Windows 10 reached EOS (end of support) on October 14, 2025. If you are on Windows 10, see this article.

Avatar for Username

搜尋 Mozilla 技術支援網站

防止技術支援詐騙。我們絕對不會要求您撥打電話或發送簡訊,或是提供個人資訊。請用「回報濫用」功能回報可疑的行為。

了解更多
此討論串已經關閉並封存。 如果您有需要幫助,請新增一個新問題
已解決 被鎖定 封存

Trojan script detected in Firefox folder

Firefox 隱私權與安全性
James replied
SuMo Bot
SuMo Bot

Hello, Microsoft Defender did a scan tonight and apparently detected a trojan script, located in the folders for Firefox extensions for both profiles I use on my computer

Trojan description: Trojan:Script/Wacatac.B!ml

Files: C:\Users\[user]\AppData\Roaming\Mozilla\Firefox\Profiles\[default profile]\extensions\langpack-fr@firefox.mozilla.org.xpi C:\Users\[user]\AppData\Roaming\Mozilla\Firefox\Profiles\[second profile]\extensions\langpack-fr@firefox.mozilla.org.xpi

This scan happened at 9pm, and a previous scan at 6pm didn't show anything. When it detected the script, MS Defender contained it and apparently deleted it when it asked me to restart the computer, I then did a full offline scan and nothing else showed up, same with a full scan with the free version of Malwarebytes. I didn't do anything unusual between 6pm and 9pm, so I'd like to know if there's a way to determine whether that script was an actual threat (instead of a false alarm)? If so, any way to know how long it has been on my computer? Any further risks to take into consideration? Other steps to follow? Thanks for the help

Hello, Microsoft Defender did a scan tonight and apparently detected a trojan script, located in the folders for Firefox extensions for both profiles I use on my computer Trojan description: Trojan:Script/Wacatac.B!ml Files: C:\Users\[user]\AppData\Roaming\Mozilla\Firefox\Profiles\[default profile]\extensions\langpack-fr@firefox.mozilla.org.xpi C:\Users\[user]\AppData\Roaming\Mozilla\Firefox\Profiles\[second profile]\extensions\langpack-fr@firefox.mozilla.org.xpi This scan happened at 9pm, and a previous scan at 6pm didn't show anything. When it detected the script, MS Defender contained it and apparently deleted it when it asked me to restart the computer, I then did a full offline scan and nothing else showed up, same with a full scan with the free version of Malwarebytes. I didn't do anything unusual between 6pm and 9pm, so I'd like to know if there's a way to determine whether that script was an actual threat (instead of a false alarm)? If so, any way to know how long it has been on my computer? Any further risks to take into consideration? Other steps to follow? Thanks for the help

所有回覆 (1)

James
James
  • Moderator
  • Top 10 Contributor

選擇的解決方法

This is very likely a false positive as only Windows Defender has been reported here to find language packs to be infected.

Language packs are simply used for the language of the user interface in Firefox like the menus and such and does not have active code. Language packs are also another way to have one Firefox install but be able to switch the UI to other languages.

This page lists the Language Packs and Dictionaries (used with spell checker) you can add to Firefox. https://addons.mozilla.org/firefox/language-tools/

由 James 於 修改

SuMo Bot
SuMo Bot 提出問題者

This question has been locked because the original author has deleted their account. While you can no longer post new replies, the existing content remains available for reference.