KerryETB

Firefox updater being flagged as a trojan agent

15 posts in this topic

We have a Barracuda web filter which gives us Malwarebytes as a removal tool.

 

Recently during scans it has started marking the firefox updater as a trojan agent. I was wondering if this is a risk or a false positive. I ran the following scan on a Windows XP PC today and it found the following

 

Michael

**************************************

 

Barracuda Malware Removal Tool 1.46
www.barracuda.com
 
Database version: 913071408
 
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
 
15/07/2013 14:05:05
bmrt-log-2013-07-15 (14-05-05).txt
 
Scan type: Full scan (C:\|D:\|)
Objects scanned: 362734
Time elapsed: 40 minute(s), 18 second(s)
 
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2
 
Memory Processes Infected:
(No malicious items detected)
 
Memory Modules Infected:
(No malicious items detected)
 
Registry Keys Infected:
(No malicious items detected)
 
Registry Values Infected:
(No malicious items detected)
 
Registry Data Items Infected:
(No malicious items detected)
 
Folders Infected:
(No malicious items detected)
 
Files Infected:
C:\WINDOWS\SoftwareDistribution\Download\bb00e871d14625ce5324ccdf7ad36ca9016bcaec (Trojan.Llac) -> No action taken. [080C65FEA020D768026AD4E77C8A5A1D]C:\Program Files\Mozilla Firefox\updater.exe (Trojan.Agent) -> No action taken. [43EFC9EA4B44BAB93FA8A462F9CC13C4]
 

bmrt-log-2013-07-15 (14-05-05).zip

Share this post


Link to post
Share on other sites

Hi,

 

Can you zip & attach both files that were detected to this thread?

Thanks!

Share this post


Link to post
Share on other sites

I have been infected with this and I have contained it. If someone wants the relevant files let me know.

Share this post


Link to post
Share on other sites

Hi,

 

Please zip & attach the sample so we can verify whether this is a false positive or not.

Share this post


Link to post
Share on other sites

ok, please let me know in your next reply with the attachement.

(because, in case you edit your previous post with the attachement added, I won't get a notification for this ;) )

Share this post


Link to post
Share on other sites

Hi,

 

I cannot reproduce detection for this one though...

Share this post


Link to post
Share on other sites

That means the file is not detected by MBAM latest DB.

Share this post


Link to post
Share on other sites

This file is not malicious and is not detected on our end :)

Share this post


Link to post
Share on other sites

Hi Kerry, just to verify, the file you attached here, is this the one that was actually detected by Malwarebytes and was it located in C:\Program Files\Mozilla Firefox\updater.exe?

So you uploaded the updater.exe that is located there?

Does your barracuda still detect this file when you run a scan?

Share this post


Link to post
Share on other sites

Yes, that is the one that was detected by Malwarebytes - I copied it from the folder, zipped it and uploaded it here. I have started another scan of the PC

Share this post


Link to post
Share on other sites

Just scanned the PC again - it marked the firefox updater as Trojan.Agent (see attached copy of updater.exe and the log).

 

Update details :

Date : 7/16/2013

Database version : 913071608

Fingerprints loaded : 280462

 

I have removed the file and started another scan

scan.zip

Share this post


Link to post
Share on other sites

Ok thanks.

You can restore this file from quarantine again and add to your whitelist since it's not malicious.

Your version of Barracuda is outdated which explains this misdetection. Please update your baracuda build to 1.75.0.1300

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.