Trojan in Mozzila extension

April 11, 2021

Hello, I am protected by Kaspersky Internet Security again since a few days. A year I was with Bitdefender and I must say no thanks never again with it.

Yesterday I did a system scan and it found 2 "trojans" in the mozzila folder.

True;injection.js;injection.js; C:\Users\Fablo\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{DB981CCA-088E-4731-A4A2-2FE218703C0E}. xpi/;HEUR:Trojan.Script.Generic;HEUR:Trojan.Script.Generic;11.04.2021 11:30;Deleted

and

True;{DB981CCA-088E-4731-A4A2-2FE218703C0E}.xpi;{DB981CCA-088E-4731-A4A2-2FE218703C0E}. xpi; C:\Users\Fablo\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\;HEUR:Trojan.Script.Generic;11.04.2021 11:30;Deleted

Should I be worried that passwords and logins have been stolen?
What exactly did I catch?

Translated with www.DeepL.com/Translator (free version)

April 11, 2021

@Fablo Welcome. I think you shouldn’t worry about this issue.

Can you please check in your Kaspersky reports if any other detection (e.g. download) has been blocked.

Also , please clear you browser cache and run another scan.

April 11, 2021

During the scan, some downloads from Chip were reported and deleted.

True;camstudio_CB-DL-Manager.exe;camstudio_CB-DL-Manager.exe;C:\Users\Fablo\Downloads\;not-a-virus:HEUR:Downloader.Win32.DownloaderGuide.gen;not-a-virus:HEUR:Downloader.Win32.DownloaderGuide.gen;04/11/2021 03:18;Deleted

True;Recuva - CHIP installer from 03/29/2021 f7e7685f9aede6553d132b6bb44faef3.exe;Recuva - CHIP installer from 03/29/2021 f7e7685f9aede6553d132b6bb44faef3. exe;C:\Users\Fablo\Downloads\;not-a-virus:HEUR:Downloader.MSIL.DownloadSponsor.gen;not-a-virus:HEUR:Downloader.MSIL.DownloadSponsor.gen;04/11/2021 03:18;Deleted

True;TestDisk PhotoRec - CHIP installer dated 29/03/2021 680a65724068da6259225e291a937f30.exe;TestDisk PhotoRec - CHIP installer dated 29/03/2021 680a65724068da6259225e291a937f30. exe;C:\Users\Fablo\Downloads\;not-a-virus:HEUR:Downloader.MSIL.DownloadSponsor.gen;not-a-virus:HEUR:Downloader.MSIL.DownloadSponsor.gen;04/11/2021 03:18;Deleted

True;R Studio - CHIP installer dated 29/03/2021 b82b1509d693c877d7cc954cf0add94f.exe;R Studio - CHIP installer dated 29/03/2021 b82b1509d693c877d7cc954cf0add94f. exe;C:\Users\Fablo\Downloads\;not-a-virus:HEUR:Downloader.MSIL.DownloadSponsor.gen;not-a-virus:HEUR:Downloader.MSIL.DownloadSponsor.gen;04/11/2021 11:32;Deleted

True;DuplicateMediaFinder_FREE_x32_v8.001_Setup_CB-DL-Manager.exe;DuplicateMediaFinder_FREE_x32_v8.001_Setup_CB-DL-Manager. exe;C:\Users\Fablo\Downloads\;not-a-virus:HEUR:Downloader.Win32.DownloaderGuide.gen;not-a-virus:HEUR:Downloader.Win32.DownloaderGuide.gen;11.04.2021 11:32;Deleted

I have Malwarebyte scanning right now, then I will scan again with Kaspersky.

Should I worry that my passwords have been stolen?

Translated with www.DeepL.com/Translator (free version)

April 11, 2021

Could the Trojan message be a Firefox addon that I installed and uninstalled? A few days ago I searched for a downlaod addon in Firefox/Addons.

April 11, 2021

Malwarebytes just found nothing in the complete system scan. Now let Kaspersky scan again.

April 11, 2021

Ok no found in the new Kaspersky scan.

April 11, 2021

Thank You very much Berny.

April 11, 2021

@Fablo You are always welcome ...

April 12, 2021

Hello,

If convience, Could you please tell us which firefox addones related to this folder?

C:\Users\Fablo\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{DB981CCA-088E-4731-A4A2-2FE218703C0E}. xpi/

Regards.

April 12, 2021

Hello if you can tell me where I can see this?
Kaspersky has moved everything to quarantine

Regards

April 12, 2021

Hello if you can tell me where I can see this?
Kaspersky has moved everything to quarantine

Regards

Hello,

Let’s search the extensions related to {ec8030f7-c20a-464f-9b0e-13a3a9e97384}

C:\Users\Fablo\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{DB981CCA-088E-4731-A4A2-2FE218703C0E}. xpi/ .

For example,

Tell us what addone is involved in this problem.

Or, tell us what addone has broken after KIS delete its js file. Thanks.

Regards.

April 13, 2021

Ok but I said before I have deleted all addons

Trojan in Mozzila extension

Recommended Posts

Fablo

Berny

Fablo

Fablo

Fablo

Fablo

Fablo

Berny

Wesly.Zhang

Fablo

Wesly.Zhang

Fablo

Forum

Products

Support

Personal Account