Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Malwarebytes keeps identifying a virus in pref.js.

  • 8 replies
  • 2 have this problem
  • 14 views
  • Last reply by James

more options

Several days ago, I noticed that WinPatrol was asking about file association changes. After a few minutes, Outlook stopped working. I rebooted and everything seemed fine. A Webroot scan revealed no virus, but I downloaded Malwarebytes, and it identified a real-time threat, which I quarantined. The next morning, MB identified Firefox's prefs.js as a threat, and I quarantined it. Same for the last several days. Someone apparently closed the MB report window yesterday before I did the daily quarantine, and this morning, Outlook was not working. I quarantined prefs.js, and all is now well -- for the time being. Webroot support says MB is coming up with a false positive, but they cannot find what is causing the computer to misbehave, even after a 2-hour remote access session. I scanned the bad version of the file through www.virustotal.com, and it came up clean on all AV programs, including MB (even though the MB scan on my computer said it was a PUP). Interestingly, virustotal said Webroot cannot process this file. I am using Firefix version 52.3.0, which is the latest one that works with XP SP3. I have the same OS and Firefox version on two other machines, and have no problems on them. An MB scan on one of those machines does not consider prefs.js to be a threat. Any help will be appreciated.

Several days ago, I noticed that WinPatrol was asking about file association changes. After a few minutes, Outlook stopped working. I rebooted and everything seemed fine. A Webroot scan revealed no virus, but I downloaded Malwarebytes, and it identified a real-time threat, which I quarantined. The next morning, MB identified Firefox's prefs.js as a threat, and I quarantined it. Same for the last several days. Someone apparently closed the MB report window yesterday before I did the daily quarantine, and this morning, Outlook was not working. I quarantined prefs.js, and all is now well -- for the time being. Webroot support says MB is coming up with a false positive, but they cannot find what is causing the computer to misbehave, even after a 2-hour remote access session. I scanned the bad version of the file through www.virustotal.com, and it came up clean on all AV programs, including MB (even though the MB scan on my computer said it was a PUP). Interestingly, virustotal said Webroot cannot process this file. I am using Firefix version 52.3.0, which is the latest one that works with XP SP3. I have the same OS and Firefox version on two other machines, and have no problems on them. An MB scan on one of those machines does not consider prefs.js to be a threat. Any help will be appreciated.

All Replies (8)

more options

Hi, if worried start off fresh as 52.9.0esr is the last version available for XP/Vista and support ends at month end. https://www.mozilla.org/en-GB/firefox/organizations/all/

So that file is in the Profile so if saving anything Bookmarks and dump everything else to be safe.

more options

When the prefs.js file is suspected by protection programs, it sometimes means that something in the file is accessing a 'bad' file.

You may have ad/mal-ware. Further information can be found in this article; https://support.mozilla.org/en-US/kb/troubleshoot-firefox-issues-caused-malware?cache=no

Run most or all of the listed malware scanners. Each works differently. If one program misses something, another may pick it up.

more options

The prefs.js file only stores preference settings and can't really store a virus although it can link to malicious websites and show installed extensions. This file is interpreted and is never run as a JavaScript file despite its file extension. Firefox 52 still supports Legacy extensions that can run privileged XUL code and that would be a much more likely cause for issues.

more options

Thanks to all of you! After posting to the forum, I found that I somehow missed a critical security update for XP, so I downloaded and installed it yesterday. Then I ran a Vipre Rescue safe-mode scan, which came up clean. Last night's Malwarebytes scan also came up clean. So, although it's difficult to type with my fingers crossed, I'm thinking whatever was repeatedly corrupting prefs,js is now gone. If not, I have saved y'all's advice!

more options

Note, Windows XP is not supported by Microsoft, and there are no more updates to Firefox for XP either. It should not be used on the internet, no matter what anti-virus you have. It's just not safe.

Please update to either Windows 7 or 10 (I suggest 10), buy a new computer, or switch to linux.

more options

The security update was released in 2017. I downloaded it from https://www.microsoft.com/en-us/download/details.aspx?id=55245, which is a Microsoft site. As to my requirements for an OS and browser, your suggestions are noted, and these considerations continue to be factored in with the other relevant aspects of my highly unique computer needs.

Thanks for your concern.

more options

Yes, but that's the last security update for XP. There will be no more. There are no more updates for Firefox. It's not safe to use. Please update ASAP or disconnect that computer from the internet.

more options

soundguyrichard said

The security update was released in 2017. I downloaded it from https://www.microsoft.com/en-us/download/details.aspx?id=55245, which is a Microsoft site.

Apart from some updates meant for POS and ATM's, Microsoft has made WinXP End Of Life or EOL ever since April 2014.

That 2017 update was a emergency critical security update and not Microsoft still supporting WinXP.

https://www.tomshardware.com/news/microsoft-critical-security-patch-windows-xp-8,34409.html

Dual booting with a light 32-bit Linux distro as some still support the ancient 32-bit CPU's like Lubuntu and Xubuntu is an option to be secure.


Firefox 53.0 and later requires Windows 7, 8 (8.1), 10 including the current 61.0.2 Release and 60.1.0 ESR. Sept 5 will be when 62.0 Release and 60.2.0esr will be out and no more updates for the legacy 52 ESR.

Modified by James