We're calling on all EU-based Mozillians with iOS or iPadOS devices to help us monitor Apple’s new browser choice screens. Join the effort to hold Big Tech to account!

为提升您的使用体验,本站正在维护,部分功能暂时无法使用。如果本站文章无法解决您的问题,您想要向社区提问的话,请到 Twitter 上的 @FirefoxSupport 或 Reddit 上的 /r/firefox 提问,我们的支持社区将会很快回复您的疑问。

搜索 | 用户支持

防范以用户支持为名的诈骗。我们绝对不会要求您拨打电话或发送短信,及提供任何个人信息。请使用“举报滥用”选项报告涉及违规的行为。

详细了解

Win.MxResIcn.Heur.Gen

  • 1 个回答
  • 1 人有此问题
  • 1 次查看
  • 最后回复者为 James

more options

Hi. I'm using Linux Mint 20. I wanted to go back to Windows 10. Under Linux I downloaded the latest version of Firefox. I checked the installation file on the VirusTotal page. VirusTotal showed that the exe file contains the Win.MxResIcn.Heur.Gen trojan and the msi file contains Attention.APT-Bait.ContainShellCode! 1.9E28. Earlier installation files also contained some surprises. I don't think my Linux system contains any viruses. Installations of other browsers such as Opera or Chrome do not have these "add-ons". Interestingly, if I paste the link to the installation file into VirusTotal - there are no surprises. What is going on?

Hi. I'm using Linux Mint 20. I wanted to go back to Windows 10. Under Linux I downloaded the latest version of Firefox. I checked the installation file on the VirusTotal page. VirusTotal showed that the exe file contains the '''Win.MxResIcn.Heur.Gen''' trojan and the msi file contains '''Attention.APT-Bait.ContainShellCode! 1.9E28'''. Earlier installation files also contained some surprises. I don't think my Linux system contains any viruses. Installations of other browsers such as Opera or Chrome do not have these "add-ons". Interestingly, if I paste the link to the installation file into VirusTotal - there are no surprises. What is going on?
已附加屏幕截图

所有回复 (1)

more options

It is a false positive. If it was truly infected with something it would not have only one result but multiples. Cylance, Antiy-AVL, Clam and Norton has been among a short list that has given plenty of false positives at Virustotal and in AV client over the years with Firefox setups and especially the small stubs for windows.

I checked en-CA 78.0.2 win64 firefox .exe and MaxSecure was green though it was the only one red for en-US locale.

Other locales do not get this single false positive while the en-US may with MaxSecure on Virusetotal based on some research. It looks like it is having the usual issues with 7zS.sfx if you look on details page.

Firefox setups for Windows have been self-extracting 7z since Firefox 0.8 (Feb 2004). 7zS.sfx is the 7-ZIP self extractor stub from 7-ZIP that is used by Mozilla to pack the actual Firefox program with the 7-ZIP archive utility.

ex: https://www.reddit.com/r/privacytoolsIO/comments/gptqzf/windows10_firefox_malware_check/ https://www.reddit.com/r/firefox/comments/hni6cr/is_the_official_firefox_installer_infected_by/

ex: Bug#1468067 - Firefox installer doesn't pass VirusTotal test

由James于修改