Jump to content
Kaspersky Support Forum

Trojan in Mozzila extension

Fablo

By Fablo
in Kaspersky Internet Security

 Share

Recommended Posts

Fablo

Fablo

Posted
  • Author
Posted

Hello, I am protected by Kaspersky Internet Security again since a few days. A year I was with Bitdefender and I must say no thanks never again with it.

Yesterday I did a system scan and it found 2 "trojans" in the mozzila folder.

True;injection.js;injection.js; C:\Users\Fablo\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{DB981CCA-088E-4731-A4A2-2FE218703C0E}. xpi/;HEUR:Trojan.Script.Generic;HEUR:Trojan.Script.Generic;11.04.2021 11:30;Deleted

and

True;{DB981CCA-088E-4731-A4A2-2FE218703C0E}.xpi;{DB981CCA-088E-4731-A4A2-2FE218703C0E}. xpi; C:\Users\Fablo\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\;HEUR:Trojan.Script.Generic;11.04.2021 11:30;Deleted

Should I be worried that passwords and logins have been stolen?
What exactly did I catch?

Translated with www.DeepL.com/Translator (free version)

Link to comment
Share on other sites
Berny

Berny

Posted
Posted

@Fablo Welcome. I think you shouldn’t worry about this issue.

Can you please check in your Kaspersky reports  if any other detection (e.g. download) has been blocked.

Also , please clear you browser cache and run another scan.

Link to comment
Share on other sites
Fablo

Fablo

Posted
  • Author
Posted

During the scan, some downloads from Chip were reported and deleted.

 

True;camstudio_CB-DL-Manager.exe;camstudio_CB-DL-Manager.exe;C:\Users\Fablo\Downloads\;not-a-virus:HEUR:Downloader.Win32.DownloaderGuide.gen;not-a-virus:HEUR:Downloader.Win32.DownloaderGuide.gen;04/11/2021 03:18;Deleted

True;Recuva - CHIP installer from 03/29/2021 f7e7685f9aede6553d132b6bb44faef3.exe;Recuva - CHIP installer from 03/29/2021 f7e7685f9aede6553d132b6bb44faef3. exe;C:\Users\Fablo\Downloads\;not-a-virus:HEUR:Downloader.MSIL.DownloadSponsor.gen;not-a-virus:HEUR:Downloader.MSIL.DownloadSponsor.gen;04/11/2021 03:18;Deleted

True;TestDisk PhotoRec - CHIP installer dated 29/03/2021 680a65724068da6259225e291a937f30.exe;TestDisk PhotoRec - CHIP installer dated 29/03/2021 680a65724068da6259225e291a937f30. exe;C:\Users\Fablo\Downloads\;not-a-virus:HEUR:Downloader.MSIL.DownloadSponsor.gen;not-a-virus:HEUR:Downloader.MSIL.DownloadSponsor.gen;04/11/2021 03:18;Deleted

True;R Studio - CHIP installer dated 29/03/2021 b82b1509d693c877d7cc954cf0add94f.exe;R Studio - CHIP installer dated 29/03/2021 b82b1509d693c877d7cc954cf0add94f. exe;C:\Users\Fablo\Downloads\;not-a-virus:HEUR:Downloader.MSIL.DownloadSponsor.gen;not-a-virus:HEUR:Downloader.MSIL.DownloadSponsor.gen;04/11/2021 11:32;Deleted

True;DuplicateMediaFinder_FREE_x32_v8.001_Setup_CB-DL-Manager.exe;DuplicateMediaFinder_FREE_x32_v8.001_Setup_CB-DL-Manager. exe;C:\Users\Fablo\Downloads\;not-a-virus:HEUR:Downloader.Win32.DownloaderGuide.gen;not-a-virus:HEUR:Downloader.Win32.DownloaderGuide.gen;11.04.2021 11:32;Deleted

 

I have Malwarebyte scanning right now, then I will scan again with Kaspersky.

Should I worry that my passwords have been stolen?

Translated with www.DeepL.com/Translator (free version)

Link to comment
Share on other sites
Fablo

Fablo

Posted
  • Author
Posted

Could the Trojan message be a Firefox addon that I installed and uninstalled? A few days ago I searched for a downlaod addon in Firefox/Addons.

Link to comment
Share on other sites
Wesly.Zhang

Wesly.Zhang

Posted
Posted

Hello,

If convience, Could you please tell us which firefox addones related to this folder?

C:\Users\Fablo\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{DB981CCA-088E-4731-A4A2-2FE218703C0E}. xpi/

Regards.

Link to comment
Share on other sites
Wesly.Zhang

Wesly.Zhang

Posted
Posted

Hello if you can tell me where I can see this?
Kaspersky has moved everything to quarantine


Regards


Hello,

Let’s search the extensions related to {ec8030f7-c20a-464f-9b0e-13a3a9e97384}

C:\Users\Fablo\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{DB981CCA-088E-4731-A4A2-2FE218703C0E}. xpi/ .

For example,

Tell us what addone is involved in this problem.

Or, tell us what addone has broken after KIS delete its js file. Thanks.

Regards.

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing


×
×
  • Create New...