Firefox updater being flagged as a trojan agent

[KerryETB]

We have a Barracuda web filter which gives us Malwarebytes as a removal tool.

 

Recently during scans it has started marking the firefox updater as a trojan agent. I was wondering if this is a risk or a false positive. I ran the following scan on a Windows XP PC today and it found the following

 

Michael

**************************************

 

Barracuda Malware Removal Tool 1.46

www.barracuda.com

 

Database version: 913071408

 

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

 

15/07/2013 14:05:05

bmrt-log-2013-07-15 (14-05-05).txt

 

Scan type: Full scan (C:\|D:\|)

Objects scanned: 362734

Time elapsed: 40 minute(s), 18 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 2

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

(No malicious items detected)

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

C:\WINDOWS\SoftwareDistribution\Download\bb00e871d14625ce5324ccdf7ad36ca9016bcaec (Trojan.Llac) -> No action taken. [080C65FEA020D768026AD4E77C8A5A1D]C:\Program Files\Mozilla Firefox\updater.exe (Trojan.Agent) -> No action taken. [43EFC9EA4B44BAB93FA8A462F9CC13C4]

 

bmrt-log-2013-07-15 (14-05-05).zip

[miekiemoes]

Hi,

 

Can you zip & attach both files that were detected to this thread?

Thanks!

[jni666]

I have been infected with this and I have contained it. If someone wants the relevant files let me know.

[miekiemoes]

Hi,

 

Please zip & attach the sample so we can verify whether this is a false positive or not.

[KerryETB]

I will run a scan again and upload the zipped file

[miekiemoes]

ok, please let me know in your next reply with the attachement.

(because, in case you edit your previous post with the attachement added, I won't get a notification for this )

[KerryETB]

Attached is the firefox updater.exe that got flagged yesterday on a scan

updater.zip

[miekiemoes]

Hi,

 

I cannot reproduce detection for this one though...

[KerryETB]

So does this mean it's a false positive?

[spywar]

That means the file is not detected by MBAM latest DB.

[miekiemoes]

This file is not malicious and is not detected on our end

[miekiemoes]

Hi Kerry, just to verify, the file you attached here, is this the one that was actually detected by Malwarebytes and was it located in C:\Program Files\Mozilla Firefox\updater.exe?

So you uploaded the updater.exe that is located there?

Does your barracuda still detect this file when you run a scan?

[KerryETB]

Yes, that is the one that was detected by Malwarebytes - I copied it from the folder, zipped it and uploaded it here. I have started another scan of the PC

[KerryETB]

Just scanned the PC again - it marked the firefox updater as Trojan.Agent (see attached copy of updater.exe and the log).

 

Update details :

Date : 7/16/2013

Database version : 913071608

Fingerprints loaded : 280462

 

I have removed the file and started another scan

scan.zip

[miekiemoes]

Ok thanks.

You can restore this file from quarantine again and add to your whitelist since it's not malicious.

Your version of Barracuda is outdated which explains this misdetection. Please update your baracuda build to 1.75.0.1300