Avast detected sality in “updater.exe” (part of Firefox and Thunderbird) on several of my machines on the morning of July 10th. I have uploaded the file to Jotti and VirusTotal, from the Virus Chest on one of the “infected” machines, and none of the scanners on either of those services detects anything.
Sounds like a false positive to me. Anyone else have this problem? Should Alwil be notified?
I’m not quite sure what updater.exe does – I can still “check for updates” in one of the affected Firefox installations. But the file is probably better off in “\Program Files\Mozilla Firefox”, rather than in the virus chest.
I did search the forums for “sality firefox” but I started reading through first hit, and meanwhile I was waiting for the results of Jotti, etc. Just got distracted. Apologies all around.
I’m running ADNM and I update my clients four times a day. Perhaps I should have specified that the files were flagged as infected very early in the morning on July 10, around 2 am PDT (GMT -0700).