Yet Another Tech Blog

Firefox hangs because of malware

In the last few weeks, starting from the end of March, we noticed a strange spike in requests on the Italian support forum. The symptoms described were always the same:

  • Pages stop loading after a few minutes of normal browsing.
  • When the user tries to restart the browser he gets the error message “Firefox is already running but is not responding“.
  • Other browsers on the same system are not affected and work without problems.

Since Firefox stopped working at the same time of the Firefox 3.0.8 release, a lot of people thought that the problem was caused by the last update, so they were searching the best way to go back to a previous version.

The usual solutions were not effective: safe-mode, disable plug-ins, temporarily disable antivirus and firewall, reinstall the last version in a different folder, create a new profile.

From the beginning we were able to restrict the problem to the Windows platform, so we thought of some sort of malware. By the evidences we’ve collected so far, the problem seems to be caused by a variant of the Navipromo Adware, not identified by most of the antivirus softwares (see this virus total’s analysis).

Users found suspect files in the local %Appdata% folder (C:\Documents and Settings\%User%\Local Settings\Application Data on Windows XP, C:\Users\%user%\AppData on Windows Vista):

  • [random_name].exe
  • [name_of_exe].dat
  • [name_of_exe]_nav.dat
  • [name_of_exe]_navps.dat

After killing the .exe process in Task Manager, Firefox returns to its normal behavior.

There are still two unanswered questions:

  • Why does only Firefox (and not other browsers) hang?
  • Why now and so hard in Italy? This adaware seems to be quite old.

If you’re interested, there’s a bug and an ongoing discussion on the SUMO Contributors’ forum.

Thanks to all the guys of the Italian project and SUMO for the support and the great team work of the last days 😉

Technorati Tags: , ,

Posted

in

, , ,

by

flod

Tags:

Comments

21 responses to “Firefox hangs because of malware”

  1. Mardeg Avatar
    Mardeg

    Perhaps because the only visitors we get from italy in the irc chat room (apart from reports of this problem) goes something like this:

    –>| Somenick (somuser@somedomain.il) has joined #firefox
    ciao
    !list
    |<– Somenick has been BOOTED from #firefox by firebot (You suck. Go away)

    and from no other country does this happen so regularly (I’m talking dozens of times per month), if at all. So the conclusion is: Italians download illegal warez more, and thus infect themselves more.

  2. flod Avatar
    flod

    So the conclusion is: Italians download illegal warez more, and thus infect themselves more.

    So, your opinion of all Italian users is based on the small view you get from your IRC experience? That’s not a great perspective 😉

    The last BSA report, covering the period 2003-2007, states that Italy has awfully high Piracy Rates (49% for 2007) but not so far from Spain (43%), Portugal (43%) and France (42%).

    If we have 100 people complaining, those countries should have at least 70-80 of them. Where are they?

    Last thing: this adaware is usually distributed with crappy “freeware” software (I saw a lot of banners of “WebMediaPlayer” and “Live Player” in the last days), not warez.

  3. Mardeg Avatar
    Mardeg

    If we have 100 people complaining, those countries should have at least 70-80 of them. Where are they?

    Well they’re certainly not in the irc channel, 99 out of 100 that do !list in the channel are from italy (.it not .il that was a typo)
    Sure, the matching stats of the two phenomena could be just a coincidence, but it does indicate a certain culture, that so many are looking for dcc servers that they would actually come into an open source channel to look for cracks/serials for proprietary software. It’s as if there is some popular tutorial in italian telling them to connect to every IRC network they can and just join the channel with the most people in the hope for a response.

  4. John Drinkwater Avatar
    John Drinkwater

    It might be unfair to say, but yes, there’s a large amount of IRC-bound Italians that only know how to say ciao, and !list.

    I also get it on a network I help manage of about a thousand users…

  5. chav Avatar
    chav

    I’m on the same network as the previous comment, and it is practically in every single channel.

    Someone joins from italy, says ciao, then !list and then gets booted by either a bot or an op. Sometimes they just rejoin and do it again as though they don’t get the message the first time.

