bad extension installed silently in Firefox: "New.net Quick Search 7.48"

here is a copy of a post I just made in the MozillaZine forum:
(bad extension installed silently:"New.net Quick Search - mozillaZine Forums)

"a couple of days ago I downloaded a theme for windows XP. The file came in the form of an executable. While warnings from both Windows Defender and AVG anti-spyware appeared very quickly during the installation process, allowing to remove files as well as many bad registry entries, I found out later, as I wanted to change one of my extensions options, that an unwanted extension got installed without my knowledge. I’m quite aware that Firefox can prevent an unwanted extension only when it directly comes from a website. I find this ability from third party programs to infect Firefox extremely worrying anyway.
Here is the link to the BAD download:
http: //dl2.themexp.org/files/g/themexpdl1/4/7/74.exe
SO DO NOT DOWNLOAD THAT!!! the link is there just to show the malware!
(may be it would be better if a mod made the link unclickable)
The bad extension that it installs silently is called New.net Quick Search 7.48
with id {AF8637B0-18E3-44D3-86B7-55E09D9C4261}.
I found more info in these sites:
Risk Detected

http://www.cexx.org/newnet.htm

I want to add that I’ve installed this malware file a second time on purpose in order to keep tracks from what it does (logs etc…), what I had not done on the first time. So this second time, Comodo Firewall was loaded and sent me an alert that the bad extension was loaded into Firefox."

Since I could not upload screenshots and logs to MozillaZine, I’m gonna do it here.


EDIT: Link split by mod

[attachment deleted by admin]

Executable code run as admin can do ANYTHING.

Thanks for that Gharkh, it’s an interesting post. Unfortunately themexp.org is a notorious site for including malware in their downloads. basically, never download a theme with and .exe extension. it’s not needed.

Toggie

Executable code run as admin can do ANYTHING.

That’s half the fun of running windows rotty :slight_smile:

good to notice that only a firewall like Comodo can detect the loading of a bad extension in Firefox; no anti-spy software can do that, although I think I remember that Spyware Doctor, that I don’t use anymore, scans firefox for bad extensions.

Hi Gharkan,

I use spyware dr 5.0 and i believe under the browser guard it protects browser toolbars,addons and plugins.

Can i ask u why u stopped using sd?

Many thanks Novie

Hi Novie,

I never bought SD so I never used it on a regular basis. Just gave the trial a try once in a while,when new versions came out, until I saw that the program became almost unusable, not by itself, but because it really slowed down the loging process in Windows XP.
I’ve tried again a free version a couple of days ago, called SD starter included in Google Pack. That was worse than ever: got black screens at logon, had to hit ctrl-alt-del to get into windows, and just decided to remove SD again. I rebooted and everything was back to normal. I regret it as I know that SD belongs to the best spy-ware detector. But I can’t allow a software, even a good one to cripple my OS.

                regards
                Philippe

ps all anti spy software protect Internet Explorer, but none of them protects Firefox. When I mentioned SD, I thought I remembered that it could detect bad stuff in Firefox when scanning.It’s resident shield I don’t think so.

Hi Philippe, (:WAV)

Many thanks for ur take on sd, i have 6mnths to go on my purchase but like u i find it taxing on my OS.

Version 5.0 to me is a bit quicker than the previous 3.0, but like u next time i am going somewere else.

I am not puting down SD in any way for there product ,as it is a great product, but maybe it could be less taxing in future versions.

Many Thanks

Novie :■■■■