
It only happens when you use Office 365 with the Firefox browser as default, as described in my first post above - when the 'Manage Account' button is clicked, bringing up two tabs in Firefox, the second one having the malware/adware, for example 74f.com. It's happened each time I've done a complete reset to factory default settings, cleaned all drives, re-installed everything, then when Firefox recent versions, 28 or 29 are installed and set as default browser, that's when it occurs.
I have monitored all other programs I have reinstalled, which is basically only Adobe CS6 Design Premium and Office 365, and it's sill clean when using Internet Explorer, it just happens after installation of Firefox.
At first I thought it was to do with Firefox synchronisation application, as it happened to both my laptops after synchronisation, so I thought it must be a particular URL saved as a Favourite that was doing it, but after the last reinstallation I didn't synchronize Favourites; all I did was install Firefox, open Office 365 etc. and there it was again, this time the second tab that opened in Firefox said 74f.com, but previous instances have said other similar URLs with a number and a .com or .exe, or sometimes just a server number.
It's been worrying the life out of me, and stopping me getting on with my work, as I only have a slow broadband connection and it takes hours and hours each time I do a reset and then re-download Windows 8.1, Office 365 etc. It also happens incidentally on my Windows 7 laptop, so it's not just Windows 8.
I'll try another install of Firefox from one of the links above (thanks for that), and see if it still happens. I'll let you know.
STILL UNCONVINCED THAT FIREFOX DOWNLOAD IS FREE OF MALWARE/ADWARE
I downloaded this time the U.S. English version from here:
http://www.mozilla.org/en-US/firefox/all.html
Exactly the same thing happened, as described in my first post above. When I opened Office 365, selected the 'File' menu and 'Office Account', then clicked on the 'Manage Account' button, two tabs on Firefox opened and the second tab was www.74f.com - which I assume is a malware/adware page. This only happens when Firefox is the default browser. It does not happen when Internet Explorer is the default browser.
I uninstalled Firefox, and won't be using it again. If you don't think it is infected, please explain why it loads the www.74f.com tab, as described above. If there is another explanation, please let me know what it is.
As far as I can see, the only other possibilities are that Microsoft Office 365 is infected, or Adobe Design Premium CS6 are infected, as these are the only additional programs I have re-installed after the multiple system default resets I have done. This doesn't seem likely, given the security on Microsoft and Adobe application DVDs and servers. (I installed Adobe CS6 from an Adobe DVD installation upgrade from CS5.5, and Office 365 is a download from Microsoft).
I repeat, everything is fine after each reset until I install Firefox, and then bang! There is the www.74f.com tab again!
I need someone else who has Office 365 to repeat what I have described, using Firefox as the default browser, and see if it happens to them. If it doesn't, then we can maybe consider other explanations.
I don't normally give credence to conspiracy theories, but how can we be sure that the Chinese have not found a way to attack Mozilla's servers and infected Firefox? If you look for information on 77f.com, it DOES appear to be hosted on Chinese servers - doesn't it?
I mean www.74f.com
Have also just installed Maxthon browser, and like IE, that also is free of this malware/adware when selected as default browser and 'Manage Account' button is clicked in Office 365.
I have also tried Opera -also free of malware/adware.
It ONLY happens when Firefox is the default browser.
I look forward to any explanations please!
Have you tried these? https://support.mozilla.org/en-US/kb/troubleshoot-firefox-issues-caused-malware
You say it only happens when Firefox is the default browser. Then you may have some malware on your computer that targets Firefox.
If your claim was true that the en-US and en-GB comes with this then there would have been lots of other threads about it. In a search for 74f.com this is the only thread to come up.
Also the virus total results of the 29.0/29.0.1 en-Gb for Windows was clean as per earlier post.
Open Firefox using the direct run command.
- Use WinKey + R to open the Run option
Press and hold the key with the Windows Logo, then press R - Type in firefox.exe followed by the Return key
Does firefox start up ok like that ?
