Firefox uptadte.exe virus

[itman 1,659]

I missed something in the recent VT analysis of this update.exe; aka firefox.exe. The below screen shot shows known processes that will startup/create this update.exe process. If you have uTorrent installed, that would be my prime suspect on how this puppy arrived on your PC:

https://www.virustotal.com/gui/file/fb9045b74615a339fcdc3016f899aec5b8afbdacde5421d94d777c709295c2fd/relations

Edited February 29, 2020 by itman

[kafpolo 0]

1 hour ago, itman said:

If you have uTorrent installed, that would be my prime suspect on how this puppy arrived on your PC:

It could be, but why until now? many months have passed since the instalation, I'm sure I downloaded it from the official website, and from all the EXEs the only one that I have installed in the past, was "μtorrent"

Edited February 29, 2020 by kafpolo

[itman 1,659]

1 hour ago, kafpolo said:

It could be, but why until now? many months have passed since the instalation, I'm sure I downloaded it from the official website, and from all the EXEs the only one that I have installed in the past, was "μtorrent"

Eset and most of the major AV vendors classify uTorrent as a PUA because of behavior just like this. I assume you overrode Eset's PUA alert to install it.

As far as the abnormal behavior traced to this update.exe, uTorrent could have recently installed it. Or, it was in dormant state waiting to be activated by uTorrent at the time of its chosing.

BTW - my interpretation of PUA is Poor User Always when they install it.

[itman 1,659]

Here's an article on uTorrent's installation of Epic Scale software which is indeed a coin miner: https://www.trustedreviews.com/opinion/epic-scale-and-utorrent-bitcoin-mining-riskware-investigated-2931880 . "Supposedly" uTorrent eliminated use of Epic Scale in 2018 but in reality, one never knows when using software that embeds stuff like this along with adware in its installer.

The behavior you described occurring on your device very much sounded like coin mining activities.