Virustotal 3 anti-virus engines detecting FirefoxInstaller exe
I downloaded the Firefox installer from https://www.mozilla.org/en-US/firefox/download/thanks/ and scanned the file on Virustotal and 3 of the anti-virus engines detected it, 2 as trojan, 1 as malware. Here is the link to the VT scan: https://www.virustotal.com/gui/file/1f008f615561276c2c7c9dbf9ac07a0319dd7ec54d65f365d7e1cf2b5b70b216/detection. Is there a problem with this file?
All Replies (6)
Hi Natalie, I have not heard of these antivirus engines before:
- Antiy-AVL
- Bkav
- Jiangmin
If the small stub installer makes you nervous, do you want to check the full installer? You can download it from here:
https://www.mozilla.org/firefox/all/#product-desktop-release
The U.S. English 64-bit full installer for 73.0.1 has a detection on one engine on VirusTotal:
- Jiangmin (VirusTotal)
Someone who tested all recent versions of Firefox found Jiangmin shows the same detection for all of them: http://forums.mozillazine.org/viewtopic.php?p=14858115#p14858115
If that vendor's opinion is important to you, you'll need to inquire with them about that detection.
Thank you for pointing that out. I searched before I asked about this here but didn't find that Mozillazine post. I was concerned that someone might have MITM'd me because I asked about this problem in another forum on a different site and a person there said that he downloaded Firefox files and didn't get any detections on Virustotal. So naturally I was worried getting 3 on the Firefox Installer. I've never heard of those anti-virus' either. So I'll verify the hashes for my Firefox downloads and install FF. Did you get those 3 detections on the FF Installer too?
Hi Natalie, I did not test the small stub installer.
The small stub installer needs to download the Firefox installation files from internet. Some AV software may find that suspicious and thus flag the installer despite the file being signed. If you have such AV software or otherwise want to be sure then best is to use the full installer.
jscher2000 & cor-el,
Thanks for your info. I really appreciate it. I think I can go ahead and download the full installer, check the hash and then install Firefox now, knowing that I am not the only one that has detections for the Firefox files on Virustotal.
cor-el said
The small stub installer needs to download the Firefox installation files from internet. Some AV software may find that suspicious and thus flag the installer despite the file being signed. If you have such AV software or otherwise want to be sure then best is to use the full installer.
Do you know what this means, I found it on the "Community" tab of the Virustotal detection scan for the 73.0.1 full installer downloaded from the link you posted above? It says this:
"#malware MIOCs - Latest Malware Analysis worldwide
- CodeGreenLabs
And also on Virustotal, on the Behavior Tab:
Files Opened C:\Users\<USER>\AppData\Local\Google\Chrome\User Data\Local State C:\Users\<USER>\Searches\desktop.ini C:\Users\<USER>\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat C:\Users\<USER>\Videos\desktop.ini C:\Users\<USER>\Saved Games\desktop.ini C:\Users\desktop.ini C:\Users\<USER>\AppData\Local\Temp\7zs-sfx.pe32 C:\Users\<USER>\Pictures\desktop.ini C:\Windows\Fonts\staticcache.dat C:\Users\<USER>\Downloads\desktop.ini
I am trying to learn about what the other things on VT mean.
The hash that Virustotal gave me, d9557b6859c2872632abe36aa214cfb61e76e033bcb558fe76c28f8687f6c469, matches the hash from the mozilla hashes at https://ftp.mozilla.org/pub/firefox/releases/73.0.1/SHA256SUMS: d9557b6859c2872632abe36aa214cfb61e76e033bcb558fe76c28f8687f6c469 win64/en-US/Firefox Setup 73.0.1.exe
... if anyone's interested : )