Compare that with how Firefox starts when an Icon is used. If the desktop icons cause a problem right click the icon to study its properties if it has been modified and an address added that will be part of the problem.
Should you find such a modification you will probably continue to have problems until you find and remove the malware that caused this.
You started your own Questions thread - https://support.mozilla.org/en-US/questions/1004509 - about this issue. Please stick with that thread, and not dig up other similar threads. That's not going to solve your problem. moderator - Ed
글쓴이 the-edmeister 수정일시
To the Mod Thanks I linked in an issue to get attention to what is obviously not an isolated issue
No answers yet MS apparently basically told the other guy at g.groups to get lost Another alleged MS tech couldnt fix it
SO is the issue with Mozilla? FF is my browser of choice and this is a pain
If FF installers are dropping mals then that is really bad, if not, then what.?
More light..
Regards
글쓴이 Longboard 수정일시
It has not been proven that any Firefox Release from mozilla.org for any OS comes with any form of malware.
Just because you get a malware issue while using Firefox does not mean it came with it.
Sadly Firefox is becoming one of the ever fewer free products that is not bundled with anything now days.
Longboard,
It may be best to read threads but only add comments if you have a solution or very important new information. "Ed" has already added a cross link to your other thread.
What is possibly happening is that computers already have malware that is so far undetected, but that is targeting Firefox, so you see problems when you install Firefox or reinstall Firefox. It is not unusual for malware and adware to target multiple browsers.
If you think your firefox installer stub or the complete download from a Mozilla site is being flagged as malware maybe it would help to contact the provider of your malware scanner and ask them to confirm this is a true positive. The virustotal checks are passing it as clear. Have you checked your malware detector / AV; or whatever is fully updated.
Your original thread is already tagged as escalate, but as already mentioned it may take a few days before HelpDesk can get to it.
Gothic Kate
You said you have no problem when using Opera, I just wondered did you try with Google Chrome ?
Longboard has a potentially related question and is seeing problems using both Firefox and Chrome.
Appreciate the feedback: I replied and linked et al because this issue has been out there for a while And GK is not alone: no solution anywhere I can find: maybe not common yet
Mal ware is a possibilty, I have scanned with all the already mentioned tools and extras.
I have high level paranoia with new HW & new installs, imaging and router, and NIS, MalWare Bytes, Webroot... I know not perfect. First FF extensions NOScript and adblocker
All installs scanned by multiple tools.
I dont really believe that the mozilla D/Ls are infected. :)
The exact issue occurs with Chrome. !
Must be something ....
I appreciate the escalate and am looking forwards to response
Regards
Problem looked at by Help Desk: no solution
I have posted a reply.
In the other thread https://support.mozilla.org/en-US/questions/1004509#answer-587042
Not really resolved ...
Stephen
First - Relax
So to clarify what the issue is. What apparently no one of our IT experts could figure out in a YEAR!
If you trace everything with Procmon you will see that this is a simple issue of not putting Quotation marks around Command line arguments.
That is what Office is executing as you click that "Manage Account" button. "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" http://o15.officeredir.microsoft.com/r/rlidOfficeManagementPortal?ver=15&app=outlook.exe&clid=111&p1=1&lidhelp=1111&liduser=1111&lidui=1111&MachineKey=11111-111-111111 66F
So there is a MachineKey generated with a space in it. What happens if you execute this in cmd… Correct – Firefox will assume that 66F is a 2nd argument in this case a URL and translate it to www.66f.com after not finding a DNS record for 66F in the local environment. Of course ChinaHackers will figure this out too and maybe use this… but then I couldn’t find anything strange with the 66f website.
As in this case: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" FirstTab 2ndTab
This is not a Firefox issue MS should just bloody put his Urls in Quotation marks! "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" “http://o15.officeredir.microsoft.com/r/rlidOfficeManagementPortal?ver=15&app=outlook.exe&clid=111&p1=1&lidhelp=1111&liduser=1111&lidui=1111&MachineKey=11111-111-111111 66F”
Now feel free to write Microsoft and tell them thanks for wasting 15min of my day.