We're calling on all EU-based Mozillians with iOS or iPadOS devices to help us monitor Apple’s new browser choice screens. Join the effort to hold Big Tech to account!

საიტის გასაუმჯობესებელი სამუშაოების მიმდინარეობისას, შესაძლებლობების ნაწილი შეიზღუდება. თუ სტატიით ვერ მოახერხებ ხარვეზის გამოსწორება და შეკითხვის დასმა გსურთ, ჩვენი მხარდაჭერის გუნდი დაგეხმარებათ @FirefoxSupport გვერდის მეშვეობით Twitter-ზე და /r/firefox განყოფილებაში Reddit-ზე.

Avatar for Username

ძიება მხარდაჭერაში

ნუ გაებმებით თაღლითების მახეში მხარდაჭერის საიტზე. აქ არასდროს მოგთხოვენ სატელეფონო ნომერზე დარეკვას, შეტყობინების გამოგზავნას ან პირადი მონაცემების გაზიარებას. გთხოვთ, გვაცნობოთ რამე საეჭვოს შემჩნევისას „დარღვევაზე მოხსენების“ მეშვეობით.

ვრცლად

ეს თემა დაარქივებულია. დასვით ახალი კითხვა, თუ დახმარება გესაჭიროებათ.

Malware program halts Firefox due to finding a heap spray.

  • 8 პასუხი
  • 3 მომხმარებელი წააწყდა მსგავს სიძნელეს
  • 1 ნახვა
  • ბოლოს გამოეხმაურა skennett

skennett
skennett
more options

After updating to Firefox 55.0.3, my malware software HitmanPro.Alert immediately halts the program from running, saying that there is malware present, see below for details. I uninstalled Firefox with Revo Uninstaller Pro, rebooted, downloaded it from the Mozilla site, and installed it fresh with the same results. Running a malware scan with HitmanPro only finds tracking cookies. I repeated the whole procedure (stubborn I am) to get the same warning and inability to use Firefox.

Anything I can do to be able to use my favorite browser again?

Many thanks for help, Shirley

Here are the details from the HitmanPro.Alert event log: 

Attack intercepted
Firefox 55.0.3 has been stopped due to malicious software
  C:\Windows\System32\winlogon.exe [676]
winlogon.exe

-	System
		-	Provider
			[ Name] 	HitmanPro.Alert
		-	EventID	911
			[ Qualifiers] 	0
			Level	2
			Task	9
			Keywords	0x80000000000000
		-	TimeCreated
			[ SystemTime] 	2017-09-08T19:11:11.961567600Z
			EventRecordID	831875
			Channel	Application
			Computer	LEOPARD-SAK
			Security

-	EventData
			C:\Program Files\Mozilla Firefox\firefox.exe			
			HeapSpray			
			Mitigation HeapSpray 

Platform 10.0.15063/x64 v604 06_9e 
PID 15200 
Application C:\Program Files\Mozilla Firefox\firefox.exe 
Description Firefox 55.0.3
 
