Windows defender Trojan and cache
Hey all,
Last night I made the mistake of clicking a sketchy link on twitter thinking what it was some meme site( the person who tweeted is someone I know personally so I thought it was safe) once I clicked on it, I wasn’t redirected to the site so I thought it was weird then once I learned that he deleted it because it was compromised. I got scared and I was running scans through Microsoft defender. After the full scan it said that it detected Trojan:HTML/Phish!pz and the affected files where C:\Users\….\Local\Mozilla\Firefox\Profiles\cq0glqqq.default-release\cache2\entries. I deleted my cache a few hours later than I should.
So I reached out to a friend and they told me that it was probably was a false flag and I didn’t need to delete my cache. But I’m nervous that it’s an actual threat and I should do more to ensure my computer is completely safe. Also probably a lot of grammar mistakes I haven’t slept since I got this information.
Chosen solution
An old article on this is https://support.mozilla.org/en-US/kb/Firefox%20cache%20file%20was%20infected%20with%20a%20virus though the steps in Settings have changed.
You are not infected if this was only found in the Cache folder as it is harmless there if left alone there. It will either get overwritten over time as Cache gets used or deleted if you clear the Cache.
Read this answer in context 👍 3All Replies (5)
I ran malwarebyte and when I did any scans I only got one detection but the files were false flags. When the notifications about the Trojan from windows defend, I did the quarantined them
Got a solution. Or at least it works for me. Windows 10 running Firefox 120.0 (64-bit) and Backup and Restore (Windows 7).
I noticed that the file that caused the failure was some variation on C:\Users\UserName\Local\Mozilla\Firefox\Profiles\<user>.default-release\cache2\*
Solution was to configure Firefox to clear the cache upon logonff, (https://support.mozilla.org/en-US/kb/how-clear-firefox-cache) for every user on the PC and then clear the disk shadow copy (https://www.ubackup.com/windows-10/how-to-delete-shadow-copies-windows-10-5740.html). And backup runs just fine because cache2 is no longer there.
This does require that Firefox not be running when backup is run.
Chosen Solution
An old article on this is https://support.mozilla.org/en-US/kb/Firefox%20cache%20file%20was%20infected%20with%20a%20virus though the steps in Settings have changed.
You are not infected if this was only found in the Cache folder as it is harmless there if left alone there. It will either get overwritten over time as Cache gets used or deleted if you clear the Cache.
Here's a screen-grab of the Trojan, identified several times by MS Essentials while Glary is scanning Firefox cache files. I can't open the caches as MS Essentials removes them on detection so I'm unable to find a SOURCE of the Trojan. This started happening after updating to Glary 6.3.0.6 and remains happening after updating to v6.4.0.7. Has something changed in how the scans are handled and MS Essentials is just picking this up. Should I be treating these as false positives? I've also advised Glarysoft of the issue but haven't heard back.
I'm also getting the Trojan:HTML/Phish!pz notification from Windows defender.
I cleared the cache file using the "clear resent history" but the notifications returned after a few minute of browsing the internet.