Good day. Based on the paths and signature types, most of this looks more like aggressive heuristic and PUA detections than proof of an active compromise. The biggest reasons are: many hits are in legitimate program files, many are marked PUA rather than confirmed malware, and many are *.UNOFFICIAL signatures from third-party feeds such as Sanesecurity, which are separate from ClamAV’s official signed databases and can be noisier. ClamAV’s own documentation says PUA detections are less carefully curated and can generate more false positives, and unofficial signatures are not official ClamAV detections.
What stands out in your log is that a very large portion of detections fall into these buckets: Installed software files: Adobe Acrobat, Thunderbird, Firefox, VLC, OBS, NVIDIA, VMware, Check Point, OneDrive, Windows Defender, Windows system files. LibreOffice macro libraries: the many *.xba files under LibreOffice are expected macro/script components, so PUA.Doc.Tool.LibreOfficeMacro-2 on those files is usually not surprising by itself. Caches, dumps, mailboxes, installers, and temp files: Chrome/Edge/Firefox cache, Thunderbird spam mailbox, Trend Micro dump files, MSI/MSP installer cache, Downloads, Temp. These often trigger heuristic signatures because scanners see archived scripts, exploit test strings, or remnants of previously downloaded web content. The Sanesecurity “Foxhole” and similar unofficial databases are specifically designed to flag risky content inside archives and JavaScript-heavy compressed content, with some rules carrying medium or high false-positive risk. So, are they false positives? Many probably are, or at least are low-confidence “potentially unwanted” detections rather than confirmed malware. I would be especially cautious about treating these as false positives: Downloads/avc-free.exe Downloads/Advanced_IP_Scanner_...exe files in AppData/Local/Temp/... browser cache entries Thunderbird spam mailbox the Trend Micro dump file Those are not automatically malicious, but they are the most worth reviewing because they are user-space artifacts, downloads, caches, or temporary files, not core Windows components. By contrast, detections on Windows system files, Defender engine files, LibreOffice macro libraries, and mainstream vendor DLLs are much more suggestive of heuristic noise or packer-based PUA hits than an actual infection. About the items you specifically mentioned: “Java Backdoor”: the line java.backdoor.anno.6.UNOFFICIAL is an unofficial MD5-based signature on a file under Microsoft/Crypto/RSA/..., which is an unusual place for a true Java backdoor. That does not look like a normal, high-confidence malware finding to me from the path alone. “PUA Win Trojans”: ClamAV notes that some older PUA categories were named with malware-like labels such as Trojan by automated tooling, and those names are not reliable indicators of real malware. “Sanesecurity Malware”: these are from third-party unofficial signature sets, not ClamAV’s official signed database. My practical assessment is: This log does not, by itself, prove your Windows 11 machine is infected. It does show that your scan is loading or honoring PUA and unofficial third-party signatures, which can produce a lot of noisy results, especially against archives, macros, caches, installers, and vendor binaries. What I would do next, in order: Do not panic and do not wipe the machine. Re-scan only the suspicious user-space items: Downloads AppData/Local/Temp browser caches Thunderbird profile and spam mailbox Run a second-opinion scanner on Windows itself, preferably Microsoft Defender Offline or another reputable scanner, to see whether these same files are flagged. Check whether ClamAV was using unofficial databases such as Sanesecurity or custom YARA rules. If yes, temporarily re-scan with official signatures only and with PUA disabled. ClamAV supports an official-only mode and notes that PUA loading is optional. Delete obvious junk safely: browser caches temp files old installer leftovers in Downloads, if you no longer need them mail spam cache copies, if appropriate If the same files are still detected by multiple scanners, especially executables in Downloads or Temp, then treat them as genuinely suspicious. The items I would prioritize for manual review are: Users/teoen/Downloads/avc-free.exe Users/teoen/Downloads/Advanced_IP_Scanner_...exe Users/teoen/AppData/Local/Temp/... Users/teoen/AppData/Local/HCBackup/hcpackage64.exe browser cache hits, only to the extent they may point to a malicious website you visited the Thunderbird spam mailbox item The items I would not treat as strong evidence of infection on their own are: LibreOffice *.xba files Adobe/Firefox/Thunderbird/VLC/OBS/NVIDIA/VMware vendor binaries Windows Defender engine files many Windows WinSxS, System32, and installer-cache files most .UNOFFICIAL heuristic hits against archives and caches > On Mar 12, 2026, at 03:08, Turritopsis Dohrnii Teo En Ming via clamav-users > <[email protected]> wrote: > > Subject: Are there anything suspicious in my ClamAV Full Windows 11 Virus > Scan Log of 12 Mar 2026 Thursday? > > Good day from Singapore, > > Are there anything suspicious in my ClamAV Full Windows 11 Virus Scan Log of > 12 Mar 2026 Thursday? > > It appears that a Java Backdoor, PUA Win Trojans and Sanesecurity Malware > were detected. > > Are they false positives?? > > -------------------------------------- > /mnt/windows/Program Files/Common Files/Tracker > Software/Common/ABBYY/Bin64/LangInfoUnicode.dll: PUA.Win.Packer.LyWgkx-2 FOUND > /mnt/windows/Program Files/Common > Files/Adobe/Acrobat/Setup/{AC76BA86-1033-1033-7760-BC15014EA700}/Core.cab: > MiscreantPunch.EvilMacro.AOUEGTP.1.UNOFFICIAL FOUND > /mnt/windows/Program Files/Wireshark/multimedia/ffmpegmediaplugin.dll: > PUA.Win.Packer.InterplaysMveFi-1 FOUND > /mnt/windows/Program Files/NVIDIA > Corporation/Installer2/Display.PhysX.{66838DDA-3FD8-47A8-9B6A-6EBFDA1089F1}/files/Common/cudart64_65.dll: > PUA.Win.Packer.Pequake-4 FOUND > /mnt/windows/Program Files/LibreOffice/share/basic/Access2Base/Collect.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program > Files/LibreOffice/share/basic/Access2Base/CommandBar.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program > Files/LibreOffice/share/basic/Access2Base/CommandBarControl.