PDA

View Full Version : SpreadFirefox.exe



Mastertech
2006-06-10, 15:33
After installing the latest version of : Jackpot Ultimate Casino Game Pack v1.2 I noticed a suspicious file in the C:\Documents and Settings\User\Local Settings\Temp folder and a new process running called:

SpreadFirefox.exe

Any information you can provide would be helpful.

tashi
2006-06-10, 21:02
Hello.

Spread Firefox
http://www.mozillazine.org/talkback.html?article=5271

However a casino is often a place to pick up infections.

We should see a log.


Open SpyBot, check for and get any updates available.
Close all browsers, check for problems and fix everything found in red
Then on the toolbar menu select mode and switch to advanced mode, on the left lower down select tools, and view report, ensure all the options are selected near the bottom except

Uncheck[ ] do not report disabled or known legitimate Items.
uncheck[ ] Include a list of services in report.
Uncheck[ ] Include uninstall list in report.

Now select (near the top) view report.
Press export in the save in box choose a place such as your my documents folder, then in your next post near the bottom select the "browse" button; navigate to and attach or post that report.

Mastertech
2006-06-12, 23:46
It appears to be adware. I am fully aware about casino related sites. This is a stand alone game where v1.1 was clean from Download.com. I submitted the files to Trend Micro for analysis and got back the following results:


We have analyzed and verified the file SpreadFirefox.exe to be non-malicious. This file attempts to download an installer of the application Mozilla Firefox. However, the site is inaccessible as of this writing.

Upon downloading and installing the file Jackpot Ultimate Casino from the URL that you gave, it drops the file ~nsisload.exe in the %TemP%\nsz13.tmp folder. Trend Micro detects this component file as TROJ_AGENT.BHA.

It looks like the SpreadFirefox.exe is a new adware component and you may want to submit it for detection with Spybot.