#00 0000023B64A86000 L00021000; CycleLen=2048; NumDetections=65
48 54 54 50 53 3A 2F 2F 53 2E 59 49 4D 47 2E 43 4F 4D 2F 5A 5A 2F 43 4F 4D 42 4F 3F 59 55 49 3A 33 2E 31 32 2E 30 2F 41 50 50 2D 54 52 41 4E 53 49 54 49 4F 4E 53 2F 41 50 50 2D 54 52 41 4E 53 49 54 49 
#01 0000023B64A65000 L00021000; CycleLen=2048; NumDetections=65
48 54 54 50 53 3A 2F 2F 53 2E 59 49 4D 47 2E 43 4F 4D 2F 5A 5A 2F 43 4F 4D 42 4F 3F 59 55 49 3A 33 2E 31 32 2E 30 2F 41 50 50 2D 54 52 41 4E 53 49 54 49 4F 4E 53 2F 41 50 50 2D 54 52 41 4E 53 49 54 49 
#02 0000023B64A44000 L00021000; CycleLen=2048; NumDetections=65
48 54 54 50 53 3A 2F 2F 53 2E 59 49 4D 47 2E 43 4F 4D 2F 5A 5A 2F 43 4F 4D 42 4F 3F 59 55 49 3A 33 2E 31 32 2E 30 2F 41 50 50 2D 54 52 41 4E 53 49 54 49 4F 4E 53 2F 41 50 50 2D 54 52 41 4E 53 49 54 49 
#03 0000023B64A23000 L00021000; CycleLen=2048; NumDetections=65
48 54 54 50 53 3A 2F 2F 53 2E 59 49 4D 47 2E 43 4F 4D 2F 5A 5A 2F 43 4F 4D 42 4F 3F 59 55 49 3A 33 2E 31 32 2E 30 2F 41 50 50 2D 54 52 41 4E 53 49 54 49 4F 4E 53 2F 41 50 50 2D 54 52 41 4E 53 49 54 49 
#04 0000023B64A02000 L00021000; CycleLen=2048; NumDetections=65
48 54 54 50 53 3A 2F 2F 53 2E 59 49 4D 47 2E 43 4F 4D 2F 5A 5A 2F 43 4F 4D 42 4F 3F 59 55 49 3A 33 2E 31 32 2E 30 2F 41 50 50 2D 54 52 41 4E 53 49 54 49 4F 4E 53 2F 41 50 50 2D 54 52 41 4E 53 49 54 49 
#05 00000223ED75B000 L00021000; CycleLen=2048; NumDetections=65
48 54 54 50 53 3A 2F 2F 53 2E 59 49 4D 47 2E 43 4F 4D 2F 5A 5A 2F 43 4F 4D 42 4F 3F 59 55 49 3A 33 2E 31 32 2E 30 2F 41 50 50 2D 54 52 41 4E 53 49 54 49 4F 4E 53 2F 41 50 50 2D 54 52 41 4E 53 49 54 49 
#06 0000023B649C8000 L00021000; CycleLen=2048; NumDetections=65
48 54 54 50 53 3A 2F 2F 53 2E 59 49 4D 47 2E 43 4F 4D 2F 5A 5A 2F 43 4F 4D 42 4F 3F 59 55 49 3A 33 2E 31 32 2E 30 2F 41 50 50 2D 54 52 41 4E 53 49 54 49 4F 4E 53 2F 41 50 50 2D 54 52 41 4E 53 49 54 49 
#07 0000023B649A7000 L00021000; CycleLen=2048; NumDetections=65
48 54 54 50 53 3A 2F 2F 53 2E 59 49 4D 47 2E 43 4F 4D 2F 5A 5A 2F 43 4F 4D 42 4F 3F 59 55 49 3A 33 2E 31 32 2E 30 2F 41 50 50 2D 54 52 41 4E 53 49 54 49 4F 4E 53 2F 41 50 50 2D 54 52 41 4E 53 49 54 49 
#08 0000023B64986000 L00021000; CycleLen=2048; NumDetections=65
48 54 54 50 53 3A 2F 2F 53 2E 59 49 4D 47 2E 43 4F 4D 2F 5A 5A 2F 43 4F 4D 42 4F 3F 59 55 49 3A 33 2E 31 32 2E 30 2F 41 50 50 2D 54 52 41 4E 53 49 54 49 4F 4E 53 2F 41 50 50 2D 54 52 41 4E 53 49 54 49 

