Windows Defender detected Trojan:Script/Wacatac.H!ml
Hello,
I just did a full windows defender scan and it turns out Trojan:Script/Wacatac.H!ml popped up when it was done and it said the files affected were:
containerfile: C:\Users\User\AppData\Local\Mozilla\Firefox\Profiles\.default-release\cache2\entries\InsertHashHere
file: C:\Users\User\AppData\Local\Mozilla\Firefox\Profiles\.default-release\cache2\entries\InsertHashHere->(GZip)
I removed the hashes or whatever they were behind the entries, I was wondering if this was a false positive? I didn't notice any slowed down or hacked accounts, also windows defender quarantined it. I've also reinstalled Firefox and deleted all folders associated with Mozilla in AppData.
Všechny odpovědi (6)
Anything found in the Cache is harmless if left untouched as it will be overwritten over time as Cache is used or be deleted if you clear the Cache.
We had an article about this, but is was for old Firefox versions and the steps for clearing the cache are outdated.
"Clear the Cache":
- Settings -> Privacy & Security
Cookies and Site Data -> Clear Data -> [X] Cached Web Content -> Clear - https://support.mozilla.org/en-US/kb/how-clear-firefox-cache
Thank you very much,
So basically unless I didn't open it it's probably just a false positive?
I've also cleared my cache and reinstalled Firefox from scratch.
My windows defender just found exactly the same trojan in exactly the same location. Followed the steps above, is anyone able to confirm if this was something that was downloaded as browsing (such as an object on a website) and IS a trojan or if this is just a false positive on the part of windows defender?
Funkyshark88 said
My windows defender just found exactly the same trojan in exactly the same location. Followed the steps above, is anyone able to confirm if this was something that was downloaded as browsing (such as an object on a website) and IS a trojan or if this is just a false positive on the part of windows defender?
yeah, also the weird part is that it only happends on 1 website for me.
Upravil uživatel 2 dne
oops why did it sent so many times
Upravil uživatel 2 dne
Funkyshark88 said
My windows defender just found exactly the same trojan in exactly the same location. Followed the steps above, is anyone able to confirm if this was something that was downloaded as browsing (such as an object on a website) and IS a trojan or if this is just a false positive on the part of windows defender?
I've did some testing and figured out which website was causing it (for me atleast) it was twitch.tv the streaming platform, whenever I visited that website and did a full windows defender scan it detected it. Its most likely a false positive or the website might have been hacked (which i highly doubt) also I would recommend you to run a full windows defender, MSERT, malwarebytes scan just to be sure ur not infected. I avoided the website for now and it hasnt appeared again.
Upravil uživatel 2 dne