Hi Wally, Downloaders are not generally Trojans, although they may result from a Trojan that is used to install a Downloader.
This signature has been in the Clamav database since Apr 26 2017, which would tend to indicate it's validity. The signature breaks out to: > % sigtool -fTxt.Downloader.Generic-6298945-0|sigtool --decode-sigs > VIRUS NAME: Txt.Downloader.Generic-6298945-0 > TDB: Engine:71-255,Target:7 > LOGICAL EXPRESSION: (0|1)&(2>1)&3&(4>5)&(5>2)&(6>125) > * SUBSIG ID 0 > +-> OFFSET: ANY > +-> SIGMOD: NONE > +-> DECODED SUBSIGNATURE: > admin > * SUBSIG ID 1 > +-> OFFSET: ANY > +-> SIGMOD: NONE > +-> DECODED SUBSIGNATURE: > random > * SUBSIG ID 2 > +-> OFFSET: ANY > +-> SIGMOD: NONE > +-> DECODED SUBSIGNATURE: > eval( > * SUBSIG ID 3 > +-> OFFSET: ANY > +-> SIGMOD: NONE > +-> DECODED SUBSIGNATURE: > wscript.shell > * SUBSIG ID 4 > +-> OFFSET: ANY > +-> SIGMOD: NONE > +-> DECODED SUBSIGNATURE: > :2e{EXCLUDING_STRING_ALTERNATIVE::} > * SUBSIG ID 5 > +-> OFFSET: ANY > +-> SIGMOD: NONE > +-> DECODED SUBSIGNATURE: > activ > * SUBSIG ID 6 > +-> OFFSET: ANY > +-> SIGMOD: NONE > +-> DECODED SUBSIGNATURE: > :2 Perhaps you have an add-on that is re-creating this file or you are visiting a page that re-creates it. -Al- -- ClamXAV User On Oct 21, 2022, at 5:54 PM, Wally Spratz <wa...@longoz.ca> wrote: > Hi all, > > Recently my clamav scan summary has starting showing a positive result for > 'Txt.Downloader.Generic-6298945-0' in the following directory: > >> /home/a/.cache/mozilla/firefox/aumvdtqj.default-release/cache2/entries/79B6E3A1CE2A151EBE6E39D2C50B6F304AFA5F65: >> Txt.Downloader.Generic-6298945-0 FOUND > > Does anybody know whether or not this is a trojan? > > If I delete the Firefox cache it disappears for a few scans but eventually it > comes back. > > Any idea what I should do to prevent this? > > I am on Firefox 105.0.2 (64 bit) on Fedora 35 > > Here is the scan summary: > > /home/a/.cache/mozilla/firefox/aumvdtqj.default-release/cache2/entries/79B6E3A1CE2A151EBE6E39D2C50B6F304AFA5F65: > Txt.Downloader.Generic-6298945-0 FOUND > > ----------- SCAN SUMMARY ----------- > Known viruses: 8640721 > Engine version: 0.103.7 > Scanned directories: 67339 > Scanned files: 484686 > Infected files: 1 > Data scanned: 46840.43 MB > Data read: 598814.74 MB (ratio 0.08:1) > Time: 4253.298 sec (70 m 53 s) > Start Date: 2022:10:21 15:15:01 > End Date: 2022:10:21 16:25:55 > > > Thanks > > Wally Powered by Mailbutler <https://www.mailbutler.io/?utm_source=watermark&utm_medium=email&utm_campaign=watermark-variant-primary> - still your inbox, but smarter.
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat