Category — Firefox

It looks like there is an important trojan out there that can steal your login credentials when you use certain sites.  Here is the link to BitDefender Virus info page.

This trojan is discovered on November 28, 2008.

From the page:

It drops an executable file (which is a Firefox 3 plugin) and a JavaScript file (detected by Bitdefender as: Trojan.PWS.ChromeInject.A) into the Firefox plugins and chrome folders respectively.

It filters the URLs within the Mozilla Firefox browser and whenever encounter the following addresses opened in the Firefox browser it captures the login credentials.

To see if your browser is infected, Go to:

C > Program Files > Mozilla Firefox > chrome > chrome > content > browser.js

and

C > Program Files > Mozilla Firefox > plugins > npbasic.dll

If you find these files, your browser is infected. Close your browser and get rid of them.

If you go to your Firefox directory, you will find “chrome” directory in there and when you open that there is  file called “browser”. That’s not the file you are looking for.  It has to be in “content” folder which is under the second “chrome” directory.

This trojan registers itself as Greasemonkey add-on and activates itself every time you open Firefox.  It’s unfortunate because Greasemonkey is a great plugin and people are already accusing this legitimate plug-in.

»Visit Arstechnica