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program Files/LibreOffice/share/basic/Access2Base/DataDef.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program > Files/LibreOffice/share/basic/Access2Base/Application.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program Files/LibreOffice/share/basic/Access2Base/Dialog.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program Files/LibreOffice/share/basic/Access2Base/Database.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program Files/LibreOffice/share/basic/Access2Base/Control.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program Files/LibreOffice/share/basic/Access2Base/Event.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program Files/LibreOffice/share/basic/Access2Base/Field.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program Files/LibreOffice/share/basic/Access2Base/L10N.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program Files/LibreOffice/share/basic/Access2Base/Form.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program Files/LibreOffice/share/basic/Access2Base/DoCmd.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program > Files/LibreOffice/share/basic/Access2Base/OptionGroup.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program Files/LibreOffice/share/basic/Access2Base/Methods.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program Files/LibreOffice/share/basic/Access2Base/Module.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program > Files/LibreOffice/share/basic/Access2Base/PropertiesSet.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program Files/LibreOffice/share/basic/Access2Base/Property.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program Files/LibreOffice/share/basic/Access2Base/Python.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program > Files/LibreOffice/share/basic/Access2Base/PropertiesGet.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program Files/LibreOffice/share/basic/Access2Base/Root_.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program Files/LibreOffice/share/basic/Access2Base/Test.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program Files/LibreOffice/share/basic/Access2Base/TempVar.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program Files/LibreOffice/share/basic/Access2Base/Recordset.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program Files/LibreOffice/share/basic/Access2Base/Trace.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program Files/LibreOffice/share/basic/Access2Base/_License.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program Files/LibreOffice/share/basic/Access2Base/SubForm.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program > Files/LibreOffice/share/basic/Access2Base/UtilProperty.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program > Files/LibreOffice/share/basic/Access2Base/acConstants.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program Files/LibreOffice/share/basic/Access2Base/Utils.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program Files/LibreOffice/share/basic/Depot/CommonLang.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program Files/LibreOffice/share/basic/Depot/Currency.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program Files/LibreOffice/share/basic/Depot/Depot.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program Files/LibreOffice/share/basic/Depot/Lang_de.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program Files/LibreOffice/share/basic/Depot/Internet.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program Files/LibreOffice/share/basic/Depot/Lang_en.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program Files/LibreOffice/share/basic/Depot/Lang_es.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program Files/LibreOffice/share/basic/Depot/Lang_it.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program Files/LibreOffice/share/basic/Depot/Lang_ja.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program Files/LibreOffice/share/basic/Depot/Lang_fr.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program Files/LibreOffice/share/basic/Depot/Lang_ko.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program Files/LibreOffice/share/basic/Depot/Lang_sv.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program Files/LibreOffice/share/basic/Depot/Lang_tw.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program Files/LibreOffice/share/basic/Depot/Lang_zh.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program Files/LibreOffice/share/basic/Euro/AutoPilotRun.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program Files/LibreOffice/share/basic/Depot/tools.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program Files/LibreOffice/share/basic/Euro/Common.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program Files/LibreOffice/share/basic/Euro/ConvertRun.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program Files/LibreOffice/share/basic/Euro/Hard.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program Files/LibreOffice/share/basic/Euro/Protect.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program Files/LibreOffice/share/basic/Euro/Writer.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program Files/LibreOffice/share/basic/Euro/Soft.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program Files/LibreOffice/share/basic/FormWizard/DBMeta.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program Files/LibreOffice/share/basic/FormWizard/FormWizard.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program Files/LibreOffice/share/basic/Euro/Init.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program Files/LibreOffice/share/basic/FormWizard/Layouter.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program Files/LibreOffice/share/basic/FormWizard/Language.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program Files/LibreOffice/share/basic/Gimmicks/AutoText.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program Files/LibreOffice/share/basic/FormWizard/develop.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program Files/LibreOffice/share/basic/FormWizard/tools.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program > Files/LibreOffice/share/basic/Gimmicks/ChangeAllChars.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program Files/LibreOffice/share/basic/Gimmicks/ReadDir.