Possible Firefox Infection Issue

COMPUTIAC said:

Dang it, 26 ?

***** [ Registry ] *****

Key Found: HKLM\SOFTWARE\Classes\CLSID\{1EFB6596-857C-11D1-B16A-00C0F0283628}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{DD9DA666-8594-11D1-B16A-00C0F0283628}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{8E3867A3-8586-11D1-B16A-00C0F0283628}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{C27CCE32-8596-11D1-B16A-00C0F0283628}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{C27CCE33-8596-11D1-B16A-00C0F0283628}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{C27CCE34-8596-11D1-B16A-00C0F0283628}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{C27CCE35-8596-11D1-B16A-00C0F0283628}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{C27CCE36-8596-11D1-B16A-00C0F0283628}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{C27CCE37-8596-11D1-B16A-00C0F0283628}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{C27CCE38-8596-11D1-B16A-00C0F0283628}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{C27CCE39-8596-11D1-B16A-00C0F0283628}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{C27CCE3A-8596-11D1-B16A-00C0F0283628}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{C27CCE3B-8596-11D1-B16A-00C0F0283628}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{C27CCE3C-8596-11D1-B16A-00C0F0283628}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{C27CCE3D-8596-11D1-B16A-00C0F0283628}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{C27CCE3E-8596-11D1-B16A-00C0F0283628}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{C27CCE3F-8596-11D1-B16A-00C0F0283628}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{C27CCE40-8596-11D1-B16A-00C0F0283628}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{C27CCE41-8596-11D1-B16A-00C0F0283628}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{C27CCE42-8596-11D1-B16A-00C0F0283628}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{C74190B6-8589-11D1-B16A-00C0F0283628}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{F08DF954-8592-11D1-B16A-00C0F0283628}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{35053A22-8589-11D1-B16A-00C0F0283628}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{66833FE6-8583-11D1-B16A-00C0F0283628}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{2C247F23-8591-11D1-B16A-00C0F0283628}

Exactly what I got as well.

Sophos came up clean, Running MBAM now.

ESET NOD32 came up clean too. And, I didn't see anything on the FRST scan report.

MoxieMomma said:

Dang, @simrick, that sucks!

AFAIK, Fx installers directly from the Mozilla official source should always be safe.
https://www.mozilla.org/en-US/firefox/all/
I assume the auto-updater ought to be safe, too.

I've been on 49.x (via the manual, standalone, full installer) since a few days after it shipped, on all 3 boxes, with no problem. I suppose anything is possible, but there's been no spike in traffic at the mozillazine forum suggesting a widespread problem.
And 49.x has been available for quite a while.

Are you sure you didn't have a tab open somewhere else, or perhaps a "time bomb" from a trojan that made it onto the system undetected earlier? (IOW a coincidence with your Fx update?)

What a PAIN!!
Hope you get straightened out soon!

MM

IDK what to think MM. FF was working fine first thing this morning, then the toaster popped up (again) telling me v49 should be installed. I had TF, gmail, gmx mail and yahoo mail open. Decided I would update before I got into my work mode, and that's when all hell broke loose. Once FF restarted, everything was crazy like I've only seen with bad infections. Pages were freezing, scripting errors, nothing would download, the box would flash repeatedly while trying to download something, the whole browser would freeze constantly....exactly like severe infestations and worms. I couldn't even export my bookmarks - had to do it outside FF. Updating to v50 didn't help, reverting to v48 didn't help. I had to nuke the whole thing completely, clear it out of the computer, and reinstall clean.

Thing is, aside from the 26 reg entries found by ADWCleaner (which may be FPs), nothing has shown up - not on ESET or MBAM or Sophos or SAS or my eval of FRST - nothing! I am stumped. Those reg entries point to a trojan from back in the XP W2K days. No other computer in the house is on, so there can't be any contamination from them either. I just don't understand. Wish I could nail this thing, so I'd know what the heck was going on.

Looks like the AdwCleaner issue has been confirmed as a false positive and fixed. https://toolslib.net/forum/viewthrea...few-different/

OK, so this means we need to put the reg keys back in apparently , I'm curious as to what they were for. Nothing appears broke....yet. I researched one & got a ref to MS Office.

@MoxieMomma, yes, I would think a FF installer would be clean, but then it wouldn't be the 1st time someone infiltrated an organization & planted malware. I'm thinking maybe her d/l got corrupted & caused the problems with FF?

Thanks everyone. I don't know what to think.
I'm going to create a restore point and update to v49.
MM-I was getting toasters when on the beta channel; fixed that, now I'm getting regular update windows.

Now I'm getting this:

simrick said:

Now I'm getting this:

That's the stable version out right now. :)