False Positive (I hope...) - Firefox 3.5.5

Discussion in 'Prevx Releases' started by RetroDrake, Nov 7, 2009.

Thread Status:
Not open for further replies.
  1. RetroDrake

    RetroDrake Registered Member

    Joined:
    Sep 24, 2008
    Posts:
    2
    I have run into what I hope is a false positive. I updated Firefox from 3.5.4 to 3.5.5 earlier this evening without any problems. I browsed some of my regular websites and then logged out for a few hours. I later went to use Firefox again and was suprised to see an "Active Threat Alert" popup from Prevx. It listed the file firefox.exe in the normal Firefox installation directory with an option to click for details. When clicked the main Prevx window opened and initiated a scan. The scan, which took much longer than usual, ended with "System Status: Clean". I am still greeted with the alert any time I attempt to start Firefox. Do I have a botched/hacked Firefox upgrade or is this a false postive?

    Thanks in advance for any help you can provide :)

    EDIT: I realize that all possible FP reports should be sent to report@prevxresearch.com but I am unable to obtain a scan log because the scan always reports "System Status: Clean.
     
    Last edited: Nov 7, 2009
  2. Baldrick

    Baldrick Registered Member

    Joined:
    May 11, 2002
    Posts:
    2,301
    Location:
    South Wales, UK
    Must be a momentary aberration as I have done the same as you and Prevx has remained silent. Had several scans since then and nothing. I suspect that this will heard or next to impossible to reproduce.:oops:

    If you can perhaps you should download the complete download of the new version and install that rather than sticking with the incremental upgrade which is how I presume you got to 3.5.5? All you need to do is run the executable and it will install over the top. Might be worth a try?
     
  3. rollers

    rollers Registered Member

    Joined:
    Sep 13, 2004
    Posts:
    439
    Don't worry you are not the only ones
    https://www.wilderssecurity.com/showthread.php?t=257632

    I tried earlier with both the firefox update and complete installer and got the same detection. I even turned all heuristics to their lowest setting. On the last occasion I undid the quarrantine and it has been good since, no more jumping on firefox.

    Hopefully this FP is a thing of the past
     
  4. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    If you click Tools > Save Scan Results, it will allow you to save the scan log to your PC regardless of your infection status. Could you send this to report@prevxresearch.com so that we can correct the FP if it still exists?

    Thanks!
     
  5. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,856
    Prevx has had these bad FP's since the release of 3.x and I don't see how it's possibly going to go away, it's the only reason I removed it, it's not reliable enough to keep on a system.
     
  6. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    There are two sides to every story and it's generally best to not try and assume things when dealing with these detections.

    From the two scan logs I've seen so far, these are users that have Maximum Age + Popularity + Heuristic settings enabled. This will logically trigger any new software update to be detected - including Firefox.

    At no point was this file determined as bad - it was just triggered by Age/Popularity detection being that its age was low and the popularity was low when it was first released.
     
Thread Status:
Not open for further replies.