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program Files/LibreOffice/share/basic/Gimmicks/GetTexts.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program Files/LibreOffice/share/basic/Gimmicks/Userfields.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program Files/LibreOffice/share/basic/ImportWizard/API.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program > Files/LibreOffice/share/basic/ImportWizard/DialogModul.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program Files/LibreOffice/share/basic/ImportWizard/Language.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program Files/LibreOffice/share/basic/ImportWizard/Main.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program > Files/LibreOffice/share/basic/ImportWizard/FilesModul.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program > Files/LibreOffice/share/basic/ScriptForge/SF_Dictionary.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program Files/LibreOffice/share/basic/ScriptForge/SF_L10N.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program > Files/LibreOffice/share/basic/ScriptForge/SF_Platform.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program > Files/LibreOffice/share/basic/ScriptForge/SF_Exception.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program > Files/LibreOffice/share/basic/ScriptForge/SF_PythonHelper.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program Files/LibreOffice/share/basic/ScriptForge/SF_Root.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program Files/LibreOffice/share/basic/ScriptForge/SF_Array.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program > Files/LibreOffice/share/basic/ScriptForge/SF_Services.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program Files/LibreOffice/share/basic/ScriptForge/SF_Region.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program > Files/LibreOffice/share/basic/ScriptForge/SF_TextStream.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program > Files/LibreOffice/share/basic/ScriptForge/SF_FileSystem.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program Files/LibreOffice/share/basic/ScriptForge/SF_Timer.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program > Files/LibreOffice/share/basic/ScriptForge/_CodingConventions.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program > Files/LibreOffice/share/basic/ScriptForge/SF_Session.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program Files/LibreOffice/share/basic/ScriptForge/SF_UI.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program > Files/LibreOffice/share/basic/ScriptForge/_ModuleModel.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program Files/LibreOffice/share/basic/ScriptForge/__License.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program Files/LibreOffice/share/basic/ScriptForge/SF_Utils.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program > Files/LibreOffice/share/basic/SFDatabases/SF_Register.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program > Files/LibreOffice/share/basic/SFDatabases/SF_Datasheet.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program Files/LibreOffice/share/basic/ScriptForge/SF_String.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program Files/LibreOffice/share/basic/SFDatabases/__License.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program > Files/LibreOffice/share/basic/SFDatabases/SF_Database.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program > Files/LibreOffice/share/basic/SFDatabases/SF_Dataset.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program Files/LibreOffice/share/basic/SFDialogs/__License.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program > Files/LibreOffice/share/basic/SFDialogs/SF_DialogListener.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program Files/LibreOffice/share/basic/SFDialogs/SF_Dialog.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program > Files/LibreOffice/share/basic/SFDialogs/SF_DialogUtils.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program Files/LibreOffice/share/basic/SFDialogs/SF_Register.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program > Files/LibreOffice/share/basic/SFDocuments/SF_DocumentListener.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program > Files/LibreOffice/share/basic/SFDialogs/SF_DialogControl.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program Files/LibreOffice/share/basic/SFDocuments/SF_Chart.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program Files/LibreOffice/share/basic/SFDocuments/SF_Base.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program > Files/LibreOffice/share/basic/SFDocuments/SF_FormDocument.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program > Files/LibreOffice/share/basic/SFDocuments/SF_Document.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program > Files/LibreOffice/share/basic/SFDocuments/SF_Register.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program Files/LibreOffice/share/basic/SFDocuments/__License.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program Files/LibreOffice/share/basic/SFDocuments/SF_Form.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program > Files/LibreOffice/share/basic/SFUnitTests/SF_Register.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program Files/LibreOffice/share/basic/SFUnitTests/__License.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program > Files/LibreOffice/share/basic/SFDocuments/SF_FormControl.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program Files/LibreOffice/share/basic/SFDocuments/SF_Writer.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program Files/LibreOffice/share/basic/SFDocuments/SF_Calc.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program > Files/LibreOffice/share/basic/SFWidgets/SF_MenuListener.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program Files/LibreOffice/share/basic/SFWidgets/SF_Register.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program > Files/LibreOffice/share/basic/SFUnitTests/SF_UnitTest.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program > Files/LibreOffice/share/basic/SFWidgets/SF_ContextMenu.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program Files/LibreOffice/share/basic/SFWidgets/SF_Menu.