Hi forum friends,
C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content
in this folder there is "timer.xul" and it is put there by "trojan:RS/Dursg.B" - mind that particular CLSID used in various malware like W32.RoutrobotWorm, Generic Downloaders, previously seen in multiple Worms.
Users should not to trust seemingly familiar or safe file icons, particularly when received via P2P clients, IRC, email or other media where users can share files.
Update the av solution and perform an avast boottime scan and you can run this removal tool, download from here: http://vil.nai.com/vil/stinger/default.aspx
Users that run NS are not vulnerable to this attack in the browser.
Malcode described here: And here: http://www.microsoft.com/security/porta ... %2FDursg.C
Problem also reported here: http://www.tech-forums.net/pc/f51/infec ... -a-224732/
And a particular way of recent infestation is described here: http://www.sophos.com/blogs/sophoslabs/v/post/8641
There is also a ad-click fraud involved in this malware:
When W32/Zuggie-A is installed, it creates the following files:
* <Program Files>\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content\timer.xul
* <Program Files>\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome.manifest
* <Program Files>\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\install.rdf
* <System>\googlebuzz.exe - copy of W32/Zuggie-A
* <System>\GoogleUpte.exe - copy of W32/Zuggie-A
W32/Zuggie-A modifies the registry to autostart GoogleUpte.exe and googlebuzz.exe.
Be aware what you do with new Web 2.0 applications, likke googlebuzz and Twitter, they can come with malcode,
luntrus
Malware installs a malicious timer.xul
Malware installs a malicious timer.xul
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.16) Gecko/2010010414 Firefox/3.0.16 Flock/2.5.6