Author Topic: Avast - are we protected?  (Read 16761 times)

0 Members and 1 Guest are viewing this topic.

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 43695
  • 60 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Avast - are we protected?
« Reply #15 on: December 08, 2008, 11:12:07 PM »
Call me stupid but it simply says a popular plugin.  It doesn't say which popular plugin.
There happen to be many.  ???
Free avast! Security Seminar: http://bit.ly/2N1eaR2  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 10 Pro v1909 64bit, 24 Gig Ram, 1TB SSD, AvastOmni 20.3.xxx, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq

Offline alanrf

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3867
  • Just an avast user
Re: Avast - are we protected?
« Reply #16 on: December 09, 2008, 03:58:48 AM »
If you followed "the credit" link it would have shown you precisely the information I posted in reply #8 above.

Offline Rumpel

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 953
  • The poster formerly known as - Rumpelstiltskin®
Re: Avast - are we protected?
« Reply #17 on: December 09, 2008, 04:46:02 AM »
Call me stupid but it simply says a popular plugin.  It doesn't say which popular plugin.
There happen to be many.  ???
Bob, the trojan disguises as Greasemonkey as you can see the below quote from this site, which is posted by Frank.
Quote
If a user has been tricked into installing this plug-in, or had it installed through a separate vulnerability it may compromise passwords and the user’s accounts.  This trojan is not Greasemonkey, even though it uses some of Greasemonkey’s internal Ids.

If you have the "plug-in," which is rather unlikely,you should disable it , following this instruction.

Offline Avastfan1

  • Advanced Poster
  • **
  • Posts: 965
Re: Avast - are we protected?
« Reply #18 on: December 09, 2008, 09:54:19 AM »
Hi Polonus,

Interesting article!

Is the trojan one of the Firefox extensions which I use?

Thanks and keep up the great work Polonus!

---------------------------------------------------------------------------------------
Adblock Plus 1.0
British English Dictionary 1.1.9
DownloadHelper 3.5.1
Dr. Web anti-virus link checker 1.0.18
Finjan Secure Browsing 1.314
Forcefield Toobar 1.2 (Note: this is a ZA product)
Java Quick Start 1.0
McAfee SiteAdvisor 26.6 (Note: this is disabled)
MultirowBookmarksToolbar 3.3
Netcraft Anti-Phishing Toolbar 1.2
Noscript 1.8.7.4
Panic Button 1.1.1
Realplayer Browser Record Plugin 1.0
ShopIP 0.8.10r22b0272
« Last Edit: December 09, 2008, 09:58:01 AM by Avastfan1 »
Window 7 Home Premium - Avast Pro 7.0.1474 - PC Tools Firewall Plus 7.0.0.123 - MBAM 1.70 - Firefox 17.0.1 - NoScript 2.6.4.2 - Adblock Plus 2.2.1

Offline alanrf

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3867
  • Just an avast user
Re: Avast - are we protected?
« Reply #19 on: December 09, 2008, 08:48:27 PM »
avastfan1,

if you had read through the thread then you would know it is not recognizable as any extension at all.

Offline Avastfan1

  • Advanced Poster
  • **
  • Posts: 965
Re: Avast - are we protected?
« Reply #20 on: December 09, 2008, 11:10:26 PM »
Hi Alan,

I did read through the thread but I got confused :(

I am not that great with computers but I am trying :)

Thanks,

Avastfan1
Window 7 Home Premium - Avast Pro 7.0.1474 - PC Tools Firewall Plus 7.0.0.123 - MBAM 1.70 - Firefox 17.0.1 - NoScript 2.6.4.2 - Adblock Plus 2.2.1

Offline Rumpel

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 953
  • The poster formerly known as - Rumpelstiltskin®
Re: Avast - are we protected?
« Reply #21 on: December 10, 2008, 12:45:32 AM »
Avastfan1, the name of malicious "plug-in" is:
Basic Example Plugin;)

Quote
To check whether your computer is infected, look for “Basic Example Plugin for Mozilla” in the Plugin list by choosing Add-ons from the Tools menu in Firefox.  Then choose Plugins. If you see this plugin, disable it.

http://blog.mozilla.com/security/2008/12/08/malicious-firefox-plugin/

Offline Avastfan1

  • Advanced Poster
  • **
  • Posts: 965
Re: Avast - are we protected?
« Reply #22 on: December 10, 2008, 02:39:32 PM »
Thanks Rumpel!
Window 7 Home Premium - Avast Pro 7.0.1474 - PC Tools Firewall Plus 7.0.0.123 - MBAM 1.70 - Firefox 17.0.1 - NoScript 2.6.4.2 - Adblock Plus 2.2.1

Offline Rumpel

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 953
  • The poster formerly known as - Rumpelstiltskin®
Re: Avast - are we protected?
« Reply #23 on: December 11, 2008, 02:30:37 AM »
Well, the thanks go to Frank.  ;)

Offline alanrf

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3867
  • Just an avast user
Re: Avast - are we protected?
« Reply #24 on: December 11, 2008, 07:44:10 AM »
It was simply a repost of a pre-existing reply #14 by FWF that apparently revealed all. 

