Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Generic User Avatar

Windows Defender detected: Trojan:Script/Wacatac.H!ml in Firefox. Concern?


  • This topic is locked This topic is locked
2 replies to this topic

#1 yultezurki

yultezurki

  •  Avatar image
  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:30 AM

Posted 20 April 2024 - 08:05 AM

Preface:
 

Hey, so I ran a full scan to see if my system is clean, once the scan was completed Trojan:Script/Wacatac.H!ml was detected, so I immediately inspected the detection and quarantined.

 

Chapter 1 | Context (skip):

  • I don't download shady cracked, dll injector mod menus, totally-free-games, adobe-flash .exe software from the web. The Windows XP days are over :rip:
  • I don't open pdfs or epubs, or at least I only open trust-worthy ones, checking hash via VT. But generally, zero third party pdfs, not from friends, not from emails.
  • I always look up the original source of a software like balena etcher, wiztree etc manually by hand, rather than using peoples'/websites' links.
  • I also have windows defender ransomware / folder modification thingy protection enabled, as well as kernelisolation and what not, which means when software like balena etcher tries to write a file or something, it needs to ask for permission.

 

Chapter 2 | Detection:

 

containerfile: C:\Users\<myusername>\AppData\Local\Mozilla\Firefox\Profiles\v06usssn.default-release\cache2\entries\6C34C1BBF8017FB4DE2E4B133FE206D1CFF902E7

 

file: C:\Users\<myusername>\AppData\Local\Mozilla\Firefox\Profiles\v06usssn.default-release\cache2\entries\6C34C1BBF8017FB4DE2E4B133FE206D1CFF902E7->(GZip)

 

 

Appendix

 

Does someone know what exactly is going on?

Firefox Extensions: Ublock origin, darkreader

 

Another fullscan completed no detection.

The plan is to install Bitdefender (Premium Trial) and run a full scan.
Looking this trojan up results in barely any matching results, or fruitful solutions/discussions, but rather people trashing OP for using AVG or whatever :flamethrower:

 

Thanks in advance.

Why is this post written like a book? No idea, you tell me :grinner:. Why the excessive smileys? Nostalgia.


Edited by yultezurki, 20 April 2024 - 08:06 AM.


BC AdBot (Login to Remove)

 


#2 DR_M

DR_M

    The Grecian Geek


  •  Avatar image
  • Malware Response Team
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:30 AM

Posted 20 April 2024 - 08:16 AM

Hi and welcome to BC Forums. EPFGbk7.gif

To begin with, I must check some logs created from your system. To do this:

Download Farbar Recovery Scan Tool and save it to your desktop. --> IMPORTANT

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your antivirus software detects the tool as malicious, it’s safe to allow FRST to run. It is a false-positive detection.

If English is not your primary language, right click on FRST.exe/FRST64.exe and rename to FRSTEnglish.exe/FRST64English.exe

  • Double-click the FRST icon to run the tool. When the tool opens click Yes to disclaimer.
  • Press Scan button and wait for a while.
  • The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
  • Please attach the content of these two logs in your next reply.

(To attach the files, click on the More Reply Options at the bottom right of the reply area, and then choose Attach File)


waKmk76.png    unite.png

 

Grecian Geek

 

Count your blessings, remember your prayers...

 

"In one of the stars I shall be living. In one of them I shall be laughing. And so it will be as if all the stars will be laughing when you look at the sky at night..

You, only you, will have stars that can laugh."


#3 DR_M

DR_M

    The Grecian Geek


  •  Avatar image
  • Malware Response Team
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:30 AM

Posted Yesterday, 09:39 AM

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member, or send me a personal message (hoover with the mouse on my profile name and choose Send message).

waKmk76.png    unite.png

 

Grecian Geek

 

Count your blessings, remember your prayers...

 

"In one of the stars I shall be living. In one of them I shall be laughing. And so it will be as if all the stars will be laughing when you look at the sky at night..

You, only you, will have stars that can laugh."





1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users