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program Files/LibreOffice/share/basic/SFWidgets/__License.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program > Files/LibreOffice/share/basic/SFWidgets/SF_ToolbarButton.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program Files/LibreOffice/share/basic/SFWidgets/SF_Toolbar.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program Files/LibreOffice/share/basic/Template/Autotext.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program > Files/LibreOffice/share/basic/SFWidgets/SF_PopupMenu.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program Files/LibreOffice/share/basic/Template/Samples.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program > Files/LibreOffice/share/basic/Template/Correspondence.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program Files/LibreOffice/share/basic/Template/ModuleAgenda.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program Files/LibreOffice/share/basic/Tools/Debug.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program Files/LibreOffice/share/basic/Tools/Listbox.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program Files/LibreOffice/share/basic/Tools/Strings.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program Files/LibreOffice/share/basic/Tools/Misc.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program Files/LibreOffice/share/basic/Tools/UCB.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program Files/LibreOffice/share/basic/Tools/ModuleControls.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program Files/LibreOffice/share/basic/Tutorials/RoadMap.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program > Files/LibreOffice/share/basic/Tutorials/TutorialClose.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program > Files/LibreOffice/share/basic/Tutorials/ShowInfoDialog.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program Files/LibreOffice/share/basic/Tutorials/Functions.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program > Files/LibreOffice/share/basic/Tutorials/TutorialCreator.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program > Files/LibreOffice/share/basic/Tutorials/TutorialOpen.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program > Files/LibreOffice/share/extensions/wiki-publisher/WikiEditor/Module1.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program Files/LibreOffice/presets/basic/Standard/Module1.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Program Files/VideoLAN/VLC/plugins/demux/libmod_plugin.dll: > PUA.Win.Packer.AsylumMusicFile-1 FOUND > /mnt/windows/Program Files/VideoLAN/VLC/plugins/codec/libavcodec_plugin.dll: > PUA.Win.Packer.InterplaysMveFi-1 FOUND > /mnt/windows/Program Files/obs-studio/bin/64bit/avformat-61.dll: > PUA.Win.Packer.InterplaysMveFi-1 FOUND > /mnt/windows/Program Files/MAGIX/Movie Studio 2023 > Platinum/Online/DM/setup.exe: PUA.Win.Packer.GlbsInstallStub-1 FOUND > /mnt/windows/Program Files/Mozilla Thunderbird/omni.ja: > Sanesecurity.Foxhole.Zip_fs186.UNOFFICIAL FOUND > /mnt/windows/Program Files/Mozilla Thunderbird/updated/omni.ja: > Sanesecurity.Foxhole.Zip_fs186.UNOFFICIAL FOUND > /mnt/windows/Program Files/Mozilla Thunderbird/xul.dll: > PUA.Win.Packer.Pseudosigner-96 FOUND > /mnt/windows/Program Files/Mozilla Thunderbird/updated/xul.dll: > PUA.Win.Packer.Pseudosigner-96 FOUND > /mnt/windows/Program Files/Trend > Micro/AMSP/resource/engine/c2t1073741856l1p5889r1o1/3.0.1004/TmMsg.dll.old: > PUA.Win.Trojan.Winlock-6629293-0 FOUND > /mnt/windows/Program Files/Trend Micro/AMSP/dump/20260228_124214Full.dmp: > Sanesecurity.Malware.26198.JsHeur.UNOFFICIAL FOUND > /mnt/windows/Program Files/Trend > Micro/AMSP/module/20013/7.7.1052/5.01.1105/TmMsg.dll: > PUA.Win.Trojan.Winlock-6629293-0 FOUND > /mnt/windows/Program Files/Trend > Micro/AMSP/module/20013/7.7.1052/5.01.1105/TmMsg/TmMsg.dll: > PUA.Win.Trojan.Winlock-6629293-0 FOUND > /mnt/windows/Program Files/Trend > Micro/Titanium/plugin/TMAS/TMAS_OL/x86/Redemption.dll: > PUA.Win.Adware.Dealply-6619244-0 FOUND > /mnt/windows/Program Files/Adobe/Acrobat DC/Acrobat/Acrobat.dll: > MiscreantPunch.EvilMacro.AOUEGTP.1.UNOFFICIAL FOUND > /mnt/windows/Program Files/Mozilla Firefox/xul.dll: > PUA.Win.Packer.Pseudosigner-96 FOUND > /mnt/windows/Program Files (x86)/Common > Files/VMware/InstallerCache/{C2E57BCF-B487-459D-A805-64CE6A806791}.msi: > Sanesecurity.Badmacro.Xls.credriv.UNOFFICIAL FOUND > /mnt/windows/Program Files (x86)/Common > Files/Acronis/Infrastructure/mms_mini.exe: > Sanesecurity.Malware.30484.UNOFFICIAL FOUND > /mnt/windows/Program Files (x86)/VMware/VMware Workstation/mkisofs.exe: > PUA.Win.Packer.MingwGcc-3 FOUND > /mnt/windows/Program Files (x86)/VMware/VMware Workstation/windows.iso: > Sanesecurity.Malware.28377.BadIso.cmd.UNOFFICIAL FOUND > /mnt/windows/Program Files (x86)/VMware/VMware Workstation/x64/EFI20-32.ROM: > PUA.Win.Packer.Pequake-4 FOUND > /mnt/windows/Program Files > (x86)/TunnelBear/lib/vlc/plugins/codec/libavcodec_plugin.dll: > PUA.Win.Packer.InterplaysMveFi-1 FOUND > /mnt/windows/Program Files (x86)/NVIDIA > Corporation/PhysX/Common/cudart64_65.dll: PUA.Win.Packer.Pequake-4 FOUND > /mnt/windows/Program Files > (x86)/CheckPoint/SmartConsole/R81.20/81.20.9700.633/TopoCalc.dll: > PUA.Win.Packer.NspackDotnetNor-2 FOUND > /mnt/windows/Program Files > (x86)/CheckPoint/SmartConsole/R81.20/81.20.9700.663/TopoCalc.dll: > PUA.Win.Packer.NspackDotnetNor-2 FOUND > /mnt/windows/Program Files > (x86)/CheckPoint/SmartConsole/R81.20/81.20.9700.663/data/Preview/Preview.tgz: > Sanesecurity.Foxhole.Zip_fn37.UNOFFICIAL FOUND > /mnt/windows/Program Files (x86)/Syslogd/uninst-Syslogd.exe: > PUA.Win.Packer.Pequake-4 FOUND > /mnt/windows/ProgramData/Microsoft/Windows Defender/Definition > Updates/Backup/mpengine.lkg: PUA.Win.Packer.Lzexe-1 FOUND > /mnt/windows/ProgramData/Microsoft/Windows Defender/Definition > Updates/Backup/mpengine.dll: PUA.Win.Packer.Lzexe-1 FOUND > /mnt/windows/ProgramData/Microsoft/Windows Defender/Definition > Updates/StableEngineEtwLocation/mpengine_etw.dll: PUA.Win.Packer.Lzexe-1 FOUND > /mnt/windows/ProgramData/Microsoft/Windows Defender/Definition > Updates/{37EEEF5D-7B1B-4004-BEC7-69CC1F1212A9}/mpengine.dll: > PUA.Win.Packer.Lzexe-1 FOUND > /mnt/windows/ProgramData/Acronis/TrueImageHome/Logs/collect_system_information/collect_system_information.0.log.gz: > PUA.Win.Exploit.CVE_2012_1461-1 FOUND > /mnt/windows/Users/teoen/AppData/Local/ESET/ESETOnlineScanner/Modules/em003_32/1585/em003_32.dll: > PUA.Win.Trojan.Agent-37077 FOUND > /mnt/windows/Users/teoen/AppData/Local/ESET/ESETOnlineScanner/Modules/em003_32/1587/em003_32.dll: > PUA.Win.Packer.Petite-29 FOUND > /mnt/windows/Users/teoen/AppData/Local/Visual Watermark/unins000.exe: > PUA.Win.Packer.PrivateEXEProtector4-6192998-2 FOUND > /mnt/windows/Users/teoen/AppData/Local/ESET/ESETOnlineScanner/OldModules/em003_32/1585/em003_32.dll: > PUA.Win.Trojan.Agent-37077 FOUND > /mnt/windows/Users/teoen/AppData/Local/ESET/ESETOnlineScanner/OldModules/em003_32/1585/00/em003_32.dll: > PUA.Win.Trojan.Agent-37077 FOUND > /mnt/windows/Users/teoen/AppData/Local/Microsoft/Edge/User > Data/Default/Cache/Cache_Data/f_000511: > Sanesecurity.Foxhole.GZip_js.UNOFFICIAL FOUND > /mnt/windows/Users/teoen/AppData/Local/Microsoft/Edge/User > Data/Default/Cache/Cache_Data/f_000510: > Sanesecurity.Foxhole.GZip_js.UNOFFICIAL FOUND > /mnt/windows/Users/teoen/AppData/Local/Microsoft/OneDrive/26.026.0209.0004_1/avformat-62.dll: > PUA.Win.Packer.InterplaysMveFi-1 FOUND > /mnt/windows/Users/teoen/AppData/Local/Microsoft/OneDrive/26.026.0209.0004_1/vcruntime140.dll: > PUA.Win.Packer.Pequake-4 FOUND > /mnt/windows/Users/teoen/AppData/Local/Microsoft/OneDrive/26.026.0209.0004_1/OneDriveSetup.exe: > PUA.Win.Packer.InterplaysMveFi-1 FOUND > /mnt/windows/Users/teoen/AppData/Local/Temp/ca7556b8-b4b8-494e-92bb-fcd4afa60499.tmp: > PUA.Win.Exploit.CVE_2012_1461-1 FOUND > /mnt/windows/Users/teoen/AppData/Local/Temp/HCBackup/hcpackage64.exe: > Sanesecurity.Foxhole.JS_7z.UNOFFICIAL FOUND > /mnt/windows/Users/teoen/AppData/Local/Packages/Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe/LocalState/EBWebView/Subresource > Filter/Unindexed Rules/10.34.0.80/Part-FR: > sigs.InterServer.net.HEX.Topline.blacklisted.domain.alemoney.xyz.610.UNOFFICIAL > FOUND > /mnt/windows/Users/teoen/AppData/Local/Packages/Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe/LocalState/EBWebView/component_crx_cache/ndikpojcjlepofdkaaldkinkjbeeebkl_1.5110A67904F33F66A66CC9BE4DD3DA419A596DE32DAAE8F62BAA998D3BE5CA83: > > sigs.InterServer.net.HEX.Topline.blacklisted.domain.alemoney.xyz.610.UNOFFICIAL > FOUND > /mnt/windows/Users/teoen/AppData/Local/Google/Chrome/User > Data/Default/Cache/Cache_Data/f_0004b6: PUA.Win.Trojan.Xored-1 FOUND > /mnt/windows/Users/teoen/AppData/Local/Google/Chrome/User > Data/Default/Cache/Cache_Data/f_00013c: PUA.Win.Trojan.Xored-1 FOUND > /mnt/windows/Users/teoen/AppData/Local/Google/Chrome/User > Data/Default/Cache/Cache_Data/f_000179: PUA.Win.Trojan.Xored-1 FOUND > /mnt/windows/Users/teoen/AppData/Local/Google/Chrome/User > Data/Default/Cache/Cache_Data/f_00007d: PUA.Win.Trojan.Xored-1 FOUND > /mnt/windows/Users/teoen/AppData/Local/Google/Chrome/User > Data/Default/Cache/Cache_Data/f_000083: PUA.Win.Trojan.Xored-1 FOUND > /mnt/windows/Users/teoen/AppData/Local/Google/Chrome/User > Data/Default/Cache/Cache_Data/f_000084: PUA.Win.Trojan.Xored-1 FOUND > /mnt/windows/Users/teoen/AppData/Local/Google/Chrome/User > Data/Default/Cache/Cache_Data/f_00016c: PUA.Win.Trojan.Xored-1 FOUND > /mnt/windows/Users/teoen/AppData/Local/Google/Chrome/User > Data/Default/Cache/Cache_Data/f_0000a0: PUA.Win.Trojan.Xored-1 FOUND > /mnt/windows/Users/teoen/AppData/Local/Google/Chrome/User > Data/Default/Cache/Cache_Data/f_00009a: PUA.Win.Trojan.Xored-1 FOUND > /mnt/windows/Users/teoen/AppData/Local/Google/Chrome/User > Data/Default/Cache/Cache_Data/f_00012b: PUA.Win.Trojan.Xored-1 FOUND > /mnt/windows/Users/teoen/AppData/Local/Google/Chrome/User > Data/Default/Cache/Cache_Data/f_0000dd: PUA.Win.Trojan.Xored-1 FOUND > /mnt/windows/Users/teoen/AppData/Local/Google/Chrome/User > Data/Default/Cache/Cache_Data/f_000382: PUA.Win.Trojan.Xored-1 FOUND > /mnt/windows/Users/teoen/AppData/Local/Google/Chrome/User > Data/Default/Cache/Cache_Data/f_00009b: PUA.Win.Trojan.Xored-1 FOUND > /mnt/windows/Users/teoen/AppData/Local/Google/Chrome/User > Data/Default/Cache/Cache_Data/f_0000f6: > Sanesecurity.Foxhole.GZip_js.UNOFFICIAL FOUND > /mnt/windows/Users/teoen/AppData/Local/Google/Chrome/User > Data/Default/Cache/Cache_Data/f_0004a9: PUA.Win.Trojan.Xored-1 FOUND > /mnt/windows/Users/teoen/AppData/Local/Google/Chrome/User > Data/Default/Cache/Cache_Data/f_0001b6: PUA.Win.Trojan.Xored-1 FOUND > /mnt/windows/Users/teoen/AppData/Local/Google/Chrome/User > Data/Default/Cache/Cache_Data/f_000101: PUA.Win.Trojan.Xored-1 FOUND > /mnt/windows/Users/teoen/AppData/Local/Google/Chrome/User > Data/Default/Cache/Cache_Data/f_00012d: PUA.Win.Trojan.Xored-1 FOUND > /mnt/windows/Users/teoen/AppData/Local/Google/Chrome/User > Data/Default/Cache/Cache_Data/f_00012e: PUA.Win.Trojan.Xored-1 FOUND > /mnt/windows/Users/teoen/AppData/Local/Google/Chrome/User > Data/Default/Cache/Cache_Data/f_0001d9: PUA.Win.Trojan.Xored-1 FOUND > /mnt/windows/Users/teoen/AppData/Local/Google/Chrome/User > Data/Default/Cache/Cache_Data/f_00017c: PUA.Win.Trojan.Xored-1 FOUND > /mnt/windows/Users/teoen/AppData/Local/Google/Chrome/User > Data/Default/Cache/Cache_Data/f_00017e: PUA.Win.Trojan.Xored-1 FOUND > /mnt/windows/Users/teoen/AppData/Local/Google/Chrome/User > Data/Default/Cache/Cache_Data/f_00018b: PUA.Win.Trojan.Xored-1 FOUND > /mnt/windows/Users/teoen/AppData/Local/Google/Chrome/User > Data/Default/Cache/Cache_Data/f_00019b: PUA.Win.Trojan.Xored-1 FOUND > /mnt/windows/Users/teoen/AppData/Local/Google/Chrome/User > Data/Default/Cache/Cache_Data/f_0001c1: PUA.Win.Trojan.Xored-1 FOUND > /mnt/windows/Users/teoen/AppData/Local/Google/Chrome/User > Data/Default/Cache/Cache_Data/f_00021f: PUA.Html.Exploit.CVE_2012_0469-1 FOUND > /mnt/windows/Users/teoen/AppData/Local/Google/Chrome/User > Data/Default/Cache/Cache_Data/f_0004a7: PUA.Win.Trojan.Xored-1 FOUND > /mnt/windows/Users/teoen/AppData/Local/Google/Chrome/User > Data/Default/Cache/Cache_Data/f_0004ae: PUA.Win.Trojan.Xored-1 FOUND > /mnt/windows/Users/teoen/AppData/Local/Google/Chrome/User > Data/Default/Cache/Cache_Data/f_000509: > Sanesecurity.Foxhole.JS_Zip_1.UNOFFICIAL FOUND > /mnt/windows/Users/teoen/AppData/Local/Google/Chrome/User > Data/Default/Cache/Cache_Data/f_00050d: PUA.Win.Trojan.Xored-1 FOUND > /mnt/windows/Users/teoen/AppData/Local/Google/Chrome/User > Data/Default/Cache/Cache_Data/f_0004f2: PUA.Win.Trojan.Xored-1 FOUND > /mnt/windows/Users/teoen/AppData/Local/Google/Chrome/User > Data/Default/Cache/Cache_Data/f_0004af: PUA.Win.Trojan.Xored-1 FOUND > /mnt/windows/Users/teoen/AppData/Local/Google/Chrome/User > Data/Default/Cache/Cache_Data/f_0004b2: PUA.Win.Trojan.Xored-1 FOUND > /mnt/windows/Users/teoen/AppData/Local/Google/Chrome/User > Data/Default/Cache/Cache_Data/f_0004b1: PUA.Win.Trojan.Xored-1 FOUND > /mnt/windows/Users/teoen/AppData/Local/Google/Chrome/User > Data/Default/Cache/Cache_Data/f_00037c: PUA.Win.Trojan.Xored-1 FOUND > /mnt/windows/Users/teoen/AppData/Local/Google/Chrome/User > Data/Default/Cache/Cache_Data/f_000430: PUA.Win.Trojan.Xored-1 FOUND > /mnt/windows/Users/teoen/AppData/Local/Google/Chrome/User > Data/Default/Cache/Cache_Data/f_0004ce: PUA.Win.Trojan.Xored-1 FOUND > /mnt/windows/Users/teoen/AppData/Local/Google/Chrome/User > Data/Default/Cache/Cache_Data/f_0004d0: PUA.Win.Trojan.Xored-1 FOUND > /mnt/windows/Users/teoen/AppData/Local/Google/Chrome/User > Data/Default/Cache/Cache_Data/f_000432: PUA.Win.Trojan.Xored-1 FOUND > /mnt/windows/Users/teoen/AppData/Local/Google/Chrome/User > Data/Default/Cache/Cache_Data/f_0004d5: PUA.Win.Trojan.Xored-1 FOUND > /mnt/windows/Users/teoen/AppData/Local/Google/Chrome/User > Data/Default/Cache/Cache_Data/f_0004d7: PUA.Win.Trojan.Xored-1 FOUND > /mnt/windows/Users/teoen/AppData/Local/TeamViewer/EdgeBrowserControl/Persistent/MainWindow_75AD616BF1F04DA9878FF44DD080A108/20260212T123716-6e2637cc9f~en/EBWebView/Default/Cache/Cache_Data/f_000006: > Sanesecurity.Foxhole.GZip_js.UNOFFICIAL FOUND > /mnt/windows/Users/teoen/AppData/Local/TeamViewer/EdgeBrowserControl/Persistent/518004909B1945429DCFDF9727D8D545/EBWebView/Default/Cache/Cache_Data/f_00004a: > PUA.Win.Trojan.Xored-1 FOUND > /mnt/windows/Users/teoen/AppData/Local/TeamViewer/EdgeBrowserControl/Persistent/518004909B1945429DCFDF9727D8D545/EBWebView/Default/Cache/Cache_Data/f_000050: > PUA.Win.Trojan.Xored-1 FOUND > /mnt/windows/Users/teoen/AppData/Local/TeamViewer/EdgeBrowserControl/Persistent/518004909B1945429DCFDF9727D8D545/EBWebView/Default/Cache/Cache_Data/f_000052: > PUA.Win.Trojan.Xored-1 FOUND > /mnt/windows/Users/teoen/AppData/Local/TeamViewer/EdgeBrowserControl/Persistent/518004909B1945429DCFDF9727D8D545/EBWebView/Default/Cache/Cache_Data/f_000030: > PUA.Win.Trojan.Xored-1 FOUND > /mnt/windows/Users/teoen/AppData/Local/TeamViewer/EdgeBrowserControl/Persistent/518004909B1945429DCFDF9727D8D545/EBWebView/Default/Cache/Cache_Data/f_00003b: > PUA.Win.Trojan.Xored-1 FOUND > /mnt/windows/Users/teoen/AppData/Local/TeamViewer/EdgeBrowserControl/Persistent/518004909B1945429DCFDF9727D8D545/EBWebView/Default/Cache/Cache_Data/f_000032: > PUA.Win.Trojan.Xored-1 FOUND > /mnt/windows/Users/teoen/AppData/Local/TeamViewer/EdgeBrowserControl/Persistent/518004909B1945429DCFDF9727D8D545/EBWebView/Default/Cache/Cache_Data/f_000016: > PUA.Win.Trojan.Xored-1 FOUND > /mnt/windows/Users/teoen/AppData/Local/TeamViewer/EdgeBrowserControl/Persistent/518004909B1945429DCFDF9727D8D545/EBWebView/Default/Cache/Cache_Data/f_000043: > PUA.Win.Trojan.Xored-1 FOUND > /mnt/windows/Users/teoen/AppData/Local/TeamViewer/EdgeBrowserControl/Persistent/518004909B1945429DCFDF9727D8D545/EBWebView/Default/Cache/Cache_Data/f_000028: > PUA.Win.Trojan.Xored-1 FOUND > /mnt/windows/Users/teoen/AppData/Local/TeamViewer/EdgeBrowserControl/Persistent/518004909B1945429DCFDF9727D8D545/EBWebView/Default/Cache/Cache_Data/f_000045: > PUA.Win.Trojan.Xored-1 FOUND > /mnt/windows/Users/teoen/AppData/Local/TeamViewer/EdgeBrowserControl/Persistent/518004909B1945429DCFDF9727D8D545/EBWebView/Default/Cache/Cache_Data/f_00003d: > PUA.Win.Trojan.Xored-1 FOUND > /mnt/windows/Users/teoen/AppData/Local/TeamViewer/EdgeBrowserControl/Persistent/518004909B1945429DCFDF9727D8D545/EBWebView/Default/Cache/Cache_Data/f_00002a: > PUA.Win.Trojan.Xored-1 FOUND > /mnt/windows/Users/teoen/AppData/Local/TeamViewer/EdgeBrowserControl/Persistent/518004909B1945429DCFDF9727D8D545/EBWebView/Default/Cache/Cache_Data/f_000009: > PUA.Win.Trojan.Xored-1 FOUND > /mnt/windows/Users/teoen/AppData/Local/TeamViewer/EdgeBrowserControl/Persistent/518004909B1945429DCFDF9727D8D545/EBWebView/Default/Cache/Cache_Data/f_00000b: > PUA.Win.Trojan.Xored-1 FOUND > /mnt/windows/Users/teoen/AppData/Local/TeamViewer/EdgeBrowserControl/Persistent/518004909B1945429DCFDF9727D8D545/EBWebView/Default/Cache/Cache_Data/f_000018: > PUA.Win.Trojan.Xored-1 FOUND > /mnt/windows/Users/teoen/AppData/Local/TeamViewer/EdgeBrowserControl/Persistent/518004909B1945429DCFDF9727D8D545/EBWebView/Default/Cache/Cache_Data/f_00004c: > PUA.Win.Trojan.Xored-1 FOUND > /mnt/windows/Users/teoen/AppData/Local/Mozilla/Firefox/Profiles/ew071oje.default-release/cache2/entries/D89446062D97357BF716AEE8F79733472532141F: > Sanesecurity.Foxhole.JS_Zip_11.UNOFFICIAL FOUND > /mnt/windows/Users/teoen/AppData/Roaming/Microsoft/Windows/Start > Menu/Programs/Windows PowerShell/Windows PowerShell.lnk: > Sanesecurity.Malware.28759.LnkHeur.UNOFFICIAL FOUND > /mnt/windows/Users/teoen/AppData/Roaming/Microsoft/Crypto/RSA/S-1-5-21-2217620653-848323090-3166081093-1001/83aa4cc77f591dfc2374580bbd95f6ba_7549921a-95d8-4825-99bd-887eabec12fd: > {MD5}java.backdoor.anno.6.UNOFFICIAL FOUND > /mnt/windows/Users/teoen/AppData/Roaming/LibreOffice/4/user/basic/Standard/Module1.xba: > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND > /mnt/windows/Users/teoen/AppData/Roaming/Any Video > Converter/com.anvsoft.avc/native/avformat-60.dll: > PUA.Win.Packer.InterplaysMveFi-1 FOUND > /mnt/windows/Users/teoen/AppData/Roaming/Any Video > Converter/com.anvsoft.avc/native/Qt6Core.dll: PUA.Win.Packer.Pseudosigner-96 > FOUND > /mnt/windows/Users/teoen/AppData/Roaming/Any Video > Converter/com.anvsoft.avc/native/lib/qt6/multimedia/ffmpegmediaplugin.dll: > PUA.Win.Packer.InterplaysMveFi-1 FOUND > /mnt/windows/Users/teoen/AppData/Roaming/thunderbird/Profiles/60ssxnij.default-release/ImapMail/mail.teo-en-ming.com/spam: > Sanesecurity.Phishing.Fake.31636.UNOFFICIAL FOUND > /mnt/windows/Users/teoen/AppData/Roaming/Mozilla/Firefox/Profiles/ew071oje.default-release/extensions/[email protected]: > Sanesecurity.Foxhole.JS_Zip_11.UNOFFICIAL FOUND > /mnt/windows/Users/teoen/Downloads/Advanced_IP_Scanner_2.5.4594.1 (1).exe: > PUA.Win.Packer.LyWgkx-2 FOUND > /mnt/windows/Users/teoen/Downloads/avc-free.exe: > Sanesecurity.Malware.28885.BadCo.UNOFFICIAL FOUND > /mnt/windows/Users/teoen/Downloads/Thunderbird Setup 137.0.1.exe: > Sanesecurity.Foxhole.JS_7z.UNOFFICIAL FOUND > /mnt/windows/Users/teoen/Downloads/Advanced_IP_Scanner_2.5.4594.1.exe: > PUA.Win.Packer.LyWgkx-2 FOUND > /mnt/windows/Windows/IME/IMEJP/help/IMJPCLE.CHM: > YARA.MSIETabularActivex.UNOFFICIAL FOUND > /mnt/windows/Windows/IME/IMEJP/help/IMJPCL.CHM: > YARA.MSIETabularActivex.UNOFFICIAL FOUND > /mnt/windows/Windows/IME/IMEJP/help/IMJPDT.CHM: > YARA.MSIETabularActivex.UNOFFICIAL FOUND > /mnt/windows/Windows/IME/IMEJP/help/IMJPDTE.CHM: > YARA.MSIETabularActivex.UNOFFICIAL FOUND > /mnt/windows/Windows/IME/IMEJP/help/IMJPPD.CHM: > YARA.MSIETabularActivex.UNOFFICIAL FOUND > /mnt/windows/Windows/IME/IMEJP/help/JPNPADEN.CHM: > YARA.MSIETabularActivex.UNOFFICIAL FOUND > /mnt/windows/Windows/Installer/a5a1d75.msi: > Sanesecurity.Badmacro.Xls.credriv.UNOFFICIAL FOUND > /mnt/windows/Windows/Installer/32e2c8a7.msi: > Sanesecurity.Badmacro.Xls.credriv.UNOFFICIAL FOUND > /mnt/windows/Windows/Installer/1565266.msp: > Sanesecurity.Badmacro.XlsM.Urlmon1.UNOFFICIAL FOUND > /mnt/windows/Windows/Installer/1565326.msp: > Sanesecurity.Badmacro.XlsM.Urlmon1.UNOFFICIAL FOUND > /mnt/windows/Windows/Installer/1f97169b.msp: > Sanesecurity.Badmacro.XlsM.Urlmon1.UNOFFICIAL FOUND > /mnt/windows/Windows/Installer/32e2c8a0.msi: > Sanesecurity.Badmacro.Xls.credriv.UNOFFICIAL FOUND > /mnt/windows/Windows/Installer/d69a7.msp: > Sanesecurity.Badmacro.XlsM.Urlmon1.UNOFFICIAL FOUND > /mnt/windows/Windows/Installer/628b1.msi: > Sanesecurity.Badmacro.Xls.credriv.UNOFFICIAL FOUND > /mnt/windows/Windows/Installer/1f9715c3.msp: > Sanesecurity.Badmacro.XlsM.Urlmon1.UNOFFICIAL FOUND > /mnt/windows/Windows/Installer/d6a68.msp: > Sanesecurity.Badmacro.XlsM.Urlmon1.UNOFFICIAL FOUND > /mnt/windows/Windows/Installer/3756bb9.msp: > Sanesecurity.Badmacro.XlsM.Urlmon1.UNOFFICIAL FOUND > /mnt/windows/Windows/Installer/3756c68.msp: > Sanesecurity.Badmacro.XlsM.Urlmon1.UNOFFICIAL FOUND > /mnt/windows/Windows/Installer/1c957384.msp: > Sanesecurity.Badmacro.XlsM.Urlmon1.UNOFFICIAL FOUND > /mnt/windows/Windows/Installer/18829.msi: > Sanesecurity.Badmacro.Xls.credriv.UNOFFICIAL FOUND > /mnt/windows/Windows/Installer/46a444d0.msp: > Sanesecurity.Badmacro.XlsM.Urlmon1.UNOFFICIAL FOUND > /mnt/windows/Windows/Installer/b5056d4.msp: > Sanesecurity.Badmacro.XlsM.Urlmon1.UNOFFICIAL FOUND > /mnt/windows/Windows/Installer/b50579b.msp: > Sanesecurity.Badmacro.XlsM.Urlmon1.UNOFFICIAL FOUND > /mnt/windows/Windows/Installer/f9331f.msi: > Sanesecurity.Badmacro.Xls.credriv.UNOFFICIAL FOUND > /mnt/windows/Windows/Installer/349cc.msi: > Sanesecurity.Badmacro.Xls.credriv.UNOFFICIAL FOUND > /mnt/windows/Windows/Installer/339bae82.msi: > Sanesecurity.Badmacro.Xls.credriv.UNOFFICIAL FOUND > /mnt/windows/Windows/Installer/MSI49E.tmp: > Sanesecurity.Foxhole.Zip_exe.UNOFFICIAL FOUND > /mnt/windows/Windows/Installer/46a445bf.msp: > Sanesecurity.Badmacro.XlsM.Urlmon1.UNOFFICIAL FOUND > /mnt/windows/Windows/Installer/f11aafd.msp: > Sanesecurity.Badmacro.XlsM.Urlmon1.UNOFFICIAL FOUND > /mnt/windows/Windows/Installer/f11abbc.msp: > Sanesecurity.Badmacro.XlsM.Urlmon1.UNOFFICIAL FOUND > /mnt/windows/Windows/Installer/339bb055.msp: > Sanesecurity.Badmacro.XlsM.Urlmon1.UNOFFICIAL FOUND > /mnt/windows/Windows/Installer/2c5acab8.msp: > Sanesecurity.Badmacro.XlsM.Urlmon1.UNOFFICIAL FOUND > /mnt/windows/Windows/Installer/389ad283.msp: > Sanesecurity.Badmacro.XlsM.Urlmon1.UNOFFICIAL FOUND > /mnt/windows/Windows/Installer/318de54b.msp: > Sanesecurity.Badmacro.XlsM.Urlmon1.UNOFFICIAL FOUND > /mnt/windows/Windows/Installer/cd10289.msp: > Sanesecurity.Badmacro.XlsM.Urlmon1.UNOFFICIAL FOUND > /mnt/windows/Windows/Installer/389ad43d.msp: > Sanesecurity.Badmacro.XlsM.Urlmon1.UNOFFICIAL FOUND > /mnt/windows/Windows/Installer/167160.msi: PUA.Win.Packer.LyWgkx-2 FOUND > /mnt/windows/Windows/Installer/325ed1ad.msp: > Sanesecurity.Badmacro.XlsM.Urlmon1.UNOFFICIAL FOUND > /mnt/windows/Windows/Installer/325ed0e0.msp: > Sanesecurity.Badmacro.XlsM.Urlmon1.UNOFFICIAL FOUND > /mnt/windows/Windows/Installer/167287.msp: > Sanesecurity.Badmacro.XlsM.Urlmon1.UNOFFICIAL FOUND > /mnt/windows/Windows/Installer/$PatchCache$/Managed/68AB67CA330133017706CB5110E47A00/21.1.20135/Acrobat.dll: > MiscreantPunch.EvilMacro.AOUEGTP.1.UNOFFICIAL FOUND > /mnt/windows/Windows/Installer/$PatchCache$/Managed/68AB67CA330133017706CB5110E47A00/21.1.20135/SingleClientServicesUpdater.exe: > Sanesecurity.Foxhole.JS_7z.UNOFFICIAL FOUND > /mnt/windows/Windows/Installer/$PatchCache$/Managed/68AB67CA330133017706CB5110E47A00/21.1.20135/libcef.dll: > PUA.Win.Packer.Pseudosigner-96 FOUND > /mnt/windows/Windows/System32/NlsLexicons0009.dll: PUA.Win.Packer.LyWgkx-2 > FOUND > /mnt/windows/Windows/System32/getmac.exe: PUA.Win.Packer.Pequake-4 FOUND > /mnt/windows/Windows/System32/NL7Data0804.dll: PUA.Win.Packer.Pseudosigner-96 > FOUND > /mnt/windows/Windows/System32/config/SOFTWARE: > YARA.MSIETabularActivex.UNOFFICIAL FOUND > /mnt/windows/Windows/System32/drivers/mssmbios.sys: PUA.Win.Packer.Pequake-4 > FOUND > /mnt/windows/Windows/System32/drivers/npsvctrig.sys: PUA.Win.Packer.Pequake-4 > FOUND > /mnt/windows/Windows/System32/drivers/AMDPCIDev.sys: PUA.Win.Packer.Pequake-4 > FOUND > /mnt/windows/Windows/System32/drivers/EhStorClass.sys: > PUA.Win.Packer.Pequake-4 FOUND > /mnt/windows/Windows/System32/DriverStore/FileRepository/genpass.inf_amd64_0c82d80c9252c9bd/genpass.sys: > PUA.Win.Packer.Pequake-4 FOUND > /mnt/windows/Windows/System32/DriverStore/FileRepository/mssmbios.inf_amd64_3b543e16c86a5331/mssmbios.sys: > PUA.Win.Packer.Pequake-4 FOUND > /mnt/windows/Windows/System32/DriverStore/FileRepository/npsvctrig.inf_amd64_d94cf1b3e0fa7b40/npsvctrig.sys: > PUA.Win.Packer.Pequake-4 FOUND > /mnt/windows/Windows/System32/DriverStore/FileRepository/umpass.inf_amd64_06e016c9ffecbf73/umpass.sys: > PUA.Win.Packer.Pequake-4 FOUND > /mnt/windows/Windows/System32/DriverStore/FileRepository/hdxgigabyte.inf_amd64_b3e38368040ef911/RTAIODAT.DAT: > PUA.Win.Packer.SiliconRealmsIn-2 FOUND > /mnt/windows/Windows/System32/DriverStore/FileRepository/nvmdsi.inf_amd64_549a2560cdb75bc2/Display.NvContainer/plugins/Session/wksServicePlugin.dll: > PUA.Win.Packer.NspackDotnetNor-2 FOUND > /mnt/windows/Windows/System32/DriverStore/FileRepository/amdpcidev.inf_amd64_07eabc68f3f8029e/AMDPCIDev.sys: > PUA.Win.Packer.Pequake-4 FOUND > /mnt/windows/Windows/System32/HealthAttestationClient/vcruntime140.dll: > PUA.Win.Packer.Pequake-4 FOUND > /mnt/windows/Windows/SysWOW64/html.iec: PUA.Win.Packer.BorlandDelphiKo-1 FOUND > /mnt/windows/Windows/SysWOW64/NL7Data0804.dll: PUA.Win.Packer.Pseudosigner-96 > FOUND > /mnt/windows/Windows/WinSxS/amd64_dual_genpass.inf_31bf3856ad364e35_10.0.26100.1150_none_920869b2ca5ff0da/genpass.sys: > PUA.Win.Packer.Pequake-4 FOUND > /mnt/windows/Windows/WinSxS/amd64_dual_mssmbios.inf_31bf3856ad364e35_10.0.26100.1_none_8d21bf4089718c78/mssmbios.sys: > PUA.Win.Packer.Pequake-4 FOUND > /mnt/windows/Windows/WinSxS/amd64_dual_npsvctrig.inf_31bf3856ad364e35_10.0.26100.1150_none_1cab90dd9af9d563/npsvctrig.sys: > PUA.Win.Packer.Pequake-4 FOUND > /mnt/windows/Windows/WinSxS/amd64_dual_umpass.inf_31bf3856ad364e35_10.0.26100.1150_none_68f2c112fe9072ae/umpass.sys: > PUA.Win.Packer.Pequake-4 FOUND > /mnt/windows/Windows/WinSxS/amd64_microsoft-windows-d..s-ime-japanese-help_31bf3856ad364e35_10.0.26100.1_none_6efbcc9df47cfbae/IMJPDT.CHM: > YARA.MSIETabularActivex.UNOFFICIAL FOUND > /mnt/windows/Windows/WinSxS/amd64_microsoft-windows-d..s-ime-japanese-help_31bf3856ad364e35_10.0.26100.1_none_6efbcc9df47cfbae/IMJPDTE.CHM: > YARA.MSIETabularActivex.UNOFFICIAL FOUND > /mnt/windows/Windows/WinSxS/amd64_microsoft-windows-d..s-ime-japanese-help_31bf3856ad364e35_10.0.26100.1_none_6efbcc9df47cfbae/IMJPCLE.CHM: > YARA.MSIETabularActivex.UNOFFICIAL FOUND > /mnt/windows/Windows/WinSxS/amd64_microsoft-windows-d..s-ime-japanese-help_31bf3856ad364e35_10.0.26100.1_none_6efbcc9df47cfbae/IMJPCL.CHM: > YARA.MSIETabularActivex.UNOFFICIAL FOUND > /mnt/windows/Windows/WinSxS/amd64_microsoft-windows-d..s-ime-japanese-help_31bf3856ad364e35_10.0.26100.1_none_6efbcc9df47cfbae/JPNPADEN.CHM: > YARA.MSIETabularActivex.UNOFFICIAL FOUND > /mnt/windows/Windows/WinSxS/amd64_microsoft-windows-d..s-ime-japanese-help_31bf3856ad364e35_10.0.26100.1_none_6efbcc9df47cfbae/IMJPPD.CHM: > YARA.MSIETabularActivex.UNOFFICIAL FOUND > /mnt/windows/Windows/WinSxS/amd64_microsoft-windows-e..storage-classdriver_31bf3856ad364e35_10.0.26100.1150_none_f9d6e5ca1c6acbdf/EhStorClass.sys: > PUA.Win.Packer.Pequake-4 FOUND > /mnt/windows/Windows/WinSxS/amd64_microsoft-windows-getmac_31bf3856ad364e35_10.0.26100.1_none_08f23f1b0a87acee/getmac.exe: > PUA.Win.Packer.Pequake-4 FOUND > /mnt/windows/Windows/WinSxS/amd64_microsoft-windows-naturallanguage6-0009_31bf3856ad364e35_10.0.26100.1150_none_d9c82cac115976c0/NlsLexicons0009.dll: > PUA.Win.Packer.LyWgkx-2 FOUND > /mnt/windows/Windows/WinSxS/amd64_microsoft-windows-unix-socket-provider_31bf3856ad364e35_10.0.26100.1150_none_e99cd5218e65c513/afunix.sys: > PUA.Win.Packer.Pequake-4 FOUND > /mnt/windows/Windows/WinSxS/amd64_microsoft.windows.powershell.common_31bf3856ad364e35_10.0.26100.1_none_2dd2f8b883c5b765/Windows > PowerShell.lnk: Sanesecurity.Malware.28759.LnkHeur.UNOFFICIAL FOUND > /mnt/windows/Windows/WinSxS/amd64_windows-defender-am-engine_31bf3856ad364e35_10.0.26100.1_none_fc1f03fc1ecd9d6b/MpEngine.dll: > PUA.Win.Packer.Lzexe-1 FOUND > /mnt/windows/Windows/WinSxS/Backup/amd64_microsoft-windows-e..storage-classdriver_31bf3856ad364e35_10.0.26100.4484_none_f9b921761c80c9b0_ehstorclass.sys_e7c48eda: > PUA.Win.Packer.Pequake-4 FOUND > /mnt/windows/Windows/WinSxS/wow64_microsoft-windows-i..mlconverter-enduser_31bf3856ad364e35_10.0.26100.1_none_5c1a98715abdeb17/html.iec: > PUA.Win.Packer.BorlandDelphiKo-1 FOUND > /mnt/windows/Windows/WinSxS/wow64_microsoft-windows-i..mlconverter-enduser_31bf3856ad364e35_10.0.26100.1882_none_fac56461a2517bf3/html.iec: > PUA.Win.Packer.BorlandDelphiKo-1 FOUND > /mnt/windows/Windows/WinSxS/wow64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_10.0.26100.1_none_bf9ba9b8ca391b0e/mswsock.dll: > PUA.Win.File.Pemalform-9786668-0 FOUND > /mnt/windows/Windows/WinSxS/amd64_microsoft-windows-naturallanguage6-0009_31bf3856ad364e35_10.0.26100.3912_none_d96d8260119e1e7c/NlsLexicons0009.dll: > PUA.Win.Packer.LyWgkx-2 FOUND > /mnt/windows/Windows/WinSxS/amd64_microsoft-windows-e..storage-classdriver_31bf3856ad364e35_10.0.26100.4484_none_f9b921761c80c9b0/EhStorClass.sys: > PUA.Win.Packer.Pequake-4 FOUND > /mnt/windows/Windows/WinSxS/amd64_microsoft-windows-healthattestation-csp_31bf3856ad364e35_10.0.26100.7309_none_c6e5e09d6b555120/vcruntime140.dll: > PUA.Win.Packer.Pequake-4 FOUND > /mnt/windows/Windows/WinSxS/amd64_microsoft-windows-w..-chinese_simplified_31bf3856ad364e35_10.0.26100.7309_none_c7c9eae0fbdefde0/NL7Data0804.dll: > PUA.Win.Packer.Pseudosigner-96 FOUND > /mnt/windows/Windows/WinSxS/wow64_microsoft-windows-w..-chinese_simplified_31bf3856ad364e35_10.0.26100.7309_none_d21e9533303fbfdb/NL7Data0804.dll: > PUA.Win.Packer.Pseudosigner-96 FOUND > /mnt/windows/Windows/WinSxS/wow64_microsoft-windows-w..-chinese_simplified_31bf3856ad364e35_10.0.26100.1_none_3346500ae8cce31b/NL7Data0804.dll: > PUA.Win.Packer.Pseudosigner-96 FOUND > /mnt/windows/Windows/WinSxS/amd64_microsoft-windows-w..-chinese_simplified_31bf3856ad364e35_10.0.26100.1150_none_c7e54dcefbc96f1e/NL7Data0804.dll: > PUA.Win.Packer.Pseudosigner-96 FOUND > /mnt/windows/Windows/ServiceProfiles/NetworkService/AppData/Roaming/Microsoft/Windows/Start > Menu/Programs/Windows PowerShell/Windows PowerShell.lnk: > Sanesecurity.Malware.28759.LnkHeur.UNOFFICIAL FOUND > /mnt/windows/Windows/ServiceProfiles/LocalService/AppData/Roaming/Microsoft/Windows/Start > Menu/Programs/Windows PowerShell/Windows PowerShell.lnk: > Sanesecurity.Malware.28759.LnkHeur.UNOFFICIAL FOUND > > ----------- SCAN SUMMARY ----------- > Infected files: 349 > Time: 20237.374 sec (337 m 17 s) > Start Date: 2026:03:12 01:16:38 > End Date: 2026:03:12 06:53:55 > > > > > Looking forward to your advice. > > Thank you. > > Regards, > > Mr. Turritopsis Dohrnii Teo En Ming > Extremely Democratic People's Republic of Singapore > 12 Mar 2026 Thursday 3.06 pm Singapore Time > > > > > > > > _______________________________________________ > > Manage your clamav-users mailing list subscription / unsubscribe: > https://lists.clamav.net/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/Cisco-Talos/clamav-documentation > > https://docs.clamav.net/#mailing-lists-and-chat
_______________________________________________ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
