Trojan in file inside cache2 folder?
Hello
I ran a full scan with Windows Security on 13/05/2023 and it detected the following inside my Mozilla folder:
Trojan:HTML/Phish.VS!MSR
Please see the photo below for the exact location of the affected files.
I'm aware that this is my fault rather than it being an inherent issue with the browser, however I would like to know if this has/could pose an actual threat to my machine?
The following article says it wouldn't pose a threat unless the file is opened, however the article isn't maintained and as such I worry the information in it is outdated: https://support.mozilla.org/en-US/kb/Firefox%20cache%20file%20was%20infected%20with%20a%20virus
I did open the affected file in Notepad but this was after I had already quarantined the threat. It appears the Trojan was part of: (SCRIPT001)
It's worth noting that I run a third party AV on my machine (Kaspersky Plus) and when I ran a full scan with it, prior to the Defender scan that detected the Trojan, it didn't flag any issues.
Thanks in advance for any help, it's appreciated.
Modified
All Replies (3)
I'd clear the cache before doing anything else, and then scan again.
History menu > Clear Recent History. Make sure Time range to clear is set to Everything. check both Cache and Offline web site data options, and uncheck everything else. Select OK.
I do not know if there is anything else that you should do, but that is what I would do first.
That is likely a false positive. Files in the cache2 folder are used by Firefox for the browser cache. You can check this article.
cor-el said
That is likely a false positive. Files in the cache2 folder are used by Firefox for the browser cache. You can check this article.
Hi
Thanks for your response.
I did note the article that you linked in my initial post and to me it's unclear what constitues opening of a cache file, an action that could lead to an infection according to the article.
Regarding the possibility of this being a false positive, I know next to nothing about IT but to me (SCRIPT0001) sounds like something that could be used to execute a Trojan script.
Is it possible for me to find out where (SCRIPT0001) came from? Does it belong in Mozilla or is it a consequence of user activity?
Modified