Potential rootkit?
Eidolon
I'm not exactly sure about what I'm writing, I'm simply looking for a
confirmation.
Today I scanned a pc with Trend Micro's online free scan program and
it found a rootkit called "gecko-crash~", listed as "HIDDEN FILE" and
located in "\\.\pipe\gecko-crash-server-pipe.187".
Strangely enough TM managed to correct the problem (I've never been
this lucky with rootkits), and subsequent scans yielded no threats.
Today however the rootkit is back, and although TM still manages to
correct the problem, I'm growing suspicious.
I noticed that scans give this result *only* when Mozilla 3.6.6 is on,
whereas post-reboot scans find no threat.
My question is: is there any kind of safe relation between this
rootkit and Firefox?
If the answer is false I guess I am being led down the garden path and
some serious formatting is in order.
Thanks in advance,
E.
Annailis
I've googled for "gecko-crash-server-pipe" and come up with a
couple of references to it in relation to the plug-in container.exe
See discussion at
https://support.mozilla.com/en-US/forum/1/713600 for one reference.
Not conclusive but it may not be a rootkit at all.
--
Annailís
1PW
Hello Eidolon:
If you still have the file, or if it occurs again, for your safety, and
that of others, find out if the file is truly toxic or a false positive
(FP) by sending it to:
<https://www.virustotal.com/> and/or <http://virusscan.jotti.org/en>
Then, post links to the results here.
HTH
--
1PW