为提升您的使用体验,本站正在维护,部分功能暂时无法使用。如果本站文章无法解决您的问题,您想要向社区提问的话,请到 Twitter 上的 @FirefoxSupport 或 Reddit 上的 /r/firefox 提问,我们的支持社区将会很快回复您的疑问。

搜索 | 用户支持

防范以用户支持为名的诈骗。我们绝对不会要求您拨打电话或发送短信,及提供任何个人信息。请使用“举报滥用”选项报告涉及违规的行为。

详细了解

Virustotal 3 anti-virus engines detecting FirefoxInstaller exe

  • 6 个回答
  • 1 人有此问题
  • 31 次查看
  • 最后回复者为 Natalie

more options

I downloaded the Firefox installer from https://www.mozilla.org/en-US/firefox/download/thanks/ and scanned the file on Virustotal and 3 of the anti-virus engines detected it, 2 as trojan, 1 as malware. Here is the link to the VT scan: https://www.virustotal.com/gui/file/1f008f615561276c2c7c9dbf9ac07a0319dd7ec54d65f365d7e1cf2b5b70b216/detection. Is there a problem with this file?

I downloaded the Firefox installer from https://www.mozilla.org/en-US/firefox/download/thanks/ and scanned the file on Virustotal and 3 of the anti-virus engines detected it, 2 as trojan, 1 as malware. Here is the link to the VT scan: https://www.virustotal.com/gui/file/1f008f615561276c2c7c9dbf9ac07a0319dd7ec54d65f365d7e1cf2b5b70b216/detection. Is there a problem with this file?

所有回复 (6)

more options

Hi Natalie, I have not heard of these antivirus engines before:

  • Antiy-AVL
  • Bkav
  • Jiangmin

If the small stub installer makes you nervous, do you want to check the full installer? You can download it from here:

https://www.mozilla.org/firefox/all/#product-desktop-release

The U.S. English 64-bit full installer for 73.0.1 has a detection on one engine on VirusTotal:

Someone who tested all recent versions of Firefox found Jiangmin shows the same detection for all of them: http://forums.mozillazine.org/viewtopic.php?p=14858115#p14858115

If that vendor's opinion is important to you, you'll need to inquire with them about that detection.

more options

Thank you for pointing that out. I searched before I asked about this here but didn't find that Mozillazine post. I was concerned that someone might have MITM'd me because I asked about this problem in another forum on a different site and a person there said that he downloaded Firefox files and didn't get any detections on Virustotal. So naturally I was worried getting 3 on the Firefox Installer. I've never heard of those anti-virus' either. So I'll verify the hashes for my Firefox downloads and install FF. Did you get those 3 detections on the FF Installer too?

more options

Hi Natalie, I did not test the small stub installer.

more options

The small stub installer needs to download the Firefox installation files from internet. Some AV software may find that suspicious and thus flag the installer despite the file being signed. If you have such AV software or otherwise want to be sure then best is to use the full installer.

more options

jscher2000 & cor-el,

Thanks for your info. I really appreciate it. I think I can go ahead and download the full installer, check the hash and then install Firefox now, knowing that I am not the only one that has detections for the Firefox files on Virustotal.

more options

cor-el said

The small stub installer needs to download the Firefox installation files from internet. Some AV software may find that suspicious and thus flag the installer despite the file being signed. If you have such AV software or otherwise want to be sure then best is to use the full installer.

Do you know what this means, I found it on the "Community" tab of the Virustotal detection scan for the 73.0.1 full installer downloaded from the link you posted above? It says this:

"#malware MIOCs - Latest Malware Analysis worldwide

  1. CodeGreenLabs

codegreen.ae"

And also on Virustotal, on the Behavior Tab:

Files Opened C:\Users\<USER>\AppData\Local\Google\Chrome\User Data\Local State C:\Users\<USER>\Searches\desktop.ini C:\Users\<USER>\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat C:\Users\<USER>\Videos\desktop.ini C:\Users\<USER>\Saved Games\desktop.ini C:\Users\desktop.ini C:\Users\<USER>\AppData\Local\Temp\7zs-sfx.pe32 C:\Users\<USER>\Pictures\desktop.ini C:\Windows\Fonts\staticcache.dat C:\Users\<USER>\Downloads\desktop.ini

I am trying to learn about what the other things on VT mean.

The hash that Virustotal gave me, d9557b6859c2872632abe36aa214cfb61e76e033bcb558fe76c28f8687f6c469, matches the hash from the mozilla hashes at https://ftp.mozilla.org/pub/firefox/releases/73.0.1/SHA256SUMS: d9557b6859c2872632abe36aa214cfb61e76e033bcb558fe76c28f8687f6c469 win64/en-US/Firefox Setup 73.0.1.exe

... if anyone's interested : )