Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

how suspect is a browser 'prefs.js' file, located at C:/


  • Please log in to reply
3 replies to this topic

#1 thedarkness

thedarkness

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:03:16 AM

Posted 24 October 2015 - 09:40 PM

This javascript file could be related to my mozilla browser, does the content seem suspect?

 

message.jpg

What was most questionable was it's location (C:/prefs.js). Nothing was seemingly broken or changed within windows or the browser after deletion, and only one antimalware program I tested (gridinsoft) reported it as malware 'Trojan.PL.Gen.bot'. I scanned with bitdefender,avast, malwarebytes, no result. virustotal gave me 2 results - I still have the original file that I will try and upload later if necessary, but have re-installed windows since then (to give me back some hdd space - as I'm on an older laptop). I had not installed anything new before noticing it.
 

Thanks for any info or opinion-  I know the browser uses prefs.js but it is normally located in the program's installation and appdata folders, and has far more regarding content. All I can think of is that the above may have been the creation of a possible plugin (I had ublock,acrobat and java deployment toolkit as an extension, but that is all).

 



BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:16 AM

Posted 24 October 2015 - 09:44 PM

Hi thedarkness :)

It's possible that for whatever reason there is, Mozilla couldn't create the prefs.js file in it's directory and created it in the C: drive instead. It isn't the first time I see this. I've seen it being created directly in the %userprofile% as well. This being said, I wouldn't worry about it. As you can see, there's no malicious URLs in it, in fact, it is set so both your new tab and startup page are set to about:blank, which means nothing (and a lot of users prefers it that way).

Since you deleted it, no further action is required.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 thedarkness

thedarkness
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:03:16 AM

Posted 24 October 2015 - 10:07 PM

I wonder if that could be to do with having a default profile. I have noticed on windows (from what I have used, from xp to 10) that despite changing to an admin user, I am not always given full admin permission or recognition without either setting up a password, or creating a new admin account. Perhaps that is why it could not write the file, at a guess

 

I noted gridinsoft on the result showing as a trojan (I was trying out the program) and they thanked me but did not give me any further suggestions to get rid of it. If it's content is only what shows in the text, pointing only to blank pages, I can see how a prefs.js directly on C could be potentialy malicious.

 

If i'm not mistaken I think I've heard online never to install anything directly to C:/ as it might give programs or files extra or admin permissions, although Im not sure if this is true.

 

Thanks :)


Edited by thedarkness, 24 October 2015 - 10:09 PM.


#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:16 AM

Posted 24 October 2015 - 10:14 PM

When you create a user on Windows after an installation, that user is Admin and therefore have every rights. There's no need to create another Admin account, thinking that you'll get more rights, since you'll have the same as your current Admin account.

And it's possible that Mozilla Firefox crashed and this was an unexpected result. Wouldn't surprise me to be honest. It's like when Java crashes and writes log files directly to the desktop. Used to be a "bug" pretty common back in the JRE 7 days.

And no problem, you're welcome :)

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users