MozillaZine

VBS Loveletter C found in firefox profile cache

User Help for Mozilla Firefox
poppy3
Guest
 

Post Posted February 3rd, 2008, 2:15 am

I recently changed malware/virus protection and it detected vbs loveletter in my cache. This could explain some odd behaviour lately! All now dealt with, but I thought this spread by opening dodgy attachments? I always delete strange mail on sight. Or could it have got there through a genuine mail or just through surfing?
Cheers.

poppy3
Guest
 

Post Posted February 3rd, 2008, 2:19 am

I forgot to say that I periodically delete my cache yet somehow this remained.

brucine
 
Posts: 68
Joined: December 23rd, 2007, 5:36 am

Post Posted February 3rd, 2008, 3:04 am

As Loveletter rewrites several files, manual removal is very difficult.

As a general rule, as long as the corrupted dll, exe or vbs script remains on your disk, deleting the cache is of no use since the infected files are created again at each start up.

You need a specific tool like:
http://www.symantec.com/security_respon ... 09-4441-99

And of course you must, if not allready the case, force your system to show hidden files and extensions,e.g. xxx.dll.vbs instead of xxx.dll.

What is curious is that Loveletter is indeed bound to mail (more specifically Outlook), and i suppose it can express itself even without opening the mail if you receive mail in html format and read therein some kind of script. It is also said to be spread through IRC or loading scripts on "darkside" websites.

Hereby, it needs IE to express itself and one should, if not allready done, firewall deny IE.

One can keep himself from this kind of infection by choosing mail only in text format and either disabling the vbs extension, either making the default option for it to be opened with Notepad.

VanillaMozilla
 
Posts: 13799
Joined: November 7th, 2005, 11:26 am

Post Posted February 3rd, 2008, 7:38 am

Contrary to what brucine has written, anything in your Firefox cache is considered harmless. See this post http://forums.mozillazine.org/viewtopic ... 01#3241601 for a recent explanation.

Just be aware that if you try to run any programs that you download or receive in e-mails, Firefox cannot protect you against that. By design, Firefox will not run such scripts -- but YOU can. Just don't do it.

By the way, I can't think of any reason to delete your cache periodically. It empties itself as needed to make room for more. And if there's anything harmful there, it was harmful BEFORE you emptied the cache, wasn't it?

And don't discount the possibility of a false alarm. This sometimes happens.

Anonymosity
 
Posts: 8125
Joined: May 7th, 2007, 12:07 pm

Post Posted February 3rd, 2008, 2:30 pm

What is curious is that Loveletter is indeed bound to mail (more specifically Outlook), and i suppose it can express itself even without opening the mail if you receive mail in html format and read therein some kind of script.

If you do not open the mail message, you cannot have html rendered in it and therefore no scripts are going to be run. If you read the mail message as plain text, the same situation applies. Scripts will not be run.
By the way, I can't think of any reason to delete your cache periodically. It empties itself as needed to make room for more.

If Firefox has to stop and clear things out of the cache to make room for more, that will slow it down.

VanillaMozilla
 
Posts: 13799
Joined: November 7th, 2005, 11:26 am

Post Posted February 3rd, 2008, 10:39 pm

Anonymosity wrote:If Firefox has to stop and clear things out of the cache to make room for more, that will slow it down.

Nonsense. It's designed to work that way, as is any other program that uses a cache.

jscher2000

User avatar
 
Posts: 9559
Joined: December 19th, 2004, 12:26 am
Location: Silicon Valley, CA USA

Post Posted February 4th, 2008, 5:39 pm

poppy3 wrote:I recently changed malware/virus protection and it detected vbs loveletter in my cache. This could explain some odd behaviour lately!

Firefox doesn't run VBScript. It might download the code when you retrieve the message, but the script will just be ignored.

However, if you use the IETab extension to read email, then messages you open within that tab could run VBScript. But probably those would appear in IE's Temporary Internet Files folder rather than Firefox's cache.

So my best guess is that particular script never ran, and any problems with the PC have other causes.

Return to Firefox Support


Who is online

Users browsing this forum: No registered users and 24 guests