Anoying fake Amozilla crash report apearing messing up with cursor
Firefox doesn't crash just a crash report appears NOT a Mozilla one but it says (AMozilla crash reporter) but Mozilla still works doenst crash !! Fully updated and its messing my cursor its like while im typing someone else controls my cursor and clicks somewhere else taking me away from where i am Pleaseeeee helppppp !!
Vahaolana nofidina
I had the same problem. Apparently it is a malware that uses a fake firefox to access some websites in the background. It appears in the task managers process list as dmw.exe *32 and says firefox in the description. Don't confuse with dwm.exe, which is a legitimate windows service (Desktop Window Manager).
It is started from C:\Program Files (x86)\Common Files\Lenovo\data.js which is in turn started by a RUN key in the registry. Trying to terminate dmw.exe in the process list, it reappears / restarts immedately. I think I got infected by a malicious download of K-Lite_Codec_Pack_1015_Mega.exe. At least the timestamps would suggest that.
To clean I had to clear the RUN key from the registry first. Run regedit, search for lenovo and clear all keys that point to ...\Lenovo\data.js Then reboot and remove the Lenovo directory under the Common Files directory. Be carefull, if you actually have a Lenovo to not remove legitimate Lenovo files.
If I have the time, I will run it in a sandbox and see what it really does.
Hamaky an'ity valiny ity @ sehatra 👍 15All Replies (7)
In order to be able to find the correct solution to your problem, we require some more non-personal information from you. Please do the following:
- Click the Firefox button at the top left, then click the Help menu and select Troubleshooting Information from the submenu. If you don't have a Firefox button, click the Help menu at the top and select Troubleshooting Information from the menu.
Now, a new tab containing your troubleshooting information should open.
- At the top of the page, you should see a button that says "Copy text to clipboard". Click it.
- Now, go back to your forum post and click inside the reply box. Press Ctrl+V to paste all the information you copied into the forum post.
If you need further information about the Troubleshooting information page, please read the article Use the Troubleshooting Information page to help fix Firefox issues.
Thanks in advance for your help!
Can you attach a screenshot?
- http://en.wikipedia.org/wiki/Screenshot
- https://support.mozilla.org/kb/how-do-i-create-screenshot-my-problem
Use a compressed image type like PNG or JPG to save the screenshot.
Vahaolana Nofidina
I had the same problem. Apparently it is a malware that uses a fake firefox to access some websites in the background. It appears in the task managers process list as dmw.exe *32 and says firefox in the description. Don't confuse with dwm.exe, which is a legitimate windows service (Desktop Window Manager).
It is started from C:\Program Files (x86)\Common Files\Lenovo\data.js which is in turn started by a RUN key in the registry. Trying to terminate dmw.exe in the process list, it reappears / restarts immedately. I think I got infected by a malicious download of K-Lite_Codec_Pack_1015_Mega.exe. At least the timestamps would suggest that.
To clean I had to clear the RUN key from the registry first. Run regedit, search for lenovo and clear all keys that point to ...\Lenovo\data.js Then reboot and remove the Lenovo directory under the Common Files directory. Be carefull, if you actually have a Lenovo to not remove legitimate Lenovo files.
If I have the time, I will run it in a sandbox and see what it really does.
THANKYOU. i remember installing k-lite codec pack.
I removed the lenovo from my regedit. I now will restart my laptop (which is HP) and delete the folder. This was VERY helpfull !
Hello
I have the same problem with dwm.exe *32 with descrition firefox, that keeps the trying connect to malware sites all the time. Problem is i dont have any C:\Program Files (x86)\Common Files\Lenovo\data.js and cant find which registry seems to be the problem.
start 'msconfig' disable the .vbs script and other unnecessary things. delete the lenovo map and it will be all fine
There seem to be other versions of this malware. It has been arround since 2012 or even earlier. A more generic approach to clean up:
- Find dmw.exe or whatever your malware firefox is called by searching the whole windows drive (c: most of the time). Property details of the executable would show it as firefox 3.6.3 dated 31-Mar-2010. Files much newer than the executable in the same directory are the added malware payloads/scripts.
- Remove any registry entries pointing to the directory you found (probably a run key to some kind of script in the same directory).
- Reboot and then remove the directory.
If you are unsure about any of the above steps please ask a friend to help with the clean up!
edit: according to a post on the codec.com forum a new version of the malware exists installing to C:\Program Files (x86)\Common Files\eImagineTechnologyGroup and came from a download on sourceforge again.
Novain'i Klaus2m5 t@