New malware ruins Firefox...

[polonus]

Hi malware fighters,

DNS-malware infects Firefox users: http://blog.webroot.com/2009/03/25/new-malware-ruins-firefox/
The first malware here is a DNSChanger malware variant, a browser hijacking tool. Once active the malware will install a DLL fiel to run under components in the Firefox process. Just like  DNSChanger it will alter Google search results as those of Yahoo's and other search-engines and sends the search queries to an Ukrain server.

The second Firefox specific malware only working under Firefox 3.x, is a plugin by the name of PlayMP3z. This plugin uses an extensive EULA that clearly states it is adware. During being installed it tries to install the Mirar toolbar. Who prevents this one from installing will be treated to another piece of adware, by the name of Foxicle. This adware will launch various popups as well as popunder ads. Both malware plugins cannot be traced in the Firefox. "While the spread of it is low at the moment an increase of it is being expected", according to Brandts.

The researcher comments that the malware does not exploit a security leak or another bug in Firefox, but comes with other malware.

pol

[bob3160]

Damien,
Maybe if your stupid enough to install that unapproved plug-in,
you deserve this headache. 

[polonus]

Hi bob3160,

It isn't that simple, DNSChanger firefox is a Zlob infection,
it best be handled through deep scanning with a fully updated MBAM scanner,
read here:
http://www.computerforum.com/134231-can-i-remove-zlob-dnschanger-trojan-virus.html

This is the malicious dll inside the components folder in Firefox 3.x: C:\Program Files\Mozilla Firefox\components\iamfamous.dll and that starts running whenever Fx 3.x  is launched

polonus

[Mr.Agent]

Damien,
Maybe if your stupid enough to install that unapproved plug-in,
you deserve this headache. 

Well some people didnt know really mush in computer so i didnt think they will learn at all what they need !

[bob3160]

Hi bob3160,

It isn't that simple, DNSChanger firefox is a Zlob infection,
it best be handled through deep scanning with a fully updated MBAM scanner,
read here:
http://www.computerforum.com/134231-can-i-remove-zlob-dnschanger-trojan-virus.html

This is the malicious dll inside the components folder in Firefox 3.x: C:\Program Files\Mozilla Firefox\components\iamfamous.dll and that starts running whenever Fx 3.x  is launched

polonus

Without installing that plugin, you wouln't have the malicious dll.

[alisonnic]

Hi bob3160,

It isn't that simple, DNSChanger firefox is a Zlob infection,
it best be handled through deep scanning with a fully updated MBAM scanner,
read here:
http://www.computerforum.com/134231-can-i-remove-zlob-dnschanger-trojan-virus.html

This is the malicious dll inside the components folder in Firefox 3.x: C:\Program Files\Mozilla Firefox\components\iamfamous.dll and that starts running whenever Fx 3.x  is launched

polonus

Without installing that plugin, you wouln't have the malicious dll.

I got this trojan; detected it this morning, but now that I know the symptoms I realize it has been running for at least two days.

I've cleaned the system using MBAM quick scan and am now doing a deep scan with MBAM.

How did I get this trojan? I am certain I did not install the PlayMP3z plugin. I am running a fully updated Avast! Free (at least, it was fully updated until the trojan got into the system.)

[!Donovan]

What does that have to do with firefox?

*Seriously, did you have to bump a topic. -_-*

[Lisandro]

I got this trojan; detected it this morning, but now that I know the symptoms I realize it has been running for at least two days.

I've cleaned the system using MBAM quick scan and am now doing a deep scan with MBAM.

How did I get this trojan? I am certain I did not install the PlayMP3z plugin. I am running a fully updated Avast! Free (at least, it was fully updated until the trojan got into the system.)

You're posting twice the same, just double the help effort...
http://forum.avast.com/index.php?topic=45998.msg385838#msg385838