We're calling on all EU-based Mozillians with iOS or iPadOS devices to help us monitor Apple’s new browser choice screens. Join the effort to hold Big Tech to account!

ค้นหาฝ่ายสนับสนุน

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

เรียนรู้เพิ่มเติม

New update and new infection detected from AVG

  • 13 การตอบกลับ
  • 7 คนมีปัญหานี้
  • 1 ครั้งที่ดู
  • ตอบกลับล่าสุดโดย vessto

more options

I posted similar topic after previous update but that time I decided update and infection detection are not as connected. My previous post: https://support.mozilla.org/en-US/questions/1120200 But today after the latest update I got notification from AVG again. In my opinion this is a real problem and IS connected with the update. Screenshot attached.

It might be connected with add-on too. I have 96 and some don't have Mozilla links anymore, only links to their sites.

I posted similar topic after previous update but that time I decided update and infection detection are not as connected. My previous post: https://support.mozilla.org/en-US/questions/1120200 But today after the latest update I got notification from AVG again. In my opinion this is a real problem and IS connected with the update. Screenshot attached. It might be connected with add-on too. I have 96 and some don't have Mozilla links anymore, only links to their sites.
ภาพหน้าจอที่แนบมา

เปลี่ยนแปลงโดย vessto เมื่อ

การตอบกลับทั้งหมด (13)

more options

can you please share what's going on in the details/more info section - currently the screenshot & the threat description isn't very meaningful...

more options

philipp said

can you please share what's going on in the details/more info section - currently the screenshot & the threat description isn't very meaningful...

Clicking More Info leads to this common page in AVG http://www.avgthreatlabs.com/eu-en/virus-and-malware-information/content/generic-virus/?name=@unknownMalware&utm_source=TDPU&utm_medium=IDP&PRTYPE=AVF

But previous time before AVG to secure it Malwarebytes found 3 Goobzo viruses and my system started fake Maintenance with 90% CPU usage.

Details have more info:

"";"General behavioral detection, C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UPDATED\FIREFOX.EXE";"Deleted";"File or Directory";"4.5.2016 г., 12:23:30" "";", C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UPDATED\FIREFOX.EXE";"Object was blocked";"Process";"4.5.2016 г., 12:23:30" "";", C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UPDATED\FIREFOX.EXE";"Object was blocked";"Process";"4.5.2016 г., 12:23:30" "";", C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UPDATED\FIREFOX.EXE";"Object was blocked";"Process";"4.5.2016 г., 12:23:30" "";", C:\Windows\SysWOW64\cmd.exe";"Object was blocked";"Process";"4.5.2016 г., 12:23:30" "";", C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe";"Object was blocked";"Process";"4.5.2016 г., 12:23:30" "";", C:\Windows\SysWOW64\rundll32.exe";"Object was blocked";"Process";"4.5.2016 г., 12:23:30" "";", C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe";"Object was blocked";"Process";"4.5.2016 г., 12:23:30" "";", C:\Windows\SysWOW64\cmd.exe";"Object was blocked";"Process";"4.5.2016 г., 12:23:30" "";", C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_21_0_0_213.exe";"Object was blocked";"Process";"4.5.2016 г., 12:23:30" "";", C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_21_0_0_213.exe";"Object was blocked";"Process";"4.5.2016 г., 12:23:30" "";", C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_21_0_0_213.exe";"Object was blocked";"Process";"4.5.2016 г., 12:23:30" "";", C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_21_0_0_213.exe";"Object was blocked";"Process";"4.5.2016 г., 12:23:30" "";", C:\Windows\System32\conhost.exe";"Object was blocked";"Process";"4.5.2016 г., 12:23:30" "";", C:\Windows\SysWOW64\typeperf.exe";"Object was blocked";"Process";"4.5.2016 г., 12:23:30" "";", C:\Windows\System32\conhost.exe";"Object was blocked";"Process";"4.5.2016 г., 12:23:30" "";", C:\Windows\SysWOW64\taskkill.exe";"Object was blocked";"Process";"4.5.2016 г., 12:23:30" "";", C:\Windows\SysWOW64\cmd.exe";"Object was blocked";"Process";"4.5.2016 г., 12:23:30" "";", C:\Windows\SysWOW64\cmd.exe";"Object was blocked";"Process";"4.5.2016 г., 12:23:30" "";", C:\Windows\System32\conhost.exe";"Object was blocked";"Process";"4.5.2016 г., 12:23:30" "";", C:\Windows\SysWOW64\typeperf.exe";"Object was blocked";"Process";"4.5.2016 г., 12:23:30" "";", C:\Windows\System32\conhost.exe";"Object was blocked";"Process";"4.5.2016 г., 12:23:30" "";", C:\Windows\SysWOW64\taskkill.exe";"Object was blocked";"Process";"4.5.2016 г., 12:23:30"

