XUL runner is bad - although I saw no sign of that on the OTS log - otherwise I would have removed it as a matter of course
Could you run a fresh OTS log please and ensure all users is selected
DavidR
42
It wasn’t in the first OTS log (Reply #33) and I have been pushing for several hours to run a fresh one and post the mediafire link.
I had a double check as well in case I missed it - but I hadn’t ;D
DavidR
44
If you read a later reply to my questioning the FF version (also in Reply #33) it also turns out FrankW is using portable firefox 4. So I don’t know how that plays out in relation to XUL runner ?
I guess we will have to wait FrankW uploading his OTS log to mediafire, unfortunately I fear that will be after you have gone off-line.
In that case as the FF is portable the malware may be on the USB drive, which is why it did not show on the first OTS
system
46
Sorry about the delay, I had to get some sleep. I’m in another timezone. Here’s the mediafire link for OTS.txt.
http://www.mediafire.com/?emdn2va6y4dvz5s
What do you know about this programme C:\Program Files\bxNewFolder
Also if you are running FF portable from a USB drive then the infection is on that as XUL runner is not showing on your system
Still checking the log
system
48
bxNewFolder is a little utility I installed which puts a ‘new folder’ icon on the toolbar in windows explorer.
system
50
I should mention that this problem appeared to start at the beginning of last week when Anvir Task Manager popped up to tell me a new startup dll had just appeared in the registry. I uploaded the dll to virustotal which said it contained trojan hiloti.gen.aa with a 28% detection rate.
system
51
Been giving the computer a workout and the strange behaviour seems to have subsided. Let’s hope it’s cured. I’ll get back to you if there are any further developments. Hopefully the XULRunner was the viruses last gasp.
A big thank you to everyone for their helpful input on this.
Frank
DavidR
52
This may well need further investigation given what has been said by essexboy in Reply #46 above about running portable firefox the XUL runner could be present there.
As I said before I don’t know why you are running the portable version of firefox, you must have a reason (for me that would be because your system is truly portable so you want to be able to carry your FF setup with you) ?
However, since/if it is on a USB stick then it can’t be analysed by the tools used so far.
system
53
I struggle to see a reason why all software is not portable as it used to be in the good old days. Under the current regime the system becomes more and more clogged up with unnecessary junk over time. It makes more sense to me to try to make software self contained with all the dependencies isolated together in one folder.
No I don’t keep the browser on a USB stick. I can see now that tools which expect all software to be installed into windows may have a problem finding software in other folders. On the other hand since were talking about antivirus software it would seem naive to write antivirus software which assumes the virus will only be found in a folder registered with the OS as an application.
DavidR
54
We aren’t talking about antivirus software, but analysis tools looking in the usual places that malware hides. What they can’t do is cater for every piece of spftware out there with a portable edition.
Antivirus software scans portable applications in the same way as installed applications, after all they are only executable files.
You only have to look at the problems you have had and the inability to get directly to the cause (and we still aren’t there yet), to wonder if portability is worth the hassle.
Today’s hard disks are massive I can see the purpose of portable applications if you have them on a USB so if you are away and have access to a computer plug in USB and your portable applications with your customisations are available to you.
Since you are talking about what AVs should do, users have to do things also. The fact you are using a portable application doesn’t exclude it from being updated, it is just more hassle.
Updating all applications that access the internet is crucial (others less so but still important) and not to update your OS is madness as it leaves your system more vulnerable to exploit…