Jump to content

Archived

This topic is now archived and is closed to further replies.

kafpolo

Firefox uptadte.exe virus

Recommended Posts

I missed something in the recent VT analysis of this update.exe; aka firefox.exe. The below screen shot shows known processes that will startup/create this update.exe process. If you have uTorrent installed, that would be my prime suspect on how this puppy arrived on your PC:

Eset_Update_Exe.thumb.png.789438f73cc4bc4a5690f2f55bb8ff82.png

https://www.virustotal.com/gui/file/fb9045b74615a339fcdc3016f899aec5b8afbdacde5421d94d777c709295c2fd/relations

Share this post


Link to post
Share on other sites
1 hour ago, itman said:

If you have uTorrent installed, that would be my prime suspect on how this puppy arrived on your PC:

It could be, but why until now? many months have passed since the instalation, I'm sure I downloaded it from the official website, and from all the EXEs the only one that I have installed in the past, was "μtorrent"

Share this post


Link to post
Share on other sites
1 hour ago, kafpolo said:

It could be, but why until now? many months have passed since the instalation, I'm sure I downloaded it from the official website, and from all the EXEs the only one that I have installed in the past, was "μtorrent"

Eset and most of the major AV vendors classify uTorrent as a PUA because of behavior just like this. I assume you overrode Eset's PUA alert to install it.

As far as the abnormal behavior traced to this update.exe, uTorrent could have recently installed it. Or, it was in dormant state waiting to be activated by uTorrent at the time of its chosing.

BTW - my interpretation of PUA is Poor User Always when they install it.

Share this post


Link to post
Share on other sites

Here's an article on uTorrent's installation of Epic Scale software which is indeed a coin miner: https://www.trustedreviews.com/opinion/epic-scale-and-utorrent-bitcoin-mining-riskware-investigated-2931880 . "Supposedly" uTorrent eliminated use of Epic Scale in 2018 but in reality, one never knows when using software that embeds stuff like this along with adware in its installer.

The behavior you described occurring on your device very much sounded like coin mining activities. 

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...