Firefox update proces is corrupted/hacked to install background update 308046B0AF4A39CB which provides Tr.Gen threat
I can't find anything about a compromised Firefox update while using the browser when you go to help and let the browser update itself. It seems you've been hacked because I can't otherwise explain the firefox background update 308046BoAF4A39CB, which is been detected by my systems. I obviously have more information about this if you like, but I see nowhere how to report this properly. This is the first time this has happened to me, at least as far as I know and so far I've only detected the Tr.Gen threat on my Windows computers. I would like an adequate response from Mozilla on how this could happen and what the repercussions are plus how to avoid this in the future. I've been using the Firefox browser on all my systems with various operating systems and would prefer to keep using it, but not if your own updating process is comprimised. I also think it's idiotic that I can't upload a bigger screenshot than 1024 kb because my very relevant picture is 3084 kb in size.
Sincerely,
J.L
All Replies (12)
First, let's start with; You may have ad/mal-ware. Further information can be found in this article; https://support.mozilla.org/en-US/kb/troubleshoot-firefox-issues-caused-malware?cache=no
Run most or all of the listed free to use malware scanners. Each works differently. If one program misses something, another may pick it up.
Let’s do a full clean re-install;
Note: Firefox comes in three or more folders on all computers. They are;
Maintenance: (Programs Folder) <Windows Only> Firefox itself: (Programs Folder) And two folders in the profile of each user on the computer for each Firefox profile for that user.
If you remove the Firefox folder, the user profiles would not be affected.
Download Firefox For All languages And Systems {web link}
Firefox ESR; Extended Support Release {web link}
Beta, Developer, Nightly versions https://www.mozilla.org/en-US/firefox/channel/desktop/
Install Older Version Of Firefox {web link} Be sure to read everything here.
Save the file. Then Close Firefox.
Using your file browser, open the Programs Folder on your computer.
Windows: C:\Program Files C:\Program Files (x86) Note: Check Both Folders
Mac: Open the "Applications" folder. https://support.mozilla.org/en-US/kb/how-download-and-install-firefox-mac
Linux: Check your user manual. If you installed Firefox with the distro-based package manager, you should use the same way to uninstall it. See Install Firefox on Linux; https://support.mozilla.org/en-US/kb/install-firefox-linux
If you downloaded and installed the binary package from the Firefox download page, simply remove the folder Firefox in your home directory. http://www.mozilla.org/firefox#desktop ++++++++++++++++++++++++++++ Look for, and remove any Mozilla or Firefox program folders. Do not remove the Mozilla Thunderbird folder if there is one.
Do Not remove any profile folders.
After rebooting the computer, run a registry scanner if you have one. Then run the installer. +++++++++++++++++++++++++++ If there is a problem, start your Computer in safe mode and try again.
How to Start all Computers in Safe Mode; {web link} Free Online Encyclopedia
FredMcD zei
First, let's start with; You may have ad/mal-ware. Further information can be found in this article; https://support.mozilla.org/en-US/kb/troubleshoot-firefox-issues-caused-malware?cache=no Run most or all of the listed free to use malware scanners. Each works differently. If one program misses something, another may pick it up.
Dear FredMcD,
Thank you for your quick reply and my apologies for me respinding so late. Most of the suggested malware scanners I'm formiliair with and have on my system. I've never tried Microsoft Safety Scanner before so that's what I'm currently running to scan my entire computer. I used Kaspersky years ago for a long time, but when Kaspersky came in the news that the Russian government had a big influence the company I've stopped using it. Are you sure that Kaspersky's TDSSkiller or other related products aren't dangerous themselves?
I by the way wanted to mention that in my case Roguekiller and other related Adlice software discovered and removed the threat on one system before I wrote my post.
One system is still infected, but since both systems had this firefox background update 308046BoAF4A39CB and so far I've only detected the Tr.Gen threat on my Windows computers, I also would like to know where this originated. I only use official software from original vendors and update only via Help/About Firefox which starts the automatic update process if available and will update the browser.
I do have a lot of add-ons. Can one be compromised because I don't see another way besides the update process being corrupted/hacked?
Please let me know your thoughts so far about my latest questions and thank you for taking the time to answer adequately with options. I won't do the other options suggested until I know what the source is and how to prevent it.
