Hi there, On Fri, 28 Oct 2022, Wally Spratz wrote:
... Does anybody have any idea of what this Malware does
The clue is in the name: ".Generic-". Mr. Varnell has shown you the signature. As he pointed out it's one which has been around for several years, so that's evidence that it's not very prone to false positives; AFAICT it hasn't been mentioned on the ClamAV Users' list until you brought it up. If you look at the strings in the decoded signature, you can probably agree that things which contain them would be suspect. If you'd like a second opinion you can always send a copy of the offending file to Jotti and/or Virus Total: https://virusscan.jotti.org/ https://www.virustotal.com/old-browsers/ My guess is you will find that at least half a dozen other scanners complain about it. They might give you more information, or at least a bit more context.
and how it is acquired?
Given your description of where it was found, I'd guess by not being careful in your browsing habits. Bear in mind that the fact that it's in your browser cache doesn't necessarily mean that anything on your system is vulnerable to it, but all the same this isn't something that you'd want to treat lightly. If a site is hosting anything malicious, even if it's something to which your system isn't vulnerable, it must be considered dangerous because you can never know what else it might be hosting to which your system *might* be vulnerable. As you've said "eventually it comes back" it is - just about - possible that there is some persistent malware doing things when you aren't looking, but now I'm getting into the weeds and I think the overwhelming probability is that you are using some Website which has been compromised. I'd take anything like this as a warning that I need to be more careful about the sites that I visit. Maybe You can do a service to the community by trying to find which site it is and alerting the owner, but the vast majority of compromised Websites are run by hopeless cases and you'd probably just be wasting your time. Far better to avoid them, and let them die a natural death. I've never seen anything like this in my browser's cache directory but (1) I'm cautious about Websites that I visit and (2) I never scan it. -- 73, Ged. _______________________________________________ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
