Can someone explain what this MozBackup of Thunderbird trojan is and how to find and get rid of it?
I recently scanned the Mozbackup of Thunderbird file and it shows the following in that file as a "Win32:RATX-gen [Trj]. I checked the ThunderBird trash(nothing there), scanned the whole folder and did not find anything, but it keeps showing up in each new MozBackup file. See below of what Avast is showing.
This is adware and should be considered adware malware if found to reside inside
C:\Windows\System32\co.exe as a windows version independant file.
Malware files can be camouflaged with the same file names as legitimate files.
The check_co.exe file is associated with malware only if found in the locations listed above.
With check.exe, this could reside in places as:
C:\Windows\System32\Check.exe
[%ANY_DRIVE%]\Assault Fire PH\TCLS\ui\Res\check\check.exe
No such file found in below folder
C:\Windows\System32\co.exe
No such file found in below folders
C:\Windows\System32\Check.exe
[%ANY_DRIVE%]\Assault Fire PH\TCLS\ui\Res\check\check.exe
C:\Program Files\Checker\check.exe
Ran MBAM with Scan for rootkits selected “on”, the scan came out clean.
I practically make a MozBackup of Thunderbird on a daily basis. The ones from Dec 19th and 20th, 2019, Avast found the CHECK_CO.EXE in both. But non for 21st, 22nd and 23rd. Could this be a false alarm?