Where did you install Firefox from? Help Mozilla uncover 3rd party websites that offer problematic Firefox installation by taking part in our campaign. There will be swag, and you'll be featured in our blog if you manage to report at least 10 valid reports!

Avatar for Username

Поиск в Поддержке

Избегайте мошенников, выдающих себя за службу поддержки. Мы никогда не попросим вас позвонить, отправить текстовое сообщение или поделиться личной информацией. Сообщайте о подозрительной активности, используя функцию «Пожаловаться».

Learn More

Эта тема была архивирована. Если вам нужна помощь, задайте новый вопрос.

Trojan script detected in Firefox folder

  • 1 ответ
  • 5 имеют эту проблему
  • 1 просмотр
  • Последний ответ от James

kiw17
kiw17
more options

Hello, Microsoft Defender did a scan tonight and apparently detected a trojan script, located in the folders for Firefox extensions for both profiles I use on my computer

Trojan description: Trojan:Script/Wacatac.B!ml

Files: C:\Users\[user]\AppData\Roaming\Mozilla\Firefox\Profiles\[default profile]\extensions\langpack-fr@firefox.mozilla.org.xpi C:\Users\[user]\AppData\Roaming\Mozilla\Firefox\Profiles\[second profile]\extensions\langpack-fr@firefox.mozilla.org.xpi

This scan happened at 9pm, and a previous scan at 6pm didn't show anything. When it detected the script, MS Defender contained it and apparently deleted it when it asked me to restart the computer, I then did a full offline scan and nothing else showed up, same with a full scan with the free version of Malwarebytes. I didn't do anything unusual between 6pm and 9pm, so I'd like to know if there's a way to determine whether that script was an actual threat (instead of a false alarm)? If so, any way to know how long it has been on my computer? Any further risks to take into consideration? Other steps to follow? Thanks for the help

Hello, Microsoft Defender did a scan tonight and apparently detected a trojan script, located in the folders for Firefox extensions for both profiles I use on my computer Trojan description: Trojan:Script/Wacatac.B!ml Files: C:\Users\[user]\AppData\Roaming\Mozilla\Firefox\Profiles\[default profile]\extensions\langpack-fr@firefox.mozilla.org.xpi C:\Users\[user]\AppData\Roaming\Mozilla\Firefox\Profiles\[second profile]\extensions\langpack-fr@firefox.mozilla.org.xpi This scan happened at 9pm, and a previous scan at 6pm didn't show anything. When it detected the script, MS Defender contained it and apparently deleted it when it asked me to restart the computer, I then did a full offline scan and nothing else showed up, same with a full scan with the free version of Malwarebytes. I didn't do anything unusual between 6pm and 9pm, so I'd like to know if there's a way to determine whether that script was an actual threat (instead of a false alarm)? If so, any way to know how long it has been on my computer? Any further risks to take into consideration? Other steps to follow? Thanks for the help

Выбранное решение

This is very likely a false positive as only Windows Defender has been reported here to find language packs to be infected.

Language packs are simply used for the language of the user interface in Firefox like the menus and such and does not have active code. Language packs are also another way to have one Firefox install but be able to switch the UI to other languages.

This page lists the Language Packs and Dictionaries (used with spell checker) you can add to Firefox. https://addons.mozilla.org/firefox/language-tools/

Прочитайте этот ответ в контексте 👍 0

Все ответы (1)

James
James
  • Top 25 Contributor
  • Moderator
more options

Выбранное решение

This is very likely a false positive as only Windows Defender has been reported here to find language packs to be infected.

Language packs are simply used for the language of the user interface in Firefox like the menus and such and does not have active code. Language packs are also another way to have one Firefox install but be able to switch the UI to other languages.

This page lists the Language Packs and Dictionaries (used with spell checker) you can add to Firefox. https://addons.mozilla.org/firefox/language-tools/

Изменено James