Kind regards,
JFL
Jayfl said
. . . but when Kaspersky came in the news that the Russian government . . . Are you sure that Kaspersky's TDSSkiller or other related products aren't dangerous themselves?
I have not heard of this. But many use the program. I think if something bad were going on, it would have been pulled.
I also would like to know where this originated. I only use official software from original vendors
It could have come from anywhere. E-mails for example. Also, It’s very sad, but many software downloaders/ installers will trick you into installing not only their program, but other programs as well.
You have heard of the fine print in shady contracts, right? Well, some installers you need to look at the itsy bitsy teeny weeny fine print.
You are thinking you are giving the installer permission to install the program you want by using the recommended option. But if you use the Manual Option Instead, you discover all kinds of stuff that you do not even know what it is or what it does.
From now on, everyone needs to Use The Manual Option to put a stop to this.
Note that these programs can also change browser/computer settings.
Jayfl said
I do have a lot of add-ons. Can one be compromised . . .
Add-ons posted on Mozilla's Add-on web page are checked for any problems. Several, over time, have been removed for violating their policies.
Add-ons not downloaded from Mozilla (and there are some) may not have been tested.
Continue using the mal-scanners to see if there are other issues.
Jayfl said
...but not if your own updating process is comprimised.
This would be a first if a internal desktop Firefox update from Mozilla was the cause of installing some form of malware and this would be a Hot topic of discussion here, at independent forums.mozillazine.org and elsewhere by now if true.
The only thing that came up in a search for Firefox 308046B0AF4A39CB was this almost two year old thread /questions/1283844
What scanners are you using to find this Tr.Gen threat 308046BoAF4A39CB ? as a small number have been known to do False Positives with various Mozilla related applications including Firefox, Thunderbird and SeaMonkey over the years.
Cylance, Antiy-AVL, Clam, Jiangmin and Norton has been among a short list of those that have been prone to false positives with the desktop Firefox over the years. Especially with Firefox updates and with the small online stub installer but not so much with the full setup on Windows.
A common false positives are often them (Cylance especially) having a issue with 7zS.sfx which is the 7-ZIP self extractor used since Firefox 0.8 (Feb 2004).
Modified
FredMcD zei
First, let's start with; You may have ad/mal-ware. Further information can be found in this article; https://support.mozilla.org/en-US/kb/troubleshoot-firefox-issues-caused-malware?cache=no Run most or all of the listed free to use malware scanners. Each works differently. If one program misses something, another may pick it up.
I'm not aware if you know this but the only programs that found my ad/malware were programs from Adlice called RogueKiller plus Diag. I've tried both TDSS plus the other recommend tool MSERT but both showed at their final result no infections. I already had Malwarebytes among others.
Is removing the threat by Adlice software nof sufficient enough?
I use like you suggested multiple security programs which I usually do already but none other detected it as I said.
I once again I can't show you the frame because of Mozilla limitations in size.
FredMcD zei
Jayfl said
. . . but when Kaspersky came in the news that the Russian government . . . Are you sure that Kaspersky's TDSSkiller or other related products aren't dangerous themselves?I have not heard of this. But many use the program. I think if something bad were going on, it would have been pulled.
I also would like to know where this originated. I only use official software from original vendorsIt could have come from anywhere. E-mails for example. Also, It’s very sad, but many software downloaders/ installers will trick you into installing not only their program, but other programs as well.
You have heard of the fine print in shady contracts, right? Well, some installers you need to look at the itsy bitsy teeny weeny fine print.
You are thinking you are giving the installer permission to install the program you want by using the recommended option. But if you use the Manual Option Instead, you discover all kinds of stuff that you do not even know what it is or what it does.
From now on, everyone needs to Use The Manual Option to put a stop to this.
Note that these programs can also change browser/computer settings.
In this case E-mails are an unlikely source because of several reasons among others I don't open links or downloads from people I don't know so phishing for instance would be quite impossible unless we are talking about Pegasus spyware were nothing has to be clicked on but I doubt any of the mentioned scanners would detect something like that.
I also know the practice you speak of called recommend install and I'm always extremely careful and usually if not all the time customize my install without additional software and choose manual as you suggested. So that also seems an unlikely source.
