Windows 10: Possible Firefox Infection Issue

IDK what to think MM. FF was working fine first thing this morning, then the toaster popped up (again) telling me v49 should be installed. I had TF, gmail, gmx mail and yahoo mail open. Decided I would update before I got into my work mode, and that's when all hell broke loose. Once FF restarted, everything was crazy like I've only seen with bad infections. Pages were freezing, scripting errors, nothing would download, the box would flash repeatedly while trying to download something, the whole browser would freeze constantly....exactly like severe infestations and worms. I couldn't even export my bookmarks - had to do it outside FF. Updating to v50 didn't help, reverting to v48 didn't help. I had to nuke the whole thing completely, clear it out of the computer, and reinstall clean.

Thing is, aside from the 26 reg entries found by ADWCleaner (which may be FPs), nothing has shown up - not on ESET or MBAM or Sophos or SAS or my eval of FRST - nothing! I am stumped. Those reg entries point to a trojan from back in the XP W2K days. No other computer in the house is on, so there can't be any contamination from them either. I just don't understand. Wish I could nail this thing, so I'd know what the heck was going on.

 

Looks like the AdwCleaner issue has been confirmed as a false positive and fixed. https://toolslib.net/forum/viewthrea...few-different/

 

Hi:

Yeah, the AdwCleaner hits were a F/P and were fixed sometime yesterday.

Does Firefox generate toaster popups when outdated? (I do not recall ever seeing that, even though I often wait to upgrade for a few days after a new release version ships.)
Or was that coming from Windows or some 3rd-party application update checker?
Or am I losing what's left of my mind?*Huh
(Sorry, I don't have a test box or VM to test this.)

With an open browser and open webmail apps, I suppose it's possible that something may have slipped in, perhaps via some sort of drive-by exploit?

The only thing I'm on which I'm willing to stake my leftover Halloween candy stash is that a legitimate Firefox installer directly from Mozilla would be 100% clean.
I always do a manual, on-top upgrade with the full setup file I get here:
https://www.mozilla.org/en-US/firefox/all/

I'm no expert, but in all my years using Fx and hanging out at their user community & elsewhere, I've never heard of an infected installer.

Sure does sound suspicious, though.

Cheers,
MM

 

OK, so this means we need to put the reg keys back in apparently *Mad, I'm curious as to what they were for. Nothing appears broke....yet. I researched one & got a ref to MS Office.

@MoxieMomma, yes, I would think a FF installer would be clean, but then it wouldn't be the 1st time someone infiltrated an organization & planted malware. I'm thinking maybe her d/l got corrupted & caused the problems with FF?

 

Thanks everyone. I don't know what to think.
I'm going to create a restore point and update to v49.
MM-I was getting toasters when on the beta channel; fixed that, now I'm getting regular update windows.

 

Now I'm getting this:

 

That's the stable version out right now. *Smile

 

Thanks for the heads up Simrick. Had me running ADWCleaner, ESET Nod32 and MBAM straight away but nothing found.
Having said that I'm running FF version 50RC1 as my main browser and FF 51developer version for messing around with. I do manual updates for v50 but automatic on 51 developer as they are nightly builds.

 

DooGie, I don't know what to think. I can't find anything wrong; no traces of anything. The ADWCleaner reg entries were FPs. And yet, FF was so hosed from the update - as if a mass of infections and worms had taken over. Opera was not affected though. Maybe it was a (really) bad, messed up update. I just can't figure it out. *Confused

 

Yahoo mail must be the culprit! Get rid of it! Close the account!
All things Yahoo, by their existence are malware prone, or are malware in itself.
They choose eye candy over security.
simrick I am surprised that you even still use it, as security conscious as you are.
The homepage is prone to attacks/elements being hijacked, and their *πss poor server security.
*symbol for pi*Smile

 

I know Cliff. I don't use that email anymore, but someone had sent some pics to me there, and I had to collect them. *Sad

 

See if you can collect your Yahoo mail using your current Client and use its spam / malware filters to clean any incoming mail for you.

A Gmail account just for this purpose is an idea as Google's filters are Very well set-up and you can use your choice of desktop client to collect the mail from the Google address

I collect all my other mail sources through a google account and find it a useful tool against spam and nasties *Smile

 

Yes, Google have great filters. That's a good idea. Would do it if I still used Yahoo, but I don't.

 

I think I have finally figured this problem out. The Firefox update was the trigger, but it was a combination of a few things.
It was not an infection, rather a combination of incompatibilities which happened all at once.

I started having the same problems yesterday, after upgrading to v49, again.
-Trying to download something - anything - put me in a "not responding" loop with several flashing FF windows. Changing the setting from "ask me where to save" to "save to Downloads", finally allowed me to save something.
-Adding pages to Bookmarks wasn't working. Trying to backup bookmarks, I had the same problem as when trying to download something - not responding and flashing FF windows - until I finally figured out that stopping the MBAE (free) protection finally let me save and export them.
-Tons of pages were not loading their CSS, or were giving me an "untrusted" warning. After trying all the normal fixes, I ran across this:
Connection untrusted - fix
HTTPS websites fail to load or you receive the error message "Connection is untrusted" when using your web browser with ESET products
Seems this was an ESET problem.

So, ESET, MBAE and FF all updating on the same day (not necessarily in this order) is the root cause. It appears I have a stable FF back again. *Smile