Hi, a few days ago I had a funny thing where I found a software I mistakenly assumed I uninstalled was back again Non Existent App Showing in Tool Bar and Running!
I discovered and from the discussion that I did not really uninstall it.
As per the discussions I installed clamav.
Today, scanning my home directory and subdirectories with clamav. surprisingly I found:
$ clamscan -ri /home/limo/ | pv
LibClamAV Warning: PNG: Unexpected early end-of-file. ]
/home/limo/.cache/mozilla/firefox/f86s9wb2.default-release/cache2/entries/0F71D29C8CFF7B9F2D4B8899E32DFB0271519D59: BC.Legacy.Exploit.CVE_2013_0030-2 FOUND
/home/limo/.cache/mozilla/firefox/f86s9wb2.default-release/cache2/entries/82748EEEE356AD0B49B9B85BB60C77FBC6FCC82F: BC.Legacy.Exploit.CVE_2013_0030-2 FOUND
I don’t understand how is that possible!
I do not use Firefox for browsing I mainly use Chromium (unless a link somewhere opened using the “default” browser that was firefox!)
Any way, I deleted completely fire fox and the cache and even uninstalled firefox!
I wonder how can this happen!
Can these pose any risk? Where did they get the root password? I am sure I never did! Or they are just there somehow but they can’t install, run or do anything?
Could it be a false positive!
Any Ideas highly appreciated.
Would you recommend I do a fresh install?
That is the cache so those are files you downloaded using firefox.
From the above, it isn’t even clear if it is a real issue or a false positive. False positives are pretty common with trojans. That being said, it could very well be real.
If it is real, that particular vulnerability only impacts:
The Vector Markup Language (VML) implementation in Microsoft Internet Explorer 6 through 10 does not properly allocate buffers, which allows remote attackers to execute arbitrary code via a crafted web site, aka “VML Memory Corruption Vulnerability.”
So unless you are using an old version of Internet Explorer you should be fine.
This has nothing to do with the root password.
Keep in mind that most of what clamav reports on are Windows signatures. Before panicking, investigate the specific thing that was found and see if it even impacts you.
I honestly don’t have a great experience with ClamAV.
I installed it on my NAS, it was eating up bandwidth when transferring stuff, and giving me a lot of false positive for ISO’s that had their checksum checked, and from the official websites.
It matters with me because I’m on Linux, I should only “read” about viruses or even have them copied to my Linux machine, but they shouldn’t work (well, to be precise I should say in “almost” 100% of the cases!)