Process Trace
1 C:\Program Files\Mozilla Firefox\firefox.exe [15200] 
2 C:\Windows\explorer.exe [8772] 
3 C:\Windows\System32\userinit.exe [3848] 
4 C:\Windows\System32\winlogon.exe [676] winlogon.exe
After updating to Firefox 55.0.3, my malware software HitmanPro.Alert immediately halts the program from running, saying that there is malware present, see below for details. I uninstalled Firefox with Revo Uninstaller Pro, rebooted, downloaded it from the Mozilla site, and installed it fresh with the same results. Running a malware scan with HitmanPro only finds tracking cookies. I repeated the whole procedure (stubborn I am) to get the same warning and inability to use Firefox. Anything I can do to be able to use my favorite browser again? Many thanks for help, Shirley --------------------------------------- Here are the details from the HitmanPro.Alert event log: <pre><nowiki>Attack intercepted Firefox 55.0.3 has been stopped due to malicious software C:\Windows\System32\winlogon.exe [676] winlogon.exe - System - Provider [ Name] HitmanPro.Alert - EventID 911 [ Qualifiers] 0 Level 2 Task 9 Keywords 0x80000000000000 - TimeCreated [ SystemTime] 2017-09-08T19:11:11.961567600Z EventRecordID 831875 Channel Application Computer LEOPARD-SAK Security - EventData C:\Program Files\Mozilla Firefox\firefox.exe HeapSpray Mitigation HeapSpray Platform 10.0.15063/x64 v604 06_9e PID 15200 Application C:\Program Files\Mozilla Firefox\firefox.exe Description Firefox 55.0.3 #00 0000023B64A86000 L00021000; CycleLen=2048; NumDetections=65 48 54 54 50 53 3A 2F 2F 53 2E 59 49 4D 47 2E 43 4F 4D 2F 5A 5A 2F 43 4F 4D 42 4F 3F 59 55 49 3A 33 2E 31 32 2E 30 2F 41 50 50 2D 54 52 41 4E 53 49 54 49 4F 4E 53 2F 41 50 50 2D 54 52 41 4E 53 49 54 49 #01 0000023B64A65000 L00021000; CycleLen=2048; NumDetections=65 48 54 54 50 53 3A 2F 2F 53 2E 59 49 4D 47 2E 43 4F 4D 2F 5A 5A 2F 43 4F 4D 42 4F 3F 59 55 49 3A 33 2E 31 32 2E 30 2F 41 50 50 2D 54 52 41 4E 53 49 54 49 4F 4E 53 2F 41 50 50 2D 54 52 41 4E 53 49 54 49 #02 0000023B64A44000 L00021000; CycleLen=2048; NumDetections=65 48 54 54 50 53 3A 2F 2F 53 2E 59 49 4D 47 2E 43 4F 4D 2F 5A 5A 2F 43 4F 4D 42 4F 3F 59 55 49 3A 33 2E 31 32 2E 30 2F 41 50 50 2D 54 52 41 4E 53 49 54 49 4F 4E 53 2F 41 50 50 2D 54 52 41 4E 53 49 54 49 #03 0000023B64A23000 L00021000; CycleLen=2048; NumDetections=65 48 54 54 50 53 3A 2F 2F 53 2E 59 49 4D 47 2E 43 4F 4D 2F 5A 5A 2F 43 4F 4D 42 4F 3F 59 55 49 3A 33 2E 31 32 2E 30 2F 41 50 50 2D 54 52 41 4E 53 49 54 49 4F 4E 53 2F 41 50 50 2D 54 52 41 4E 53 49 54 49 #04 0000023B64A02000 L00021000; CycleLen=2048; NumDetections=65 48 54 54 50 53 3A 2F 2F 53 2E 59 49 4D 47 2E 43 4F 4D 2F 5A 5A 2F 43 4F 4D 42 4F 3F 59 55 49 3A 33 2E 31 32 2E 30 2F 41 50 50 2D 54 52 41 4E 53 49 54 49 4F 4E 53 2F 41 50 50 2D 54 52 41 4E 53 49 54 49 #05 00000223ED75B000 L00021000; CycleLen=2048; NumDetections=65 48 54 54 50 53 3A 2F 2F 53 2E 59 49 4D 47 2E 43 4F 4D 2F 5A 5A 2F 43 4F 4D 42 4F 3F 59 55 49 3A 33 2E 31 32 2E 30 2F 41 50 50 2D 54 52 41 4E 53 49 54 49 4F 4E 53 2F 41 50 50 2D 54 52 41 4E 53 49 54 49 #06 0000023B649C8000 L00021000; CycleLen=2048; NumDetections=65 48 54 54 50 53 3A 2F 2F 53 2E 59 49 4D 47 2E 43 4F 4D 2F 5A 5A 2F 43 4F 4D 42 4F 3F 59 55 49 3A 33 2E 31 32 2E 30 2F 41 50 50 2D 54 52 41 4E 53 49 54 49 4F 4E 53 2F 41 50 50 2D 54 52 41 4E 53 49 54 49 #07 0000023B649A7000 L00021000; CycleLen=2048; NumDetections=65 48 54 54 50 53 3A 2F 2F 53 2E 59 49 4D 47 2E 43 4F 4D 2F 5A 5A 2F 43 4F 4D 42 4F 3F 59 55 49 3A 33 2E 31 32 2E 30 2F 41 50 50 2D 54 52 41 4E 53 49 54 49 4F 4E 53 2F 41 50 50 2D 54 52 41 4E 53 49 54 49 #08 0000023B64986000 L00021000; CycleLen=2048; NumDetections=65 48 54 54 50 53 3A 2F 2F 53 2E 59 49 4D 47 2E 43 4F 4D 2F 5A 5A 2F 43 4F 4D 42 4F 3F 59 55 49 3A 33 2E 31 32 2E 30 2F 41 50 50 2D 54 52 41 4E 53 49 54 49 4F 4E 53 2F 41 50 50 2D 54 52 41 4E 53 49 54 49 Process Trace 1 C:\Program Files\Mozilla Firefox\firefox.exe [15200] 2 C:\Windows\explorer.exe [8772] 3 C:\Windows\System32\userinit.exe [3848] 4 C:\Windows\System32\winlogon.exe [676] winlogon.exe </nowiki></pre>

