MozillaZine

AVG False Alarm: Trojan infection on download mirror

User Help for Mozilla Firefox
Vectorspace
Moderator

User avatar
 
Posts: 14455
Joined: November 27th, 2003, 4:50 am
Location: Warwickshire, UK

Post Posted September 2nd, 2009, 9:53 am

AVG Antivirus is reporting a Trojan virus infection in certain versions of Firefox, specifically Windows 32bit version 3.5.2, de (German) localisation. It's unknown if other localisations/versions are affected.

This is a false-positive - there is no virus infection. AVG report it will be fixed with the next definition update:

http://forums.avg.com/ww.avg-free-forum ... w&id=15447
"All things being equal, the simplest answer is usually the correct one" - Occam's Razor
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:5.0) Gecko/20100101 Firefox/5.0
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:5.0) Gecko/20110624 Thunderbird/5.0

Gingerbread Man

User avatar
 
Posts: 7744
Joined: January 30th, 2007, 10:55 am

Post Posted September 2nd, 2009, 10:00 am

VirusTotal report.

Please note that the Mozilla FTP server lists the file hashes, so you can verify if you got a legitimate download. In this case, the hash checks out; see 3.5.2 SHA1 sums or 3.5.2 MD5 sums. To create and verify checksums on Windows, you can use an utility like HashX.

Guest
Guest
 

Post Posted September 5th, 2009, 4:20 pm

If downloads can be compromised, so can hashes.

Daifne
Moderator

User avatar
 
Posts: 123056
Joined: July 31st, 2005, 9:17 pm
Location: Where the Waters Meet, Wisconsin

Post Posted September 5th, 2009, 4:22 pm

In this case, it has already been acknowledged as a false positive by AVG and, most likely, has been fixed by now.

This is not the place to discuss the ins and outs of security.

Gingerbread Man

User avatar
 
Posts: 7744
Joined: January 30th, 2007, 10:55 am

Post Posted September 5th, 2009, 10:30 pm

The new definitions were available roughly 6 hours after this thread was stickied. AVG updates automatically every 24 hours, so I really don't see why this thread is still at the top of the support forum.

Vectorspace
Moderator

User avatar
 
Posts: 14455
Joined: November 27th, 2003, 4:50 am
Location: Warwickshire, UK

Post Posted September 5th, 2009, 11:00 pm

Then I shall unsticky it
"All things being equal, the simplest answer is usually the correct one" - Occam's Razor
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:5.0) Gecko/20100101 Firefox/5.0
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:5.0) Gecko/20110624 Thunderbird/5.0

James
Moderator

User avatar
 
Posts: 27633
Joined: June 18th, 2003, 3:07 pm
Location: Made in Canada

Post Posted September 6th, 2009, 2:09 am

Guest wrote:If downloads can be compromised, so can hashes.

Firefox was not affected, just AVG making a mistake.

Poidog
Guest
 

Post Posted October 6th, 2009, 3:22 pm

I encountered the AVG warning today and found this thread. Thanks for the info. However, I updated my AVG definitions before trying to download Firefox and had the warning for "Trojan horse Downloader.Banload.APJH". I am also currently running an AVG scan and found it again.

Anyone with an update?

LoudNoise
New Member

User avatar
 
Posts: 40048
Joined: October 18th, 2007, 1:45 pm
Location: Next door to the west

Post Posted October 6th, 2009, 3:50 pm

FYI, The Thunderbird installer is suffering from the same false positive.

That said, AVG has not confirmed this one yet.

See: viewtopic.php?f=39&t=1522145
Post wrangler
"Choose between the Food Select Feature or other Functions. If no food or function is chosen, Toast is the default."

Return to Firefox Support


Who is online

Users browsing this forum: Bing [Bot] and 12 guests