Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Trojan found by Windows Defender in Malwarebytes browsergaurd add on folder

  • 7 replies
  • 2 have this problem
  • 25 views
  • Last reply by Jennifer

Hello, Microsoft Defender apparently detected a trojan, located in the folders for the Firefox extension Malwarebytes Browserguard Trojan description: Trojan:Win32/Nibtse.c!tsk

Files: C:\Users\[user]\AppData\Roaming\Mozilla\Firefox\Profiles\funknkwf.default-release\storage\default\moz-extension+++e79e5938-419b-4a5b-b39a-e884d7347fb1\idb\2325712684IbDdB-FBiDl-eesgSatro.files\15301 C:\Users\[user]\AppData\Roaming\Mozilla\Firefox\Profiles\funknkwf.default-release\storage\default\moz-extension+++e79e5938-419b-4a5b-b39a-e884d7347fb1\idb\2325712684IbDdB-FBiDl-eesgSatro.files\15301->(ZStandard)

Is this a false positive?

Hello, Microsoft Defender apparently detected a trojan, located in the folders for the Firefox extension Malwarebytes Browserguard Trojan description: Trojan:Win32/Nibtse.c!tsk Files: C:\Users\[user]\AppData\Roaming\Mozilla\Firefox\Profiles\funknkwf.default-release\storage\default\moz-extension+++e79e5938-419b-4a5b-b39a-e884d7347fb1\idb\2325712684IbDdB-FBiDl-eesgSatro.files\15301 C:\Users\[user]\AppData\Roaming\Mozilla\Firefox\Profiles\funknkwf.default-release\storage\default\moz-extension+++e79e5938-419b-4a5b-b39a-e884d7347fb1\idb\2325712684IbDdB-FBiDl-eesgSatro.files\15301->(ZStandard) Is this a false positive?

All Replies (8)

Then that is a Extension issue not a Firefox browser issue.

Helpful?

Defender has certainly done false positives with Firefox related things before.

What extension is it claiming to find a trojan with?

Also check for definition updates in the antivirus client in case it has been fixed.

Helpful?

James said

Defender has certainly done false positives with Firefox related things before. What extension is it claiming to find a trojan with? Also check for definition updates in the antivirus client in case it has been fixed.

It was Malwarebytes Browser Guard

Helpful?

The Malwarebytes Browser Guard has caused websites to break. One thread has a mention of not being able to install this extension in Firefox however this is the only thread I find in the last thirty days for a antivirus to claim the extension to have a trojan.

Helpful?

Hi all,

I'm having a similar problem, but not with Malwarebytes picking it up but Microsoft Defender on it's own picking it up.

Windows Defender found this on my computer today and cannot quarantine it. Is this a false positive? It keeps happening every few days. April 10, 24, 25, and today May 2, 2025.

Detected: Trojan:Win32/Nibtse.c!tsk Date: 5/2/2025 10:20 AM Details: This program is dangerous and executes commands from an attacker. Affected items: file: C:\Users\(User)\AppData\Roaming\Mozilla\Firefox\Profiles\bw9vh0zb.default-release-1695587126457\storage\default\moz-extension+++5848b6ef-91e1-4c34-9a65-151f6b2c30b4\idb\2325712684IbDdB-FBiDl-eesgSatro.files\86729 Thank you.

Modified by Jennifer

Helpful?

Hi all, I'm having the same problem, but not with Malwarebytes Browser Guard, but Microsoft Defender keeps picking it up.

Microsoft Defender found this on my computer today and cannot quarantine it. Is this a false positive? It keeps happening every few days. The first time on April 10, 24, 25 and again today, May 2, 2025.

Detected: Trojan:Win32/Nibtse.c!tsk Date: 5/2/2025 10:20 AM Details: This program is dangerous and executes commands from an attacker. Affected items: file: C:\Users\(User)\AppData\Roaming\Mozilla\Firefox\Profiles\bw9vh0zb.default-release-1695587126457\storage\default\moz-extension+++5848b6ef-91e1-4c34-9a65-151f6b2c30b4\idb\2325712684IbDdB-FBiDl-eesgSatro.files\86729

Helpful?

Jennifer said

Hi all, I'm having the same problem, but not with Malwarebytes Browser Guard, but Microsoft Defender keeps picking it up. Microsoft Defender found this on my computer today and cannot quarantine it. Is this a false positive? It keeps happening every few days. The first time on April 10, 24, 25 and again today, May 2, 2025. Detected: Trojan:Win32/Nibtse.c!tsk Date: 5/2/2025 10:20 AM Details: This program is dangerous and executes commands from an attacker. Affected items: file: C:\Users\(User)\AppData\Roaming\Mozilla\Firefox\Profiles\bw9vh0zb.default-release-1695587126457\storage\default\moz-extension+++5848b6ef-91e1-4c34-9a65-151f6b2c30b4\idb\2325712684IbDdB-FBiDl-eesgSatro.files\86729

Did you check which extension is causing the issue? My apologies if you already have/know how to. But, if you don't press crtl+shift+a, then click the settings gear icon when the manage extensions page opens, then click debug add-ons. Then find the Internal UUID that matches this number: 5848b6ef-91e1-4c34-9a65-151f6b2c30b4\idb\2325712684IbDdB

Helpful?

Thanks you for telling me how to do this. It is the Malware Browser Guard extension. So do you think it might be a false positive?

Helpful?

Ask a question

You must log in to your account to reply to posts. Please start a new question, if you do not have an account yet.