firefox.exe undetectable trojan?

[KurskKnyaz]

This is the problem:

When ever I run Firefox I notice that in task manager there are two processes running. One firefox.exe is the obvious firefox web browser that takes up 50-80 MB of my ram, but there is another firefox.exe that (1) takes up only 4-5 MB of memory, (2) reappears after I end it, and (3) my firefox performance has been very sluggish. These are all symptoms of a Trojan.

So why don't I just run a virus/malware scanner and remove it? I have ran NOD32, PCTOOLS, Avira, SpywareBlaster, Ad-Aware, and others that don't come to mind and none of them detect anything.

I found this information online about it being a possible Poisonivy.20.A trojan but how do I get rid of it?

http://kb.mozillazine.org/Firefox.exe_always_open
http://kb.mozillazine.org/Talk:Firefox.exe_always_open

This has only happened recently in the past 3 days. Thanks for your help.

 

[robisbell]

sounds like either a extension did not install properly or firefox did not update properly. I'd back up your bookmarks, downlaod the latest release of firefox, uninstall firefox, delete any folders for it, run CCleaner and have both the cleaner and registry scan till they can neither report any errors, reboot, and reinstall firefox.

 

[KurskKnyaz]

Just wanted to add this:

I searched my drive for another copy of firefox.exe but didn't find it. However in the c:\windows\prefetch folder I found two references to firefox.exe both of which reappear after I delete them.

 

[KurskKnyaz]

Originally posted by: robisbell
sounds like either a extension did not install properly or firefox did not update properly. I'd back up your bookmarks, downlaod the latest release of firefox, uninstall firefox, delete any folders for it, run CCleaner and have both the cleaner and registry scan till they can neither report any errors, reboot, and reinstall firefox.

I tried uninstalling and reinstalling Firefox but the same think happens. It should be noted that This started happening after I downloaded some torrents and ran some .exe's and .msi's

 

[KurskKnyaz]

UPDATE 3:

-firefox.exe loads with windows (its not in MSCONFIG)
-firefox.exe reopens after I end-task it even when firefox.exe (the real firefox) is not running.

 

[Quiksilver]

Sounds to me like you have this "Poison IVY"
Also, according to that first linke NOD32 and Avira both detect it.

 

[robisbell]

run http://housecall.trendmicro.com have it scan and clean all files and drives.

did you do all the steps I suggested, that should have taken about 10 minuted for you to do everything I instructed. not 5 minutes.

 

[KurskKnyaz]

UPDATE 4


-firefox.exe only runs when explorer.exe is loaded. If I end explorer.exe it no longer loads by itself.

-Webroot Spy Sweeper detected Troj/TinyDI-O when I scanned my PC without explorer.exe running. When I ran explorer.exe Webroot told me that this thing was trying to run some ADS and blocked it.

-No information what so ever is available on this Trojan anywhere. I'm going to try to remove it now

 

[Quiksilver]

Btw, why don't you post an Hi-Jack This Log?

 

[KurskKnyaz]

UPDATE 5

-Webroot Spy Sweeper detected said I need to register (purchase) the software to remove it. I never registered but apparently it removed it anyway. My problem seems solved for now.

Look out for this new Trojan.

 

[mechBgon]

Originally posted by: KurskKnyaz
UPDATE 5

Look out for this new Trojan.

Or better yet, avoid running stuff that might be a Trojan. As you saw, security software is a hit-&-miss layer of security these days, so try to avoid risky stuffz.

Tangentially, you might want to check your system over with the Secunia vulnerability checkup and give it a scan with HouseCall and F-Secure's online scanner too. Use Internet Explorer to visit F-Secure's scanner, since it uses ActiveX to run the scanner.

Another good spyware/adware remover is SuperAntispyware, which removes stuff for free (the paid version adds real-time protection) and has fairly good detection rates. Couldn't hurt to try that too.