Po' Smedley's Life And Brain Drippings
Published on July 10, 2006 By PoSmedley In Personal Computing
Avast just found this

updater.exe

location- C:\Program Files\Mozilla Firefox
Win32:Salty

Anyone familiar with this? It says it's a worm and I can't find anything on it.
Comments
on Jul 10, 2006

http://www.fbmsoftware.com/spyware-net/process/updater_exe/2656/

Seems difficult to find exact info....

on Jul 10, 2006

http://72.14.235.104/search?q=cache:slxZEfOHu5MJ:www.71office.com/xml/xml.xml+updater.exe+spyware+firefox+win32+salty&hl=en&gl=au&ct=clnk&cd=2

Egad...that didn't help any.....

on Jul 10, 2006

http://www.badaga.org/forum/viewtopic.php?p=2589

about two-thirds of the way down that page there's an entry about "Win32 salty" ...which is claimed to be a virus... usually sent as an email attachment.

...Perhaps someone's found another way of distributing it.

on Jul 10, 2006
Erk....looking at the rest of that page it's hard to place much credit on the veracity of that post...
on Jul 10, 2006

Ah ...guess I should've read the whole page.

I just scanned over it till I found the bit I was looking for.

Oh well, I had the best intentions ...and it's all I could find on the subject. What you said in #1 is true ...hard to find anything about it.

Good luck, Po'

on Jul 10, 2006
It's a false positive. Go here: http://virusscan.jotti.org/ browse to the updater. exe file on your hard drive and it will scan the file against it's data base. When it's done and it shows nothing, go about worrying about something else.........  
on Jul 10, 2006
yrag...I scanned it from that link (which uses AVAST as one of it's sources) and it came up clean. I did this after I restored it to it's location from Avasts virus chest.

So, now I'm confused.
avast


site scan




Is it clean now, since it was in the chest (have to ask cause I'm a dumazz)

Was something attached to it?
on Jul 10, 2006
I found it. It seems it's a bug with avast. (yrag- "False Positive)

I'm posting the Mozilla forum link here for anyone else who uses Avast and runs into this. It seems to be a bug in their last update and can be corrected.
http://forums.mozillazine.org/viewtopic.php?t=437465&highlight=avast+worm
on Jul 10, 2006

Ah....I'd come across 'updater.exe' having potential issues in the past...but not with the firefox ver ....so it looks like the other ones' history caused the false Pos with firefox's.

Maybe Avast is almost as iffy as Norton...which is famous for false positives...

on Jul 11, 2006
Maybe Avast is almost as iffy as Norton...which is famous for false positives..


I've been using Avast for about 6 -7 months now, Firefox for longer, and have not encountered this issue/false positives, either....

Nevertheless, thanks for the link, Po', in the event I come across this...
on Jul 12, 2006
From a site:



This message is notification to let you know that you do not open file attachment with extension file name: exe, pif, scr, bat, zip, doc, txt, HQX, BHX, mim, uu, uue,,, etc. and its size file within 50KB - 181KB because they are dangerous virus. Even though you know that the sender as your friend, your group moderator, the name of yourself or any one who wellkown in the world such as celebrity. Some examples of the attachment, you can see the list below:

File-name-attachment -----> Virus name
================ ============
Details.exe -----> Win32/Salty
love_me.exe -----> Win32/Salty
love_me_now.exe -----> Win32/Salty
mssage.scr -----> Worm/Netsky.Q
message.zip -----> Worm/Netsky.Q
your_document.pif -----> Worm/Netsky.Q
details03.zip -----> Worm/Netsky.Q
data.txt -----> Worm/Netsky.Q
data.zip -----> Worm/Netsky.Q
websitefirst01.zip -----> Worm/Netsky.Q
bill.zip -----> Worm/Netsky.Q
Attachment00.HQX -----> Worm/VB.6.AN
Attachment01.BHX -----> Worm/VB.6.AN
Video_part.mim -----> Worm/VB.6.AN
data.pif -----> Worm/Mytob.AA
documen.pif -----> Worm/Mytob.AA
document.zip -----> Worm/Mytob.AA
doc.scr -----> Worm/Mytob.AA
body.zip -----> Worm/Mytob.AA
important_info.doc -----> Worm/Mytob.AA
readme.zip -----> Worm/Mytob.C
text.pif -----> Worm/Mytob.C
important_detail.zip -----> Worm/Mytob.IS
on Jul 12, 2006

BX ...that comes from the site I linked to above. If you read the rest of that page, you'll see that the information there is of a somewhat dubious nature ..as Jafo kindly pointed out.