Mozilla 도움말 검색

고객 지원 사기를 피하세요. 저희는 여러분께 절대로 전화를 걸거나 문자를 보내거나 개인 정보를 공유하도록 요청하지 않습니다. "악용 사례 신고"옵션을 사용하여 의심스러운 활동을 신고해 주세요.

자세히 살펴보기

14.0.1 is prone to virus infection

more options

Hi, Last night while browing several websites at once, nod32 detected and stopped a virus. A virus that had made its way to C:\.....Local Settings\Application Data\{6182CAA3-E057-11E1-8270-B8AC6F996F26} The virus was Redirector.NIQ trojan. (a nasty one)

At the time, I didn't think it entered through firefox, but today.. that opinion's changed. I opened the quarantined virus file in notepad and I see this...

<?xml version="1.0" encoding="utf-8"?>
<RDF xmlns="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:em="http://www.mozilla.org/2004/em-rdf#">

<Description about="urn:mozilla:install-manifest">
    <em:name>Mozilla Safe Browsing</em:name>
    <em:version>2.0.14</em:version>
    <em:type>2</em:type>
    <em:id>{6182CAA3-E057-11E1-8270-B8AC6F996F26}</em:id>
    <em:creator>Mozilla Corp.</em:creator>
    <em:description>Warns the user when visiting a fake or compromised site.</em:description>
.......


Now i'm not sure where to submit this but that virus has found a way to trick Firefox into doing it's dirty work for it.

The file and it's folder was created last night at the same time my antivirus picked it up.

Hi, Last night while browing several websites at once, nod32 detected and stopped a virus. A virus that had made its way to C:\.....Local Settings\Application Data\{6182CAA3-E057-11E1-8270-B8AC6F996F26} The virus was Redirector.NIQ trojan. (a nasty one) At the time, I didn't think it entered through firefox, but today.. that opinion's changed. I opened the quarantined virus file in notepad and I see this... <br /><br /> <pre><nowiki><?xml version="1.0" encoding="utf-8"?> <RDF xmlns="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:em="http://www.mozilla.org/2004/em-rdf#"> <Description about="urn:mozilla:install-manifest"> <em:name>Mozilla Safe Browsing</em:name> <em:version>2.0.14</em:version> <em:type>2</em:type> <em:id>{6182CAA3-E057-11E1-8270-B8AC6F996F26}</em:id> <em:creator>Mozilla Corp.</em:creator> <em:description>Warns the user when visiting a fake or compromised site.</em:description> </nowiki></pre>....... Now i'm not sure where to submit this but that virus has found a way to trick Firefox into doing it's dirty work for it. The file and it's folder was created last night at the same time my antivirus picked it up.

글쓴이 cor-el 수정일시

모든 댓글 (3)

more options

Malware masquerading under a comforting name or borrowing text strings from other software isn't a new trick, although this particular one might be new.

Is that the full path, i.e., it is directly under Application Data rather than a Mozilla folder? I don't think Firefox writes to that location, or lets web pages write to that location. Add-ons might be to do that, however.

Can you verify that your plugins are up-to-date? See:

http://www.mozilla.org/plugincheck/

Also, you can check for updates to your add-ons using the "gear" icon here:

orange Firefox button or classic Tools menu > Add-ons

While you're there, check the Extensions list for anything nonessential or suspicious and disable it.

more options

It was in the c:\documents and settings..................

As for the plugins, outdated ms silverlight, shockwave flash and acrobat. Java is so old, firefox has had it disabled for months. Quicktime disabled too.

As for the other plugins, Windows Media Player Plug-in Dynamic Link Library DivX Web Player Google Talk Plugin Google Talk Plugin Video Accelerator Microsoft® DRM Windows Presentation Foundation iTunes Application Detector

As for extensions.. the only thing I have active in there is all-in-one gestures (mouse gestures).

I can try finding the exact website again or try un-quaranteeing the file and looking at it from notepad but I don't trust windows to only read and not load.

Also, I forgot to mention, the file nod32 blocked was called install.rdf I see that file name is typical for a mozilla install manifest.

more options

.rdf files are not executable in Windows, but I wouldn't open them in a browser.

Definitely want to update your Flash to something secure, either 10.3 or 11.3.