Can someone explain what this MozBackup of Thunderbird trojan is?

Can someone explain what this MozBackup of Thunderbird trojan is and how to find and get rid of it?

I recently scanned the Mozbackup of Thunderbird file and it shows the following in that file as a "Win32:RATX-gen [Trj]. I checked the ThunderBird trash(nothing there), scanned the whole folder and did not find anything, but it keeps showing up in each new MozBackup file. See below of what Avast is showing.

D:\MozBackup\Thunderbird 31.1.1 (en-US) - 2019-12-20.pcv|>Mail\Local Folders\Trash|>CHECK COPY.IMG#3265702670|>CHECK_CO.EXE

Thanks in advance

This is adware and should be considered adware malware if found to reside inside

  • C:\Windows\System32\co.exe as a windows version independant file.

Malware files can be camouflaged with the same file names as legitimate files.
The check_co.exe file is associated with malware only if found in the locations listed above.
With check.exe, this could reside in places as:

  1. C:\Windows\System32\Check.exe
  2. [%ANY_DRIVE%]\Assault Fire PH\TCLS\ui\Res\check\check.exe
  3. C:\Program Files\Checker\check.exe

Wait for a qualified malware remover here to get you through the cleansing routine.
And provide us with the requested log files: https://forum.avast.com/index.php?topic=194892.0

polonus

No such file found in below folder
C:\Windows\System32\co.exe

No such file found in below folders

  1. C:\Windows\System32\Check.exe
  2. [%ANY_DRIVE%]\Assault Fire PH\TCLS\ui\Res\check\check.exe
  3. C:\Program Files\Checker\check.exe

Ran MBAM with Scan for rootkits selected “on”, the scan came out clean.

I practically make a MozBackup of Thunderbird on a daily basis. The ones from Dec 19th and 20th, 2019, Avast found the CHECK_CO.EXE in both. But non for 21st, 22nd and 23rd. Could this be a false alarm?