sality and mozilla (false positive?)

Hi,

Avast detected sality in “updater.exe” (part of Firefox and Thunderbird) on several of my machines on the morning of July 10th. I have uploaded the file to Jotti and VirusTotal, from the Virus Chest on one of the “infected” machines, and none of the scanners on either of those services detects anything.

Sounds like a false positive to me. Anyone else have this problem? Should Alwil be notified?

I’m not quite sure what updater.exe does – I can still “check for updates” in one of the affected Firefox installations. But the file is probably better off in “\Program Files\Mozilla Firefox”, rather than in the virus chest.

Thanks,

Ben

I suggest you do a manual Update of the VPS (right click the avast icon, Updating, iAVS Update), this has already been corrected, latest VPS is 0628-2

A search of the forums for this would have revealed this.

Sorry. :cry:

I did search the forums for “sality firefox” but I started reading through first hit, and meanwhile I was waiting for the results of Jotti, etc. Just got distracted. Apologies all around.

No problem, have you not got the auto updates enabled for the VPS though as this FP was very quickly corrected.

I’m running ADNM and I update my clients four times a day. Perhaps I should have specified that the files were flagged as infected very early in the morning on July 10, around 2 am PDT (GMT -0700).

Ben