Jump to content

HEUR:Trojan.Script.Generic Detected In Firefox Cache


Recommended Posts

Posted

Hi

 

Today, I saw two pending issues for me to resolve on my Kaspersky Security Cloud Anti-virus.

 

Trojan.Script.Generic was detected in the Profile (AppData\Local\Mozilla\Firefox\Profiles\z6klobqk.default-1578493695352\cache2\entries\CE7D3D660289BD98546FCE59E36ACD6A4277FE8E ) of my Firefox browser.

So I clicked the button to resolve the issues.

After that. I did a re-scan of my computer and found nothing.

 

Here are some questions:

  1. How did the Trojan script got into the browser in the first place? How did it bypass the anti-virus?
  2. I only saw the issue when I was checking something else and saw the “exclamation mark” on the anti-virus icon. Why is there no pop-up screen for me to take action when it is detected?
  3. https://threats.kaspersky.com/en/threat/Trojan.Script.Generic/ did not say much about the payload. How do I know what information is compromised? Should I be concern about anything? Or is it a false positive?

Thank you for reading :)

Posted

@cheesecake Welcome.

Can you please verify the detection details in the Kaspersky reports.

Posted

@Benny Thanks.

 

May I know what details do you want to see? Under the reports, there are many sections. So do you mean “Detected Objects”?

 

I have copied the following from the “Detected Objects” report.

Please note that the name has been replaced.

 

Detected object (file) no longer available;C:\Users\name\AppData\Local\Mozilla\Firefox\Profiles\z6klobqk.default-1578493695352\cache2\entries\CE7D3D660289BD98546FCE59E36ACD6A4277FE8E;HEUR:Trojan.Script.Generic;File;Trojan program;Today, 6/12/2020 4:58 PM

 

Detected object (file) no longer available;C:\Users\name\AppData\Local\Mozilla\Firefox\Profiles\z6klobqk.default-1578493695352\cache2\entries\CE7D3D660289BD98546FCE59E36ACD6A4277FE8E//CE7D3D660289BD98546FCE59E36ACD6A4277FE8E;HEUR:Trojan.Script.Generic;File;Trojan program;Today, 6/12/2020 4:58 PM

 

Is that sufficient?

Posted

@cheesecake Please install the extension :

Kaspersky Protection 2020 : https://addons.mozilla.org/en-US/firefox/addon/kaspersky-protection-2020/

Kaspersky protection 2021: https://addons.mozilla.org/en-US/firefox/addon/kaspersky-protection-2021/


Also, is the Kaspersky  web anti-virus module enabled ?

 


Berny, so do I install both extension or one of them?

 

I cannot find the option to check if the web anti-virus module is enabled or not.

But I can see there are event logs in the web anti-virus Reports. So I assume it is working.

Posted

@cheesecake

Please install the extension that is matching with your Kaspersky version ? 2020 or 2021 ?

For the Web Anti-virus options please follow :
Kaspersky > Settings > Protection > Web Anti-Virus

Posted

My version is 21.1.15.500 (c). So I downloaded the 2021 extension.

 

The Web Anti-virus is already enabled.

 

Do you need more information of my system?

 

I have passed the questions here again for quick reference.

  1. How did the Trojan script got into the browser in the first place? How did it bypass the anti-virus?
  2. I only saw the issue when I was checking something else and saw the “exclamation mark” on the anti-virus icon. Why is there no pop-up screen for me to take action when it is detected?
  3. https://threats.kaspersky.com/en/threat/Trojan.Script.Generic/ did not say much about the payload. How do I know what information is compromised? Should I be concern about anything? Or is it a false positive?

 

Posted

@cheesecake To clarify this issue we should need the url from the site that was containing a suspicious script   , in some cases it comes out that it was a false positive … 🤔

Posted

@Berny I see. So is there anyway to track back the url?

 

Then for Trojan.Script.Generic,

  1. What does it do in general?
  2. Is it a keylogger?
  3. Does it execute by self?
  4. Can it upload files to some remote server?
Guest
This topic is now closed to further replies.


×
×
  • Create New...