Mozilla Firefox Security Update

Malware detection, cleaning and prevention
Post Reply
John Baird
Posts: 28
Joined: Fri Sep 23, 2005 10:36 am

Mozilla Firefox Security Update

Post by John Baird » Fri Nov 12, 2010 12:43 pm

On two occassions I have received a pop up panel requesting the installation of a security update for Firefox. After installation Spybot detects a Trojan kind TrojansC-05 called Win32.Agent.wu located in c:\windows\system32\updater.exe. The file properties look authentic.
I have removed this file using Spybot Fix.
Also neither Adaware or Avast detect this file/Trojan.
Any comments on the authenticity of this file would be appreciated.

LarryK

Re: Mozilla Firefox Security Update

Post by LarryK » Fri Nov 12, 2010 6:27 pm

I googled this

http://www.microsoft.com/security/porta ... 2147343220

Could be a new variant, they tend to do that.

Best you do a full AV scan, Malware scan etc, and see what turns up.

User avatar
CoreyPlover
Volunteer Site Admin
Posts: 5922
Joined: Sat Nov 04, 2006 2:24 pm
Location: Melbourne, VIC

Re: Mozilla Firefox Security Update

Post by CoreyPlover » Sat Nov 13, 2010 9:03 pm

Based on the Spybot detection and the various links upon searching for Win32.Agent.wu and "windows/system32/updater.exe" I'd be pretty confident this is an infected file.

If you ever have files that you are unsure of whether they are an infected piece of malware, or a genuine system file, you should rename its extension (say, to ".old" or ".tmp") and move it to a temporary directory. That way, if it turns out to be a necessary piece of software, you can easily restore it. If not, you can delete it.

MalwareBytes is my preferred malware scanner; seems very effective at detecting newer variants of malware.
I am a volunteer moderator and not an Exetel staff member. As with all forum posts, mine do not constitute any "official" Exetel position. Support tickets may be logged via https://helpdesk.exetel.com.au or residentialsupport@exetel.com.au

Post Reply