เปลี่ยนแปลงโดย vessto เมื่อ

more options

thanks - in general that folders look genuine. when firefox is downloading an automatic update, the new files will be stored "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UPDATED\" and replace the old files in the program folder once the application is restarted. i think you should primarily get in contact with avast's support about this - if this alone is detected as an abstract bad behaviour that sounds rather bad and like a common source for false positives...

more options

philipp said

thanks - in general that folders look genuine. when firefox is downloading an automatic update, the new files will be stored "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UPDATED\" and replace the old files in the program folder once the application is restarted. i think you should primarily get in contact with avast's support about this - if this alone is detected as an abstract bad behaviour that sounds rather bad and like a common source for false positives...

I'll post a question in AVG Free forum. I'd be glad if it was just false positive. But this warning never happened before FF46. Also Goobzo and fake Maintenance scared me, if it weren't they I'd be much more calm. I mean if it only was AVG, but not Malwarebytes detection and system going strange too.

เปลี่ยนแปลงโดย vessto เมื่อ

more options

Of course its false positive, Mozilla doesnt offer update or executable with malwares.

more options

Oxylatium said

Of course its false positive, Mozilla doesnt offer update or executable with malwares.

It is not false positive and it certainly is not from Mozilla. Most likely it is some add-on or plugin corrupted. As you can see another user has this problem too.

เปลี่ยนแปลงโดย vessto เมื่อ

more options

Just ask AVG , not a Firefox issue

เปลี่ยนแปลงโดย Chris Ilias เมื่อ

more options

Oxylatium said

Just ask AVG , not a Firefox issue

And probably to ask Malwarebytes too, about Goobzo detection, and my own PC about doing things that never did before? I know my PC well, I observe my Task Manager non-stop. Unusual action really occurred. Please, go trolling in another question. I need a real help.

เปลี่ยนแปลงโดย Chris Ilias เมื่อ

more options

I've removed the profanity from Oxylatium's post. Please read the Mozilla Support rules and guidelines, thank you. :)

more options

I saw some scammer posted a reply, many thanks to mods that deleted their reply! Scam links are visible in the email notification but I never open from there, prefer seeing the post here.

more options

Did you post in the AVG forum if so have you got the link please ?

I don't know whether you are aware but there are a lot of fake updates for Firefox on the internet at present. Many of the current batch are using an orange splash screen with authentic looking logos. They had .exe files but are now using .js files.

There is a related contributors discussion you may wish to glance at /forums/contributors/712056?last=69678

As you have already had one recent malware issue it may be worth scanning your computer again with all the tools listed in

And as the new fake updates are sometimes associated with a particularly dangerous and difficult to deal with Kovter Trojan you may wish to use a dedicated removal tool for that. The tool runs very quickly and either announces nothing is found or generates a short log file if it finds and removes anything.

more options

vessto said

I saw some scammer posted a reply, many thanks to mods that deleted their reply!

Not deleted, was marked as spam which makes it visible to only mods/admins.

more options

John99 said

Did you post in the AVG forum if so have you got the link please ? I don't know whether you are aware but there are a lot of fake updates for Firefox on the internet at present. Many of the current batch are using an orange splash screen with authentic looking logos. They had .exe files but are now using .js files. There is a related contributors discussion you may wish to glance at /forums/contributors/712056?last=69678 As you have already had one recent malware issue it may be worth scanning your computer again with all the tools listed in And as the new fake updates are sometimes associated with a particularly dangerous and difficult to deal with Kovter Trojan you may wish to use a dedicated removal tool for that. The tool runs very quickly and either announces nothing is found or generates a short log file if it finds and removes anything.

Yes, I asked in AVG but they sent me a ticket which I should accept so they to investigate remotely my PC. I'm still in doubt if to agree to that. I stopped responding here because now I got notifications from AVG about Opera and Opera Beta updates which widened the problem. I informed AVG about that too. I installed TOR and it has also warning everytime I just open it but imho there the problem is the deep web, not a real infection.

I always update Mozilla from About button or when it tells me there's update. I never update from the web.

First time when I got Mozilla detection and I didn't secured it thinking it is false positive. That time I got 3 infections. After that I secure every AVG detection. If 3 of my browsers have infection when update that might also mean that an extension I use in all of them is infected. I doubt this is ABP. The other extension I have in 3 is Click&Clean. Maybe my investigation should target extensions, not the same browsers which have legal updates.

Thank you for the links, will check them!