Undetected Mfz0 Malware Codec
Hello
This codec installs itself in Firefox and disables all your extensions.That happened to me.BitDefender doesn't detect it.
I have attached more information. All files are located in system 32 folder .
If I delete everything what I can read in the .inf file is it then gone?
The password is infected.
Regards
Niels
/applications/core/interface/file/attachment.php?id=380" data-fileid="380" rel="">Infected_files.rar
Comments
-
Niels, can you PM me with the link where you got infected?
Thanks.
If the .inf files contains all information what files were installed and registry keys were added.. and you deleted them, then it should be gone. However, always doublecheck.If I delete everything what I can read in the .inf file is it then gone?0 -
Hello miekiemoes
That is the problem. I don't know where I got infected. Ohterwise I would send the link to you. I don't know what the codec does if it's installed when you browse with Internet explorer. Also a strange website opened in a new tab. That happens once.
Should I search for this folder:
[MFZ0.INIs]
system.ini, drivers32,, "VIDC.MFZ0=MyFlashZip0.ax"
[MFZ0.INIs.Del]
system.ini, drivers32, "VIDC.MFZ0=MyFlashZip0.ax"
Thanks in advance.
Regards
Niels0 -
Niels, are you sure this inf file is related with what you were dealing with?
Reason I am asking is... When I performed a googlesearch on the "VIDC.MFZ0=MyFlashZip0.ax", I arrived here:
http://www.siteadvisor.com/sites/shmyl.com...nloads/4366729/
Seems like it's getting installed with Moyea SWF to Video Converter (what's inside the inf)
Can you look if there an entry in add/remove programs called: "MFZ0 codec (Remove Only)" ?
Because as I understand from the SiteAdvisor link, the uninstaller is pointing to this inf file.
Is it called MFZ0Vfw.INF? The inf file you are talking about?
If so, that file actually uninstalls it:
"rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\\WINDOWS\\INF\\MFZ0Vfw.INF"
So, just look if "MFZ0 codec (Remove Only)" is present in add/remove programs and uninstall it. That should remove everything mentioned in the inf file.0 -
Hello miekiemoes
Thank you very much for your reply.
Yes that is the inf file. I saw that entry in software (add and remove). It looked suspicious for me. Because suddenly all my extensions were disabled. Maybe it was just a coincidence. For me it had a strange name. I indeed installed Moyea SWF to Video Converter. But it wasn't what I wanted.
Regards
Niels0 -
I don't know what caused the "loss" of extensions. Most probably it was just a buggy install.
I don't think that your extensions are lost/disabled though - I rather think that a new "clean" firefox session was started/created.
Take a look in this folder: C:\Documents and Settings\yourusername\Application Data\Mozilla\Firefox\Profiles
and look if there's more than one profile created there. One will be your "working" profile with all themes and extensions present and the other one may be a new created profile, blank, no extensions etc present.0 -
Hello miekiemoes
Thanks again. There was only 1 profile.I solved the problem by redownloading two extensions. I closed Firefox. Restarted it and suddenly my extensions worked again. I didn't installed any new extensions for a long time. I only installed Moyea SWF to Video Converter so for some reason that must have messed up firefox.
Regards
Niels0 -
Good to hear you solved it already
0 -
Hello virus researchers
I think that it was just a coincidence and I am almost sure that it isn't infected. I was just surprised by the strange name and the behaviour in FireFox.
Regards
Niels
Hello miekiemoes
You assisted me also. I wanted to thank you for that.
Regards
Niels0 -
I understand that it was suspicious - especially since all your extensions were disabled.
Actually I don't know if there's any type of malware that does this, but it does make sense in a way to disable FF extensions.. For example, NoScript disabled and other Firefox security extensions disabled...
We don't want to give them ideas - do we?0 -
Hello miekiemoes
I think that is must be some kind of conflict. But I can't say that I am 100 % sure. I am not going to test it.
I hope that they didn't know that already. But I am sure that it will definetely happen in the near future for sure when the amount of FireFox users or of other alternative browser are increasing.
Regards
Niels0