ჩასწორების თარიღი: , ავტორი: cor-el

გადაწყვეტა შერჩეულია

I stumbled on a solution last night. Unrelated to this problem, I ran CCleaner, which cleared Firefox's cache, history, and cookies. After rebooting, Firefox had no Hitman alert and has been working smoothly since. I don't know why this cleared up the problem, but I'm happy.

In the meantime, I had contacted HitmanPro.Alert support. They just got back to me this morning and I passed along my experience.

Thanks so much for the responses on this forum. You guys are great.

Shirley

პასუხის ნახვა სრულად 👍 1

ყველა პასუხი (8)

skennett
skennett კითხვის დამსმელი
more options

My apologies for posting the details above twice. Shirley

cor-el
cor-el
  • Moderator
  • Top 10 Contributor
more options

This is possibly a problem with a false positive in Hitman pro.

Try to contact their support to see if they are aware of this.

We have seen more report about this software.

cor-el
cor-el
  • Moderator
  • Top 10 Contributor
more options

You didn't respond to a pop-up or a page with an update alert?

skennett
skennett კითხვის დამსმელი
more options

cor-el said

You didn't respond to a pop-up or a page with an update alert?


Checked out the article you referenced and I have definitely not responded to any fake update alerts.

skennett
skennett კითხვის დამსმელი
more options

cor-el said

This is possibly a problem with a false positive in Hitman pro. Try to contact their support to see if they are aware of this.

I'm going to contact Hitman Pro support.

cor-el
cor-el
  • Moderator
  • Top 10 Contributor
more options

If you got a legitimate update from Firefox like via "Help -> About Firefox" then you should have gotten malware or a virus and in that case it is likely a false positive. To be sure about this you should contact the Hitman website for support.

jscher2000 - Support Volunteer
jscher2000 - Support Volunteer
  • Top 10 Contributor
more options

Hi Shirley, I don't know why Firefox would run those Windows executables at startup. Could you try starting in Firefox's Safe Mode? In Safe Mode, Firefox temporarily deactivates extensions, hardware acceleration, and some other advanced features to help you assess whether these are causing the problem.

If Firefox is not running: Hold down the Shift key when starting Firefox.

If Firefox is running: You can restart Firefox in Safe Mode using either:

  • "3-bar" menu button > "?" button > Restart with Add-ons Disabled
  • Help menu > Restart with Add-ons Disabled

and OK the restart.

Both scenarios: A small dialog should appear. Click "Start in Safe Mode" (not Refresh).

Any improvement? (More info: Diagnose Firefox issues using Troubleshoot Mode)

skennett
skennett კითხვის დამსმელი
more options

შერჩეული გადაწყვეტა

I stumbled on a solution last night. Unrelated to this problem, I ran CCleaner, which cleared Firefox's cache, history, and cookies. After rebooting, Firefox had no Hitman alert and has been working smoothly since. I don't know why this cleared up the problem, but I'm happy.

In the meantime, I had contacted HitmanPro.Alert support. They just got back to me this morning and I passed along my experience.

Thanks so much for the responses on this forum. You guys are great.

Shirley