Are you struggling to figure out if a file listed in FreeFixer's File Database is malware or a legitimate file that you want to keep on your computer? Hopefully this guide will help you:
firefox.exe was added to FreeFixer's database on the 30 Mar 2009. The most recent search for this file was done on 30 Mar 2009. firefox.exe is located in the 'C:\Program Files\Mozilla Firefox\' folder and has a size of 307704 bytes.
So far there has been 2 searches for firefox.exe.
olhrwef.exe was added to FreeFixer's database on the 13 Mar 2009. The most recent search for this file was done on 13 Mar 2009. olhrwef.exe is located in the 'C:\WINDOWS\system32\' folder and has a size of 106199 bytes.
So far there has been 1 search for olhrwef.exe.
File names and folder information is what appears on top for each file in the file database. Legitimate software developers give their files meaningful names that users recognize, while many malware programs use names that seems to be a number of randomized letters. Malware use this technique to avoid detection based on filenames. Legitimate programs are in most cases installed under 'C:\Program Files\', while malware has a tendency to end up in the Windows system directory 'C:\WINDOWS\system32\'. Please keep in might that there is nothing that prevent a malware author from giving their files meaningful names, or even the same name as another legitimate file.
The following is the available information for firefox.exe:
|Company name||Mozilla Corporation|
|Legal copyright||©Firefox and Mozilla Developers, according to the MPL 1.1/GPL 2.0/LGPL 2.1 licenses, as applicable.|
|Legal trademark||Firefox is a Trademark of The Mozilla Foundation.|
This file does not have any version or vendor information.
The vast majority of legitimate software developers take the time to fill in the version and vendor data for each file in their product, which the developers of Firefox have done. Version information is missing for olhrwef.exe, which I would say is typical malware behaviour. But keep in mind that there is nothing that stops a malware author from adding version information that seems legitimate. Also keep in mind that there are a few cases where legitimate software is missing version information.
This file has a valid digital signature.
|Signer name||Mozilla Corporation|
|Certificate issuer name||Thawte Code Signing CA|
|Certificate serial number||1ee2bfb90ae659c80cb7ea4c606ff03e|
This file is not signed.
The digital signature is a great tool for determining if a file is legitimate. Nowadays many of the big software publishers, such as Microsoft, Adobe and Google are signing their files. firefox.exe has a valid digital signature, which means that firefox.exe files comes from the company/person listed as "Signer name", in this case the Mozilla Corporation. A valid digital signature also implies that no one has manipulated the file in any way. The absence of a digital signature does however not imply that the file is malicious. Many small scale software developers, like myself, does not yet sign files.
Now you should have a pretty good idea if the file on your computer is legitimate of malware, but there is more you can do:
There are a few great free online services that will scan suspicious files. I highly recommend using these online scanners to further investigate the files on your computer. These scanners will run the file through a big number of anti-virus engines:
Well, now you have loads of information to determine if that file on your computer is malware or legitimate. Me and all other FreeFixer users would greatly appreciate if you share your findings by posting comments or voting on the keep / remove polls for each file you investigate. Thank you!