Jump to content

Firefox uptadte.exe virus


kafpolo
 Share

Recommended Posts

I missed something in the recent VT analysis of this update.exe; aka firefox.exe. The below screen shot shows known processes that will startup/create this update.exe process. If you have uTorrent installed, that would be my prime suspect on how this puppy arrived on your PC:

Eset_Update_Exe.thumb.png.789438f73cc4bc4a5690f2f55bb8ff82.png

https://www.virustotal.com/gui/file/fb9045b74615a339fcdc3016f899aec5b8afbdacde5421d94d777c709295c2fd/relations

Edited by itman
Link to comment
Share on other sites

1 hour ago, itman said:

If you have uTorrent installed, that would be my prime suspect on how this puppy arrived on your PC:

It could be, but why until now? many months have passed since the instalation, I'm sure I downloaded it from the official website, and from all the EXEs the only one that I have installed in the past, was "μtorrent"

Edited by kafpolo
Link to comment
Share on other sites

1 hour ago, kafpolo said:

It could be, but why until now? many months have passed since the instalation, I'm sure I downloaded it from the official website, and from all the EXEs the only one that I have installed in the past, was "μtorrent"

Eset and most of the major AV vendors classify uTorrent as a PUA because of behavior just like this. I assume you overrode Eset's PUA alert to install it.

As far as the abnormal behavior traced to this update.exe, uTorrent could have recently installed it. Or, it was in dormant state waiting to be activated by uTorrent at the time of its chosing.

BTW - my interpretation of PUA is Poor User Always when they install it.

Link to comment
Share on other sites

Here's an article on uTorrent's installation of Epic Scale software which is indeed a coin miner: https://www.trustedreviews.com/opinion/epic-scale-and-utorrent-bitcoin-mining-riskware-investigated-2931880 . "Supposedly" uTorrent eliminated use of Epic Scale in 2018 but in reality, one never knows when using software that embeds stuff like this along with adware in its installer.

The behavior you described occurring on your device very much sounded like coin mining activities. 

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...