I will admit however that I usually do not read the fine print in shady contracts, but that's mostly because I use software that I've used forever from official or appropriate vendors and don't have the time to read every change everytime.
FredMcD zei
Let’s do a full clean re-install; Note: Firefox comes in three or more folders on all computers. They are; Maintenance: (Programs Folder) <Windows Only> Firefox itself: (Programs Folder) And two folders in the profile of each user on the computer for each Firefox profile for that user. If you remove the Firefox folder, the user profiles would not be affected.
Download Firefox For All languages And Systems {web link}
Firefox ESR; Extended Support Release {web link}
Beta, Developer, Nightly versions https://www.mozilla.org/en-US/firefox/channel/desktop/
Install Older Version Of Firefox {web link} Be sure to read everything here.
Save the file. Then Close Firefox.Using your file browser, open the Programs Folder on your computer.
Windows: C:\Program Files C:\Program Files (x86) Note: Check Both Folders
Mac: Open the "Applications" folder. https://support.mozilla.org/en-US/kb/how-download-and-install-firefox-mac
Linux: Check your user manual. If you installed Firefox with the distro-based package manager, you should use the same way to uninstall it. See Install Firefox on Linux; https://support.mozilla.org/en-US/kb/install-firefox-linux
If you downloaded and installed the binary package from the Firefox download page, simply remove the folder Firefox in your home directory. http://www.mozilla.org/firefox#desktop ++++++++++++++++++++++++++++ Look for, and remove any Mozilla or Firefox program folders. Do not remove the Mozilla Thunderbird folder if there is one.
Do Not remove any profile folders.
After rebooting the computer, run a registry scanner if you have one. Then run the installer. +++++++++++++++++++++++++++ If there is a problem, start your Computer in safe mode and try again.
How to Start all Computers in Safe Mode; {web link} Free Online Encyclopedia
I have Ccleaner and have been using that for many years which has a registry cleaner included which I use regularly. When you talk about the folders you mention I've only been able to found Mozilla Maintenance folder which I deleted.
Once I used your link: http://www.mozilla.org/en-US/firefox/all/ Download Firefox For All languages And Systems] {web link}
The reinstall will happen and it even asked if I wanted keep settings plus add-ons. I clicked yes because I wanted to see what would happen, but language and other settings plus add-ons were removed with this new install. Now I have doubt whether this install is clean enough, why I can't find the other folder you mentioned and if a clean Dutch version is available?
Thank you for your information so far. Perhaps it's helpful to know that we are talking about 64-bit Windows 8 versions and that I've checked both Program Files and Program Files (x86). Unless it's hidden?
Please don't use Quote as it makes getting to your response a bit harder.
Jayfl said
When you talk about the folders you mention I've only been able to found Mozilla Maintenance folder which I deleted.
It's possible the program was installed in a different folder. For Windows, open a file browser in C:\Program Files and C:\Program Files (x86) and search for Firefox. Don't do anything. Just see if anything is there.
I wanted keep settings plus add-ons. I clicked yes . . . but language and other settings plus add-ons were removed.
Sometimes when the browser thinks there is a problem with the profile, it will create a new one.
Look on your desktop. Do you see a folder
called; Old Firefox? Look inside.
Look for the folder with the latest creation date.
https://support.mozilla.org/en-US/kb/recovering-important-data-from-an-old-profile
https://support.mozilla.org/en-US/kb/back-and-restore-information-firefox-profiles
https://support.mozilla.org/en-US/kb/how-run-firefox-when-profile-missing-inaccessible
https://support.mozilla.org/en-US/kb/recover-user-data-missing-after-firefox-update
Also see; https://support.mozilla.org/en-US/kb/how-run-firefox-when-profile-missing-inaccessible
http://kb.mozillazine.org/Profile_folder_-_Firefox#Navigating_to_the_profile_folder
https://support.mozilla.org/en-US/kb/profile-manager-create-and-remove-firefox-profiles
https://support.mozilla.org/en-US/kb/back-and-restore-information-firefox-profiles
Type about:profiles<enter> in the address box.
How many profiles are listed?
How many should be there?
Also, open the profile folder in your file explorer.
https://support.mozilla.org/en-US/kb/recover-user-data-missing-after-firefox-update
Modified