All I can add is some technical information about the signature. I have no idea what kind of infection it causes and on what platform.
The signature was added to the database by daily - 25386 earlier today as an .ldb. Looking for a single ascii string in any type of file: > sigtool -fTxt.Trojan.Kryptik-6887991-0|sigtool --decode-sigs > VIRUS NAME: Txt.Trojan.Kryptik-6887991-0 > TDB: Engine:51-255,FileSize:262144-1048576,Target:0 > LOGICAL EXPRESSION: 0 > * SUBSIG ID 0 > +-> OFFSET: ANY > +-> SIGMOD: NONE > +-> DECODED SUBSIGNATURE: > 1/g,"");if(!/^[-_a-zA-Z0-9#.:* ,>+~[\]()=^$|]+$/.test(c))throw E I added an extra space before the "E" in order that this message isn't found to be infected. Another user said it appears to be associated with Google searches, but not when using Bing. -Al- ClamXAV User On Mar 12, 2019, at 16:07, Michael Newman via clamav-users <clamav-users@lists.clamav.net <mailto:clamav-users@lists.clamav.net>> wrote: > Mac OS 10.14.3 > > I wake up this morning to find that clamav has discovered sixteen instances > of this: > > Txt.Trojan.Kryptik-6887991-0 FOUND > > Most of these are in Chrome cache files, but a few were in Apple Automator > cache files. > > I’ve searched around, but find precious little on this infecting Macs. (Lots > on Windows.) > > Can someone point me in the right direction to find out just what this is, > where it came from and how I can get rid of it?
_______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
