Page is a not externally linkable
jdMorgan - 3:08 pm on Dec 6, 2008 (gmt 0)
The reporting problem is likely due to the use of the term "Add-ons" in the Firefox Tools menu, which then refers to functional extensions and themes in the \Documents and Settings\<username>\Application Data\Mozilla\Firefox\Profiles\<profilename>\extensions directory. So it's not all the reporters' faults, because Firefox uses multiple terms for the same thing. I'm wondering if you also have SeaMonkey or the old Mozilla Suite (non-Firefox plain-old-Mozilla browser) installed on your machine. If so, that program is likely the one that "owns" the files in the \Documents and Settings\<username>\Application Data\Mozilla\Extensions path; Mozilla and Firefox "share" the common \Documents and Settings\<username>\Application Data\Mozilla\ path, and then split off -- with Firefox using a different and 'deeper' directory structure from that point on. In my case, the names of the files in these \Extensions folders look like this one (for the Noia Firefox Theme): The executable extensions I have installed all follow the format shown above for the Noia theme -- a string made up of hexadecimal number groups separated by commas, with the whole enclosed in squiggly-brackets. For those joining us late, GreaseMonkey is a perfectly-legitimate piece of software that creates a JavaScript "page wrapper" in the browser to allow you (the browser user) to modify many, many aspects of the presentation of the Web pages that you visit. The "Trojan.PWS.ChromeInject.A" malware being discussed here is pretending to be related to GreaseMonkey, and we're trying to figure out exactly where to look in the Windows filesystem to check for the presence of this malware because the reporting so far has been far too vague. Jim
Tedster,
{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
although I see one named
cheeaun(at)phoenity.com
for the Firefox Phoenity theme, indicating that the extensions filenames are not required to be in a fixed-format. (Another possibility in that chee aun is the only theme author who specified a theme directory name in his build, while the others are Windows- or installer- generated default-names.)