Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Firefox update proces is corrupted/hacked to install background update 308046B0AF4A39CB which provides Tr.Gen threat

  • 12 replies
  • 1 has this problem
  • 18 views
  • Last reply by FredMcD

more options

I can't find anything about a compromised Firefox update while using the browser when you go to help and let the browser update itself. It seems you've been hacked because I can't otherwise explain the firefox background update 308046BoAF4A39CB, which is been detected by my systems. I obviously have more information about this if you like, but I see nowhere how to report this properly. This is the first time this has happened to me, at least as far as I know and so far I've only detected the Tr.Gen threat on my Windows computers. I would like an adequate response from Mozilla on how this could happen and what the repercussions are plus how to avoid this in the future. I've been using the Firefox browser on all my systems with various operating systems and would prefer to keep using it, but not if your own updating process is comprimised. I also think it's idiotic that I can't upload a bigger screenshot than 1024 kb because my very relevant picture is 3084 kb in size.

Sincerely,


J.L

I can't find anything about a compromised Firefox update while using the browser when you go to help and let the browser update itself. It seems you've been hacked because I can't otherwise explain the firefox background update 308046BoAF4A39CB, which is been detected by my systems. I obviously have more information about this if you like, but I see nowhere how to report this properly. This is the first time this has happened to me, at least as far as I know and so far I've only detected the Tr.Gen threat on my Windows computers. I would like an adequate response from Mozilla on how this could happen and what the repercussions are plus how to avoid this in the future. I've been using the Firefox browser on all my systems with various operating systems and would prefer to keep using it, but not if your own updating process is comprimised. I also think it's idiotic that I can't upload a bigger screenshot than 1024 kb because my very relevant picture is 3084 kb in size. Sincerely, J.L

All Replies (12)

more options

First, let's start with; You may have ad/mal-ware. Further information can be found in this article; https://support.mozilla.org/en-US/kb/troubleshoot-firefox-issues-caused-malware?cache=no

Run most or all of the listed free to use malware scanners. Each works differently. If one program misses something, another may pick it up.

more options

Let’s do a full clean re-install;

Note: Firefox comes in three or more folders on all computers. They are;

Maintenance: (Programs Folder) <Windows Only> Firefox itself: (Programs Folder) And two folders in the profile of each user on the computer for each Firefox profile for that user.

If you remove the Firefox folder, the user profiles would not be affected.


Download Firefox For All languages And Systems {web link}

Firefox ESR; Extended Support Release {web link}

Beta, Developer, Nightly versions https://www.mozilla.org/en-US/firefox/channel/desktop/

Install Older Version Of Firefox {web link} Be sure to read everything here.


Save the file. Then Close Firefox.

Using your file browser, open the Programs Folder on your computer.

Windows: C:\Program Files C:\Program Files (x86) Note: Check Both Folders

Mac: Open the "Applications" folder. https://support.mozilla.org/en-US/kb/how-download-and-install-firefox-mac

Linux: Check your user manual. If you installed Firefox with the distro-based package manager, you should use the same way to uninstall it. See Install Firefox on Linux; https://support.mozilla.org/en-US/kb/install-firefox-linux

If you downloaded and installed the binary package from the Firefox download page, simply remove the folder Firefox in your home directory. http://www.mozilla.org/firefox#desktop ++++++++++++++++++++++++++++ Look for, and remove any Mozilla or Firefox program folders. Do not remove the Mozilla Thunderbird folder if there is one.

Do Not remove any profile folders.

After rebooting the computer, run a registry scanner if you have one. Then run the installer. +++++++++++++++++++++++++++ If there is a problem, start your Computer in safe mode and try again.

How to Start all Computers in Safe Mode; {web link} Free Online Encyclopedia

more options

FredMcD zei

First, let's start with; You may have ad/mal-ware. Further information can be found in this article; https://support.mozilla.org/en-US/kb/troubleshoot-firefox-issues-caused-malware?cache=no Run most or all of the listed free to use malware scanners. Each works differently. If one program misses something, another may pick it up.

Dear FredMcD,

Thank you for your quick reply and my apologies for me respinding so late. Most of the suggested malware scanners I'm formiliair with and have on my system. I've never tried Microsoft Safety Scanner before so that's what I'm currently running to scan my entire computer. I used Kaspersky years ago for a long time, but when Kaspersky came in the news that the Russian government had a big influence the company I've stopped using it. Are you sure that Kaspersky's TDSSkiller or other related products aren't dangerous themselves?

I by the way wanted to mention that in my case Roguekiller and other related Adlice software discovered and removed the threat on one system before I wrote my post.