    A lot of channels have .it permanently banned because they say little else. We’re increasingly reaching the conclusion it is some sort of script trawling IRC for DCC bots.

  6. Seitenlade Probleme im Firefox – WinBoard – Die Windows Community

    […] unter mysteri

  7. vikas Gupta Avatar
    vikas Gupta

    It’s happening to me since quite some time now! I am in New Delhi, India.

  8. flod Avatar
    flod

    It’s happening to me since quite some time now! I am in New Delhi, India.

    Have you tried searching for those files?

  9. This is bizzarre Avatar
    This is bizzarre

    I just arrived in Ireland April 4th with what used to be a speedy machine.

    First day on this University network same thing browser hangs locks releases hangs locks etc

    Again all normal culprits addressed afe-mode, disable plug-ins, temporarily disable antivirus and firewall, reinstall the last version in a different folder, create a new profile. but this is still driving me crazy

    If it is malware what software will kill this for me ?

  10. flod Avatar
    flod

    Which antivirus are you using?

    You can try to scan your computer online (for example with BitDefender). PrevX and other antivirus software (like Antivir and Kaspersky) seem to recognize that kind of files in the last days.

  11. Ranga Avatar
    Ranga

    I formated my c drive, reinstalled wndows xp sp2 (virus infected) & then installed firefox 3.0. It freezes many times as I navigate tabs or use the scroll bar. It comes back to life after some time. On other occassions it does not come back to life & has to be killed.

    I tried one of the hyperthreading suggestions where I had to pick an option of “windows98/me mode” in the compatibility mode. This made firefox to crash each timne on start, so I removed this setting.

    Suggestions??

  12. Ron Wright Avatar
    Ron Wright

    Call me crazy, but I’m still using IE; too many lockups with FireFox 🙁 Read More Useful Information on Internet Security

  13. Shawn Avatar
    Shawn

    I’m not so sure this I would blame it on Malware.

    I’ve been having the same issue on multiple computers for roughly 3 months now, including 2 running a fresh installation of Windows XP SP2 with absolutely nothing on them. No illegal crap, no FireFox plugins/applications, nothing.

    The Mozilla development crew better get on this BS quickly because they’re going to lose a lot of support if this keeps happening.

  14. flod Avatar
    flod

    No illegal crap, no FireFox plugins/applications, nothing.

    No extensions/plugins at all?

    Managing a support forum, I can assure that a lot of problems are due to plugin (RealPlayer) or extensions (Skype, Java Quick Starter, sometimes Google Toolbar).

  15. Shawn Avatar
    Shawn

    Actually I was wrong, I do have the latest version of Flash.

    Apart from that, I don’t have any plugins or add-ons… no toolbars, no Skype, you get the picture. This has happened on multiple computers with fresh installs of XP Pro SP2.

    The moments when it hangs will seem to be completely random too. I’ll visit the same set of sites I usually visit, sometimes it’ll start hanging immediately, sometimes it’ll hang after an hour.

    Very strange, and very annoying.

  16. liveinabox Avatar
    liveinabox

    I have the same problem, just hangs. I think its whenever I have a flash application open. never used to happen, just with this new verion (3013) and very annoying.

  17. liveinabox Avatar
    liveinabox

    so annoying this problem!! I’m going back to IE until they sort this mess out

  18. Sarasotamichael Avatar
    Sarasotamichael

    I’m using Vista – in the U.S. and any Firefox page fades into hanging (“Not responding”) after 30 seconds. I’m still trying to find a specific answer that promises to resolve this issue. Thanks for any suggestions…

  19. flod Avatar
    flod

    1) SUMO Articles: Basic Troubleshooting and Firefox Hangs
    2) Mozillazine’s KB

  20. mike Avatar
    mike

    Well, I decided to just quit using firefox at all until mozilla fixes this issue.

  21. RLC Avatar
    RLC

    Mozilla still hasn’t fixed this issue and Firefox hangs every day all the time. It’s only getting worse.

Leave a Reply

Your email address will not be published. Required fields are marked *