New Firefox Trojan Spotted

By | October 11, 2010 | 3 Comments


New Firefox Trojan Spotted

It looks like a new Firefox Trojan is in the wild and none of the antivirus programs can fix the issue.

According to webroot post, Trojan modifies nsLoginManagerPrompter.js file so Firefox would no longer ask, whether user would like to save entered password or not, and does that anyway.

After logins are stored, Trojan keeps sending stolen information to its author, Salar “Salixem” Zeynali in a rate of once per minute.

Yes, you read it right, Trojan author takes all the credit and can even be found on a Facebook site.

How does it work?

The keylogging Trojan copies itself to the system32 directory with the filename Kernel.exe; drops and registers an old, benign, deprecated ActiveX control called the Microsoft Internet Transfer Control DLL, or msinet.ocx (MD5: 7BEC181A21753498B6BD001C42A42722), which it uses to communicate with its command and control server; then it creates a new user account (username: Maestro) on the infected system.

How to fix modified nsLoginManagerPrompter.js file?

Download the latest Firefox build and install it over existing one. Don’t worry, you won’t lose bookmarks nor any other data.


About (Author Profile)


Vygantas is a former web designer whose projects are used by companies such as AMD, NVIDIA and departed Westood Studios. Being passionate about software, Vygantas began his journalism career back in 2007 when he founded FavBrowser.com. Having said that, he is also an adrenaline junkie who enjoys good books, fitness activities and Forex trading.

  • nvm

    LOL. The idiot added his real name?

    • http://www.favbrowser.com Vygantas Lipskas

      Yep, or at least someone’s name. According to webroot, he has emo haircut and enjoys heavy metal.

  • Geek

    emo hacker? :D only on FF..