One system is still infected, but since both systems had this firefox background update 308046BoAF4A39CB and so far I've only detected the Tr.Gen threat on my Windows computers, I also would like to know where this originated. I only use official software from original vendors and update only via Help/About Firefox which starts the automatic update process if available and will update the browser.

I do have a lot of add-ons. Can one be compromised because I don't see another way besides the update process being corrupted/hacked?

Please let me know your thoughts so far about my latest questions and thank you for taking the time to answer adequately with options. I won't do the other options suggested until I know what the source is and how to prevent it.

Kind regards,

JFL

more options

Jayfl said

. . . but when Kaspersky came in the news that the Russian government . . . Are you sure that Kaspersky's TDSSkiller or other related products aren't dangerous themselves?

I have not heard of this. But many use the program. I think if something bad were going on, it would have been pulled.


I also would like to know where this originated. I only use official software from original vendors

It could have come from anywhere. E-mails for example. Also, It’s very sad, but many software downloaders/ installers will trick you into installing not only their program, but other programs as well.

You have heard of the fine print in shady contracts, right? Well, some installers you need to look at the itsy bitsy teeny weeny fine print.

You are thinking you are giving the installer permission to install the program you want by using the recommended option. But if you use the Manual Option Instead, you discover all kinds of stuff that you do not even know what it is or what it does.

From now on, everyone needs to Use The Manual Option to put a stop to this.

Note that these programs can also change browser/computer settings.

more options

Jayfl said

I do have a lot of add-ons. Can one be compromised . . .

Add-ons posted on Mozilla's Add-on web page are checked for any problems. Several, over time, have been removed for violating their policies.

Add-ons not downloaded from Mozilla (and there are some) may not have been tested.


Continue using the mal-scanners to see if there are other issues.

more options

Jayfl said

...but not if your own updating process is comprimised.

This would be a first if a internal desktop Firefox update from Mozilla was the cause of installing some form of malware and this would be a Hot topic of discussion here, at independent forums.mozillazine.org and elsewhere by now if true.

The only thing that came up in a search for Firefox 308046B0AF4A39CB was this almost two year old thread /questions/1283844

What scanners are you using to find this Tr.Gen threat 308046BoAF4A39CB ? as a small number have been known to do False Positives with various Mozilla related applications including Firefox, Thunderbird and SeaMonkey over the years.

Cylance, Antiy-AVL, Clam, Jiangmin and Norton has been among a short list of those that have been prone to false positives with the desktop Firefox over the years. Especially with Firefox updates and with the small online stub installer but not so much with the full setup on Windows.

A common false positives are often them (Cylance especially) having a issue with 7zS.sfx which is the 7-ZIP self extractor used since Firefox 0.8 (Feb 2004).

Modified by James

more options

FredMcD zei

First, let's start with; You may have ad/mal-ware. Further information can be found in this article; https://support.mozilla.org/en-US/kb/troubleshoot-firefox-issues-caused-malware?cache=no Run most or all of the listed free to use malware scanners. Each works differently. If one program misses something, another may pick it up.
more options

I'm not aware if you know this but the only programs that found my ad/malware were programs from Adlice called RogueKiller plus Diag. I've tried both TDSS plus the other recommend tool MSERT but both showed at their final result no infections. I already had Malwarebytes among others.

Is removing the threat by Adlice software nof sufficient enough?

I use like you suggested multiple security programs which I usually do already but none other detected it as I said.

I once again I can't show you the frame because of Mozilla limitations in size.

more options

FredMcD zei

Jayfl said

. . . but when Kaspersky came in the news that the Russian government . . . Are you sure that Kaspersky's TDSSkiller or other related products aren't dangerous themselves?

I have not heard of this. But many use the program. I think if something bad were going on, it would have been pulled.


I also would like to know where this originated. I only use official software from original vendors

It could have come from anywhere. E-mails for example. Also, It’s very sad, but many software downloaders/ installers will trick you into installing not only their program, but other programs as well.

You have heard of the fine print in shady contracts, right? Well, some installers you need to look at the itsy bitsy teeny weeny fine print.

You are thinking you are giving the installer permission to install the program you want by using the recommended option. But if you use the Manual Option Instead, you discover all kinds of stuff that you do not even know what it is or what it does.

From now on, everyone needs to Use The Manual Option to put a stop to this.

Note that these programs can also change browser/computer settings.

In this case E-mails are an unlikely source because of several reasons among others I don't open links or downloads from people I don't know so phishing for instance would be quite impossible unless we are talking about Pegasus spyware were nothing has to be clicked on but I doubt any of the mentioned scanners would detect something like that.

