1
I dunno how the hell it happened but I am!
firefox.exe always running 24/7 even after reboot! We can see the 'real' version as I have Firefox open and its using correct memory resources.
If I delete the file from Task Manager it returns instantly. This is effecting NET applications like online gaming/MSN/Skype etc where they have slowed to a crawl.
NOD refuses to recognise it as does Spysweeper, Spywareblaster and Adaware. Tried a couple of online virus checkers and they don't recognise either!!
Done a search on Google and this may be the 'Poison Ivy' virus??
I see no way of removing it as I really don't know what this 'firefox.exe's' real properties are??Reinstall is looming guyz!!
Quote
Since June of 2006, numerous users have reported experiencing similar issues with their browser which were later found attributable to a malicious trojan - specifically one based on Poison Ivy, an advanced "reverse connection", firewall-bypassing remote administration tool. The trojan creates a 'server' file on the affected system which alerts the trojan-maker when an affected system is online and which then gives access to, monitoring of, and even complete control of an infected user's system - giving him (among other things) the possibility to steal usernames & passwords, banking or credit card info, or any other private information that may have been stored, typed or viewed on-screen while the computer is infected. The default settings is for the malicious 'server' file to inject itself into the target system's Default Browser memory space and then run as a phony 'duplicate' browser process, which enables it to bypass detection by firewalls and routers. So while many Firefox users naturally assumed the problems they were experiencing were a 'Firefox problem', they would in fact have happened whichever browser was set as their system Default.
While there are other similar Remote-Admin apps used by trojan-makers, Poison Ivy quickly became popular for a number of reasons - it was new, it could be deployed without arousing much suspicion, it injected itself into the Default Browser process, and it had an attractive range of monitoring & set-up features. One such feature was the apparently unique 'Persistence' option - if enabled, the server file located on the infected system will restart itself even when the process is manually killed by the user - which means more 'up time' for the hacker - no waiting for the infected user to reboot their system or manually restart an affected application. Another handy feature is the 'Melt' function - which deletes the original infected file upon first run, so that a user cannot inspect it or uploaded to an anti-virus company's database.
This may explain why most of the popular spyware & antivirus utilities - and even the usual rootkit detectors - fail to detect anything malicious on affected systems.
While there are other similar Remote-Admin apps used by trojan-makers, Poison Ivy quickly became popular for a number of reasons - it was new, it could be deployed without arousing much suspicion, it injected itself into the Default Browser process, and it had an attractive range of monitoring & set-up features. One such feature was the apparently unique 'Persistence' option - if enabled, the server file located on the infected system will restart itself even when the process is manually killed by the user - which means more 'up time' for the hacker - no waiting for the infected user to reboot their system or manually restart an affected application. Another handy feature is the 'Melt' function - which deletes the original infected file upon first run, so that a user cannot inspect it or uploaded to an anti-virus company's database.
This may explain why most of the popular spyware & antivirus utilities - and even the usual rootkit detectors - fail to detect anything malicious on affected systems.
Edited by scaramonga, 31 December 2006 - 08:27 AM.
. patty was complaining about FF being loaded on her rig even after she exited...
Did you want to install me?? :crazy:
apart from Firefox taking an age to initially start for some reason??