The same information posted earlier in the thread (I have been very remiss in assuming) could have been seen in Firefox by typing about:plugins in the URL line of Firefox. 

Offline Rumpel

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 953
  • The poster formerly known as - Rumpelstiltskin®
Re: Avast - are we protected?
« Reply #25 on: December 11, 2008, 09:03:55 AM »
It was simply a repost of a pre-existing reply #14 by FWF that apparently revealed all.
That part is already covered. 

Well, the thanks go to Frank.  ;)

The problem here is that the information at first was quite confusing partly because the malicious "plugin" uses some of Greasemonkey IDs and partly because most of us don't scroll back to the OP, reading each post when we are browsing threads.  The other thread, in fact, derailed to religious beliefs and I couldn't see they were talking of the same topic till I scrolled back.

Browsing boards is quite different from reading a book/thesis which is well sorted.  The information was much more confusing to people who dropped in the threads than to those who followed them from the start.
« Last Edit: December 11, 2008, 09:15:02 AM by Rumpel »

Offline FreewheelinFrank

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 4872
  • I'm a GNU
    • Don't Surf in the Nude!
Re: Avast - are we protected?
« Reply #26 on: December 11, 2008, 09:33:52 AM »
I noticed this comment over at MozillaZine:

Quote
I too updated. to the new Firefox and I noticed a box popped up and it said that a new add-on had been installed. I thought it was something to do with the firefox updating. I had not asked for any new add-on, and I didn't actually see anything new Then I saw, from PCAdvisor,Mozilla Firefox users are being targeted by a new Trojan that steals online banking passwords. The malware, which is being spread by drive-by downloads or by duping users into downloading it, is stored in the Firefox add-on folder and is registered as 'Greasemonkey', which are scripts that add extra functionality to Firefox. It starts working as soon as the browser is opened.

How can I discover whether I have this. I am using XP home with all recent updates and AD-aware, and Avast antivirus and Comodo Firewall, and did a full scan 2 weeks ago.

http://forums.mozillazine.org/viewtopic.php?f=38&t=948945&p=5202845#p5202845

I also received notifation of a new add-on in Firefox yesterday, but I'm pretty sure it was just an add-on I had installed previously which had been disabled after a Firefox update being re-enabled after an update.

Just to be clear, a "new add-on has been installed" does not necessarily mean you have the malicious spyware add-on.

If you see such a notification please follow the advice here:

   |
   |
   |
   V
     Bambleweeny 57 sub-meson brain     Don't Surf in the Nude Blog

Offline alanrf

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3867
  • Just an avast user
Re: Avast - are we protected?
« Reply #27 on: December 11, 2008, 11:18:44 AM »
Quote
The problem here is that the information at first was quite confusing partly because the malicious "plugin" uses some of Greasemonkey IDs

Nothing has changed from the information I posted from BitDefender in reply#8 a week ago.  All this about Greasemonkey was and is misleading and you will note was never mentioned in the reports in BitDefender the discoverers of the problem.

Quote
and partly because most of us don't scroll back to the OP

I suspect that, sadly, you are correct ... like cushions we all bear the imprint of the last *ss that sat on us.

Offline FreewheelinFrank

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 4872
  • I'm a GNU
    • Don't Surf in the Nude!
Re: Avast - are we protected?
« Reply #28 on: December 11, 2008, 12:27:17 PM »
The InfoWorld report I linked to mentions that the "Trojan" is registered as "Greasemonkey."

The report seems to be quoting from Viorel Canja, the head of BitDefender's lab.

Make of that what you will.
     Bambleweeny 57 sub-meson brain     Don't Surf in the Nude Blog

Offline alanrf

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3867
  • Just an avast user
Re: Avast - are we protected?
« Reply #29 on: December 11, 2008, 01:24:29 PM »
Well, the way that article is written it is not easy to tell what is a direct quote from him and what is not but it certainly can be read that way and it is copied (surprise surprise) in many of the articles about it (which all look very like the Ars Technica story). 

However, it is not included in the BitDefender Press Center news release.

For a rare problem I guess I will not spend any more time on it.