I also know the practice you speak of called recommend install and I'm always extremely careful and usually if not all the time customize my install without additional software and choose manual as you suggested. So that also seems an unlikely source.

I will admit however that I usually do not read the fine print in shady contracts, but that's mostly because I use software that I've used forever from official or appropriate vendors and don't have the time to read every change everytime.

more options

FredMcD zei

Let’s do a full clean re-install; Note: Firefox comes in three or more folders on all computers. They are; Maintenance: (Programs Folder) <Windows Only> Firefox itself: (Programs Folder) And two folders in the profile of each user on the computer for each Firefox profile for that user. If you remove the Firefox folder, the user profiles would not be affected.

Download Firefox For All languages And Systems {web link}

Firefox ESR; Extended Support Release {web link}

Beta, Developer, Nightly versions https://www.mozilla.org/en-US/firefox/channel/desktop/

Install Older Version Of Firefox {web link} Be sure to read everything here.


Save the file. Then Close Firefox.

Using your file browser, open the Programs Folder on your computer.

Windows: C:\Program Files C:\Program Files (x86) Note: Check Both Folders

Mac: Open the "Applications" folder. https://support.mozilla.org/en-US/kb/how-download-and-install-firefox-mac

Linux: Check your user manual. If you installed Firefox with the distro-based package manager, you should use the same way to uninstall it. See Install Firefox on Linux; https://support.mozilla.org/en-US/kb/install-firefox-linux

If you downloaded and installed the binary package from the Firefox download page, simply remove the folder Firefox in your home directory. http://www.mozilla.org/firefox#desktop ++++++++++++++++++++++++++++ Look for, and remove any Mozilla or Firefox program folders. Do not remove the Mozilla Thunderbird folder if there is one.

Do Not remove any profile folders.

After rebooting the computer, run a registry scanner if you have one. Then run the installer. +++++++++++++++++++++++++++ If there is a problem, start your Computer in safe mode and try again.

How to Start all Computers in Safe Mode; {web link} Free Online Encyclopedia

I have Ccleaner and have been using that for many years which has a registry cleaner included which I use regularly. When you talk about the folders you mention I've only been able to found Mozilla Maintenance folder which I deleted.

Once I used your link: http://www.mozilla.org/en-US/firefox/all/ Download Firefox For All languages And Systems] {web link}

The reinstall will happen and it even asked if I wanted keep settings plus add-ons. I clicked yes because I wanted to see what would happen, but language and other settings plus add-ons were removed with this new install. Now I have doubt whether this install is clean enough, why I can't find the other folder you mentioned and if a clean Dutch version is available?

Thank you for your information so far. Perhaps it's helpful to know that we are talking about 64-bit Windows 8 versions and that I've checked both Program Files and Program Files (x86). Unless it's hidden?

more options

Please don't use Quote as it makes getting to your response a bit harder.

Jayfl said

When you talk about the folders you mention I've only been able to found Mozilla Maintenance folder which I deleted.

It's possible the program was installed in a different folder. For Windows, open a file browser in C:\Program Files and C:\Program Files (x86) and search for Firefox. Don't do anything. Just see if anything is there.


I wanted keep settings plus add-ons. I clicked yes . . . but language and other settings plus add-ons were removed.

Sometimes when the browser thinks there is a problem with the profile, it will create a new one.


Look on your desktop. Do you see a folder called; Old Firefox? Look inside. Look for the folder with the latest creation date.

https://support.mozilla.org/en-US/kb/recovering-important-data-from-an-old-profile

https://support.mozilla.org/en-US/kb/back-and-restore-information-firefox-profiles

https://support.mozilla.org/en-US/kb/how-run-firefox-when-profile-missing-inaccessible


https://support.mozilla.org/en-US/kb/recover-user-data-missing-after-firefox-update

more options

Also see; https://support.mozilla.org/en-US/kb/how-run-firefox-when-profile-missing-inaccessible

http://kb.mozillazine.org/Profile_folder_-_Firefox#Navigating_to_the_profile_folder

https://support.mozilla.org/en-US/kb/profile-manager-create-and-remove-firefox-profiles

https://support.mozilla.org/en-US/kb/back-and-restore-information-firefox-profiles


Type about:profiles<enter> in the address box. How many profiles are listed? How many should be there? Also, open the profile folder in your file explorer.


https://support.mozilla.org/en-US/kb/recover-user-data-missing-after-firefox-update

Modified by FredMcD