% sigtool -fTxt.Downloader.Generic-6298945-0|sigtool --decode-sigs
VIRUS NAME: Txt.Downloader.Generic-6298945-0
TDB: Engine:71-255,Target:7
LOGICAL EXPRESSION: (0|1)&(2>1)&3&(4>5)&(5>2)&(6>125)
* SUBSIG ID 0
+-> OFFSET: ANY
+-> SIGMOD: NONE
+-> DECODED SUBSIGNATURE:
admin
* SUBSIG ID 1
+-> OFFSET: ANY
+-> SIGMOD: NONE
+-> DECODED SUBSIGNATURE:
random
* SUBSIG ID 2
+-> OFFSET: ANY
+-> SIGMOD: NONE
+-> DECODED SUBSIGNATURE:
eval(
* SUBSIG ID 3
+-> OFFSET: ANY
+-> SIGMOD: NONE
+-> DECODED SUBSIGNATURE:
wscript.shell
* SUBSIG ID 4
+-> OFFSET: ANY
+-> SIGMOD: NONE
+-> DECODED SUBSIGNATURE:
:2e{EXCLUDING_STRING_ALTERNATIVE::}
* SUBSIG ID 5
+-> OFFSET: ANY
+-> SIGMOD: NONE
+-> DECODED SUBSIGNATURE:
activ
* SUBSIG ID 6
+-> OFFSET: ANY
+-> SIGMOD: NONE
+-> DECODED SUBSIGNATURE:
:2
Perhaps you have an add-on that is re-creating this file or you are visiting a page that re-creates it.
-Al-
--
ClamXAV User
On Oct 21, 2022, at 5:54 PM, Wally Spratz <wally@longoz.ca> wrote:
Hi all,
Recently my clamav scan summary has starting showing a positive result for 'Txt.Downloader.Generic-6298945-0' in the following directory:/home/a/.cache/mozilla/firefox/aumvdtqj.default-release/cache2/entries/79B6E3A1CE2A151EBE6E39D2C50B6F304AFA5F65: Txt.Downloader.Generic-6298945-0 FOUND
Does anybody know whether or not this is a trojan?
If I delete the Firefox cache it disappears for a few scans but eventually it comes back.
Any idea what I should do to prevent this?
I am on Firefox 105.0.2 (64 bit) on Fedora 35
Here is the scan summary:
/home/a/.cache/mozilla/firefox/aumvdtqj.default-release/cache2/entries/79B6E3A1CE2A151EBE6E39D2C50B6F304AFA5F65: Txt.Downloader.Generic-6298945-0 FOUND
----------- SCAN SUMMARY -----------
Known viruses: 8640721
Engine version: 0.103.7
Scanned directories: 67339
Scanned files: 484686
Infected files: 1
Data scanned: 46840.43 MB
Data read: 598814.74 MB (ratio 0.08:1)
Time: 4253.298 sec (70 m 53 s)
Start Date: 2022:10:21 15:15:01
End Date: 2022:10:21 16:25:55
Thanks
Wally
