Hi, a few days ago I had a funny thing where I found a software I mistakenly assumed I uninstalled was back again Non Existent App Showing in Tool Bar and Running!
I discovered and from the discussion that I did not really uninstall it.
As per the discussions I installed clamav.
Today, scanning my home directory and subdirectories with clamav. surprisingly I found:
$ clamscan -ri /home/limo/ | pv
LibClamAV Warning: PNG: Unexpected early end-of-file. ]
/home/limo/.cache/mozilla/firefox/f86s9wb2.default-release/cache2/entries/0F71D29C8CFF7B9F2D4B8899E32DFB0271519D59: BC.Legacy.Exploit.CVE_2013_0030-2 FOUND
/home/limo/.cache/mozilla/firefox/f86s9wb2.default-release/cache2/entries/82748EEEE356AD0B49B9B85BB60C77FBC6FCC82F: BC.Legacy.Exploit.CVE_2013_0030-2 FOUND
I don’t understand how is that possible!
I do not use Firefox for browsing I mainly use Chromium (unless a link somewhere opened using the “default” browser that was firefox!)
Any way, I deleted completely fire fox and the cache and even uninstalled firefox!
I wonder how can this happen!
Can these pose any risk? Where did they get the root password? I am sure I never did! Or they are just there somehow but they can’t install, run or do anything?
Could it be a false positive!
Any Ideas highly appreciated.
Would you recommend I do a fresh install?
Thank you.
That is the cache so those are files you downloaded using firefox.
From the above, it isn’t even clear if it is a real issue or a false positive. False positives are pretty common with trojans. That being said, it could very well be real.
If it is real, that particular vulnerability only impacts:
The Vector Markup Language (VML) implementation in Microsoft Internet Explorer 6 through 10 does not properly allocate buffers, which allows remote attackers to execute arbitrary code via a crafted web site, aka “VML Memory Corruption Vulnerability.”
So unless you are using an old version of Internet Explorer you should be fine.
This has nothing to do with the root password.
No
Keep in mind that most of what clamav reports on are Windows signatures. Before panicking, investigate the specific thing that was found and see if it even impacts you.
I honestly don’t have a great experience with ClamAV.
I installed it on my NAS, it was eating up bandwidth when transferring stuff, and giving me a lot of false positive for ISO’s that had their checksum checked, and from the official websites.
I do not think I did download anything. Even if it was a link somewhere that opened firefox as default I would copy the link and download in chromium. So, maybe just links that opened whatever page.
Sure not! What Internet Explorer I’m only on EndeavourOS
Nothing other than the app that appeared somehow I gues as a result of either playing with python or something else. It just disappeared after I really removed it as in the other post.
I have no problems with my laptop or system, everything is working perfectly (other than this app that I thought I uninstalled)
So, I can comfortably believe it is just a false positive as I don’t use or download anything with Firefox.
Latest scan results:
Known viruses: 8667828
Engine version: 1.0.1
Scanned directories: 49322
Scanned files: 438409
Infected files: 0
Data scanned: 39928.14 MB
Data read: 122862.06 MB (ratio 0.32:1)
Time: 7081.450 sec (118 m 1 s)
Start Date: 2023:05:31 16:30:37
End Date: 2023:05:31 18:28:38
310 B 1:58:01 [44.8miB/s] [ <=> ]
[limo@asus ~]$
0 infected files!
So, I guess it was a false positive!
Thank you very much guys!
I understand if it is false (false positive) it shouldn’t matter.
But how is it shouldn’t matter if it is true! You mean that I already deleted everything and have 0 files infected?
Who! Me!? No way even if I ended up living in the stone age! How would I make my OS itself viruses, trojans and spyware and use them as my operating system! They even don’t run smoothly!
I just remembered now 2 times 2 brand new computers different years and Windoze, just out of the box I got a crash while booting them first time out of the box!
There are a lot of possibilities to get a virus with not much user input, it doesn’t really matter how exactly it gets there if it’s an actual virus
It matters with me because I’m on Linux, I should only “read” about viruses or even have them copied to my Linux machine, but they shouldn’t work (well, to be precise I should say in “almost” 100% of the cases!)
nose!
