Firefox.exe always runs in task manager

brakeinup · 21 Apr 2007 at 22:58

Firefox.exe always runs in task manager = trojan

I had this issue recently and was unaware of how serious this has been/could be.

Recently I have been having some odd behaviour from my PC where I would have odd occurances where the system would freeze for a couple of minutes but the mouse could still move - this usually happened when there was something network related in the task.

The main one though was seeing firefox.exe running in task manager eventhough there was no instance of Firefox running. If I killed it the .exe would fire itself up again without the browser.

I am behind a Linksys router and run a software firewall plus AV. When I removed the entries for firefox.exe from the firewall it would try to connect to 211.240.82.70 on I think port 845.

Elgoog found this article:

Link

I ended up finding a file called lssas.exe (at a glance looks like the Windows file of lsass.exe) which I deleted in safe mode, removed the registry key as stated in the link above, rebooted and all was fine (so far).

The point of the post is that I am quite paranoid about security on the home pc's and none of my tools detected this trojan.

This is really just a heads up to watch out for this one as it had me for a couple of weeks (at a guess) and I have no idea yet as to the damage, if any.

MarcLister · 22 Apr 2007 at 01:11

So have you fixed it now then? What av/fw are you running? Do you use Spywareblaster/Ad-aware/Spybot?

Just interested to see how the trojan got on, if you had stuff in place to stop them or not.

brakeinup · 22 Apr 2007 at 09:26

MarcLister said:
So have you fixed it now then? What av/fw are you running? Do you use Spywareblaster/Ad-aware/Spybot?

Just interested to see how the trojan got on, if you had stuff in place to stop them or not.

Yes all fixed now.

Behind a Linksys router, using AVG and Comodo firewall. ALso have Ad-Aware.

basmic · 22 Apr 2007 at 10:01

brakeinup said:
Yes all fixed now.

Behind a Linksys router, using AVG and Comodo firewall. ALso have Ad-Aware.

You get what you pay for, TBH.

Clarkey · 22 Apr 2007 at 12:41

AVG, there is your problem, worse than useless :/

basmic · 22 Apr 2007 at 12:57

If the OP wants good reliable protection, I suggest they install NOD32 and Sygate Firewall.

Other than PeerGuardian 2 for my file-sharing activities, a brief scan of my computer every now and again with Ad-Aware and Spybot Search and Destroy is all I use.

MarcLister · 22 Apr 2007 at 13:12

basmic said:
If the OP wants good reliable protection, I suggest they install NOD32 and Sygate Firewall.

Snap. I use Sunbelt Kerio though.

basmic said:
Other than PeerGuardian 2 for my file-sharing activities, a brief scan of my computer every now and again with Ad-Aware and Spybot Search and Destroy is all I use.

I don't use PeerGuardian2 but I do us Ad-Aware and Spybot along with Spyware Blaster.

brakeinup · 22 Apr 2007 at 22:35

MarcLister said:
Snap. I use Sunbelt Kerio though.

I don't use PeerGuardian2 but I do us Ad-Aware and Spybot along with Spyware Blaster.

Thats funny as I used to use Kerio until it started failing (weird lock ups etc). Thats when I decided to try something else.

I take the points about anti virus though, although there were very few AV products that detect the trojan that I managed to get.

I am looking at NOD32 though as that did detect it.

brakeinup · 22 Apr 2007 at 22:36

basmic said:
You get what you pay for, TBH.

Bingo!

The thing is that I am really cautious what I opem in email or websites I view. And I have no idea how I managed to get this.