Dell Pentium III, Windows 2000 OS, current avast! program, Spybot S&D, AdAware
I frequently get an avast warning that states “C\WINNT\FirefoxUpdater.exe\Upack” contains Win32:Pophot trojan. I use Firefox most of the time, and it is set to automatically update.
Is avast labeling the Firefox automatic updates as containing a trojan? Is this valid or a false positive?
Can I ignore these warnings and feel confident that it is just Firefox trying to update???
I am not a “computer wiz,” so please explain in simplistic terms.
This as far as I can tell simply because of its location isn’t anything to do with firefox’s automatic updates as I would expect that to be within the firefox folder.
So this may be nothing more than trying to deceive you into thinking it belongs to firefox, a google search returns many hits, http://www.google.com/search?q=FirefoxUpdater.exe, some of which confirm my suspicions.
So I would say don’t ignore the warning and send it to the chest.
You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here. You can’t do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.
Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect. Now exclude that folder in the Standard Shield, Customize, Advanced, Add, type (or copy and paste) C:\Suspect* That will stop the standard shield scanning any file you put in that folder. You should now be able to export any file in the chest to this folder and upload it to VirusTotal without avast alerting.
DavidR:
Thank you for your help and advice. I checked the google and prevx.com links you posted, and I agree that FirefoxUpdater.exe is malware.
I also looked in my Firefox program file folder to see what I could see. Apparently the real Firefox updater is just listed as “updater” (as best I can tell), and the location is C:\Program Files\Mozilla Firefox, . . . .
I looked at the VirusTotal website. It sounds like a really valuable tool. I am uncomfortable with moving the files (I have been alerted by avast multiple times about it) out of the Virus Chest, though. But if they did detect malware, and then generate a report—then what? I know you said to post it here, but other than continuing to move the malware to the avast virus chest when it is found, what can be done about it?
And if the file was moved to a folder created to hold it in order to send it to VirusTotal, when it’s excluded from avast’s scanning is it possible that it could spread while in the created file?
By the way, I don’t have a viable, efficient means of doing backups right now (it’s a long story), so would that be a hindrance to having an online virus scan done, whether by VirusTotal or the famous Housecall, et al? I.e., is a backup of (the whole system, important files, the registry, or what . . .?) a prerequisite for having an online scan run???
Again, I am not a computer wiz, and I’m learning little by little about all of this stuff. So if I ask silly questions or don’t understand, please bear with me.
Indeed, take care on handling it (never double click, never execute it).
It’s not a prerequisite, but it will be very advisable. You can do nothing with the files reported as infected by the online scanning and then just post the file name/path here or even submit them to virustotal to check if they’re really infected.
Thank you, Tech. When you say, “You can do nothing with the files reported as infected by the online scanning and then just post the file name/path here or even submit them to virustotal to check if they’re really infected,” do I understand correctly that you are saying:
–Post the file name/path on the avast! forum?
–And/or submit the file to VirusTotal to see if it’s an actual infection?
I have posted the file name/path on the avast forum.
I have checked the links from the prior post, and I concur with DavidR that FirefoxUpdater.exe sounds like malware.
Since I don’t think it is a good idea to have VirusTotal run an online scan without my having a backup, I don’t think I will have that scan done.
So, other than just continually moving the file to the virus chest when avast finds a FirefoxUpdater.exe file, is there a way to get rid of this trojan? A way, that is, that a novice can handle?
So I’ll move the file to the Virus Chest when it is warned about.
Though I believe it is a trojan-infected file from what I’ve seen after googling for info about it, the odd thing is that it only appeared when I think the automatic Firefox update notification was trying to tell me that Firefox had an update that could be downloaded and installed. And I haven’t been warned of it since the day I did the Firefox update manually. ??
Both Ad-Aware and Spybot are NOT considered to be top notch antispyware
programs as in the Past ; nowadays, the FREE Version of “Malwarebytes’
Anti-Malware” from www.malwarebytes.org/mbam.php and the FREE Version
of “SUPERAntiSpyware” from www.superantispyware.com are generally
considered better . Would recommend you use these 2 as a “2nd Opinion” .
good luck safetynut, i’m new too and just reading different posts discovered i probably have the same issue. i recently started using ff and did an “update” and have nothing but a mess ever since. my question is where do i find the program files for ff. i have xp and cannot remember where to look?? if you could help i would be grateful, thank-you. i have verbal ads coming through my speakers!!! already did the maleware and hijack this through remost support through safety live but still not gone yet
Spiritsongs:
Thank you so much for the info about the two top-notch free spyware programs. Unfortunately it takes me so long to learn all I can about any new program, then to thoroughly uninstall anything that needs to be, and to install the program and iron out the glitches that I cringe at having to do all of that again. I am trying to clear up problems from a year’s worth of issues with viruses and spyware and , . . . more than I can relate. I have to strain hard to understand all I’m reading and told to do since I am not a computer wiz and have picked up most of my knowledge on the fly and from reading library books—and from necessity.
My point is that I will keep the info on these two programs and hope that sometime I will be able to learn all I can about them and then install them, etc. If I had the time and expertise and a newer pc and operating system, I’d do it now.
robles:
Other than this warning from avast! that the FirefoxUpdater.exe file contains Win 32:Pophot Trojan, which is evidently not really the FF updater, I have not had any problems with Firefox. I have Windows 2000 and don’t know anything about Windows XP, plus as I said above, I’m not a computer wiz. I installed Firefox a couple of years ago and have just gotten the updates since then. I believe the 3.0 version, the latest and the one I have, is a good one.
Since I have had multiple viruses and spyware this year—and have had a rough time with trying to deal with it all—I am sorry if you are having malware problems. Perhaps some knowledgeable person can help you. You probably will want to start another thread and give all the details of what’s been happening so that you will be answered more quickly.
Last year my cousin had her dial-up 56K modem blow during an electrical storm so brought it to me and I replaced it. (She has since been able to get adsl broadband.) Anyway, I installed AVG free (probably 7 or 7.5) and all the popular anti spyware programs and found she had 250 infections… :o
That was from running XP with IE and no extra installed protection. (A lot of smart-arse PC “experts” on other forums claim they never use anti-virus or spyware protection and have never had an infection.)
I have just started using Avast! but have learned to accept what it finds as it has proved right - and I wrong.
For instance here, I would probably say FirefoxUpdater.exe must be OK it’s FirefoxUpdater! But there’s no FirefoxUpdater apparently…