Hi Wally, Downloaders are not generally Trojans, although they may result from a Trojan that is used to install a Downloader.
This signature has been in the Clamav database since Apr 26 2017, which would
tend to indicate it's validity.
The signature breaks out to:
> % sigtool -fTxt.Downloader.Generic-6298945-0|sigtool --decode-sigs
> VIRUS NAME: Txt.Downloader.Generic-6298945-0
> TDB: Engine:71-255,Target:7
> LOGICAL EXPRESSION: (0|1)&(2>1)&3&(4>5)&(5>2)&(6>125)
> * SUBSIG ID 0
> +-> OFFSET: ANY
> +-> SIGMOD: NONE
> +-> DECODED SUBSIGNATURE:
> admin
> * SUBSIG ID 1
> +-> OFFSET: ANY
> +-> SIGMOD: NONE
> +-> DECODED SUBSIGNATURE:
> random
> * SUBSIG ID 2
> +-> OFFSET: ANY
> +-> SIGMOD: NONE
> +-> DECODED SUBSIGNATURE:
> eval(
> * SUBSIG ID 3
> +-> OFFSET: ANY
> +-> SIGMOD: NONE
> +-> DECODED SUBSIGNATURE:
> wscript.shell
> * SUBSIG ID 4
> +-> OFFSET: ANY
> +-> SIGMOD: NONE
> +-> DECODED SUBSIGNATURE:
> :2e{EXCLUDING_STRING_ALTERNATIVE::}
> * SUBSIG ID 5
> +-> OFFSET: ANY
> +-> SIGMOD: NONE
> +-> DECODED SUBSIGNATURE:
> activ
> * SUBSIG ID 6
> +-> OFFSET: ANY
> +-> SIGMOD: NONE
> +-> DECODED SUBSIGNATURE:
> :2
Perhaps you have an add-on that is re-creating this file or you are visiting a
page that re-creates it.
-Al-
--
ClamXAV User
On Oct 21, 2022, at 5:54 PM, Wally Spratz <[email protected]> wrote:
> Hi all,
>
> Recently my clamav scan summary has starting showing a positive result for
> 'Txt.Downloader.Generic-6298945-0' in the following directory:
>
>> /home/a/.cache/mozilla/firefox/aumvdtqj.default-release/cache2/entries/79B6E3A1CE2A151EBE6E39D2C50B6F304AFA5F65:
>> Txt.Downloader.Generic-6298945-0 FOUND
>
> Does anybody know whether or not this is a trojan?
>
> If I delete the Firefox cache it disappears for a few scans but eventually it
> comes back.
>
> Any idea what I should do to prevent this?
>
> I am on Firefox 105.0.2 (64 bit) on Fedora 35
>
> Here is the scan summary:
>
> /home/a/.cache/mozilla/firefox/aumvdtqj.default-release/cache2/entries/79B6E3A1CE2A151EBE6E39D2C50B6F304AFA5F65:
> Txt.Downloader.Generic-6298945-0 FOUND
>
> ----------- SCAN SUMMARY -----------
> Known viruses: 8640721
> Engine version: 0.103.7
> Scanned directories: 67339
> Scanned files: 484686
> Infected files: 1
> Data scanned: 46840.43 MB
> Data read: 598814.74 MB (ratio 0.08:1)
> Time: 4253.298 sec (70 m 53 s)
> Start Date: 2022:10:21 15:15:01
> End Date: 2022:10:21 16:25:55
>
>
> Thanks
>
> Wally
Powered by Mailbutler
<https://www.mailbutler.io/?utm_source=watermark&utm_medium=email&utm_campaign=watermark-variant-primary>
- still your inbox, but smarter.
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
