X
Tap here to go to the mobile version of the site.

Support Forum

My antivirus flagged a mozilla file as possible ransomware. Is this a legit file? c:\program files\mozilla firefox\firefox.exe

Posted

It could be a false positive. I just want to make sure before I mark it as an exception. It says that a potentially unsafe application attempted to change or delete my files. Targeted folder was c:\users\user name. c:\program files\mozilla firefox\firefox.exe was blocked. Why would it be flagged if it is legit ?

It could be a false positive. I just want to make sure before I mark it as an exception. It says that a potentially unsafe application attempted to change or delete my files. Targeted folder was c:\users\user name. c:\program files\mozilla firefox\firefox.exe was blocked. Why would it be flagged if it is legit ?

Additional System Details

Installed Plug-ins

  • Shockwave Flash 25.0 r0

Application

  • User Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0

More Information

FredMcD
  • Top 10 Contributor
4247 solutions 59409 answers

Helpful Reply

Make sure you download Mozilla programs only from Mozilla.org.

Make sure you download Mozilla programs only from Mozilla.org.
cor-el
  • Top 10 Contributor
  • Moderator
17479 solutions 157955 answers

Helpful Reply

What AV software do you have?

What file is this about?

From what you wrote it looks that the Firefox.exe program is trying to access a file in your user data area (C:\Users\...).

What AV software do you have? What file is this about? From what you wrote it looks that the Firefox.exe program is trying to access a file in your user data area (C:\Users\...).

Question owner

cor-el said

What AV software do you have? What file is this about? From what you wrote it looks that the Firefox.exe program is trying to access a file in your user data area (C:\Users\...).

Bitdefender. Yes, it showed attempted access of user data. Everything is up to date. Mozilla should not do that -- should it ?

''cor-el [[#answer-969371|said]]'' <blockquote> What AV software do you have? What file is this about? From what you wrote it looks that the Firefox.exe program is trying to access a file in your user data area (C:\Users\...). </blockquote> Bitdefender. Yes, it showed attempted access of user data. Everything is up to date. Mozilla should not do that -- should it ?

Question owner

It says desktop is targeted " file " and user is targeted folder. A few weeks ago there was another ransomware flag with " lock " as targeted file and My TOR browser was the targeted folder. In that case tor.exe was blocked.

It says desktop is targeted " file " and user is targeted folder. A few weeks ago there was another ransomware flag with " lock " as targeted file and My TOR browser was the targeted folder. In that case tor.exe was blocked.
FredMcD
  • Top 10 Contributor
4247 solutions 59409 answers

Just to be safe,

You may have ad/mal-ware. Further information can be found in this article; https://support.mozilla.org/en-US/kb/troubleshoot-firefox-issues-caused-malware?cache=no

Run most or all of the listed malware scanners. Each works differently. If one program misses something, another may pick it up.

Just to be safe, You may have ad/mal-ware. Further information can be found in this article; https://support.mozilla.org/en-US/kb/troubleshoot-firefox-issues-caused-malware?cache=no Run most or all of the listed malware scanners. Each works differently. If one program misses something, another may pick it up.
cor-el
  • Top 10 Contributor
  • Moderator
17479 solutions 157955 answers

Does BitDefender show what specific file or file path this is about?

Does BitDefender show what specific file or file path this is about?

Question owner

cor-el said

Does BitDefender show what specific file or file path this is about?

via c:\users

I ran a system scan and nothing came up. Perhaps a false positive

''cor-el [[#answer-969655|said]]'' <blockquote> Does BitDefender show what specific file or file path this is about? </blockquote> via c:\users I ran a system scan and nothing came up. Perhaps a false positive
FredMcD
  • Top 10 Contributor
4247 solutions 59409 answers

All files from Mozilla.org are free from anything third party.

All files from Mozilla.org are free from anything third party.
cor-el
  • Top 10 Contributor
  • Moderator
17479 solutions 157955 answers

You would have to be more specific than c:\users. We would need the full file path including the file name to see what this message is about. Even you profile folder is in this path.

Firefox uses two locations for the Firefox profile folder. Location used for the main profile in "AppData\Roaming" that keeps your personal data.

  • C:\Users\<user>\AppData\Roaming\Mozilla\Firefox\Profiles\<profile>\

Location used for the disk cache and other temporary files in "AppData\Local".

  • C:\Users\<user>\AppData\Local\Mozilla\Firefox\Profiles\<profile>\
You would have to be more specific than c:\users. We would need the full file path including the file name to see what this message is about. Even you profile folder is in this path. Firefox uses two locations for the Firefox profile folder. Location used for the main profile in "AppData\Roaming" that keeps your personal data. *C:\Users\&lt;user&gt;\AppData\Roaming\Mozilla\Firefox\Profiles\&lt;profile&gt;\ Location used for the disk cache and other temporary files in "AppData\Local". *C:\Users\&lt;user&gt;\AppData\Local\Mozilla\Firefox\Profiles\&lt;profile&gt;\

Question owner

That is all the AV notification shows: Target: c:\users\user

Blocked:c:\program files\mozilla firefox\firefox.exe

Ransomware Protection

I think the roaming path has been flagged in the past.

That is all the AV notification shows: Target: c:\users\user Blocked:c:\program files\mozilla firefox\firefox.exe Ransomware Protection I think the roaming path has been flagged in the past.
Moses
  • Moderator
459 solutions 3607 answers

> I think the roaming path has been flagged in the past.

Probably something in your profile folder that's causing issues? The path for the profile BitDefender would've flagged can be found at C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\xxxxxxxx.default

> I think the roaming path has been flagged in the past. Probably something in your profile folder that's causing issues? The path for the profile BitDefender would've flagged can be found at C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\xxxxxxxx.default
melen 0 solutions 4 answers

I keep getting... [PUP.Firefox][File] C:\Users\melen\AppData\Roaming\Mozilla\Firefox\Profiles\2O3gaW38.default\Invalidprefs.js -> as malicious and that it should be removed. Malwarebytes and Rogue Killer indicate as malicious so I removed it. What is this and is it malicious? I haven't encountered any issues after removal but I still want to know if I did the correct thing.

I keep getting... [PUP.Firefox][File] C:\Users\melen\AppData\Roaming\Mozilla\Firefox\Profiles\2O3gaW38.default\Invalidprefs.js -> as malicious and that it should be removed. Malwarebytes and Rogue Killer indicate as malicious so I removed it. What is this and is it malicious? I haven't encountered any issues after removal but I still want to know if I did the correct thing.
cor-el
  • Top 10 Contributor
  • Moderator
17479 solutions 157955 answers

It looks that Firefox copies prefs.js to Invalidprefs.js if there is a problem with the prefs.js file. I don't know what that problem is in your case and whether your security software could be responsible for this corruption in the first place.

See:

It looks that Firefox copies prefs.js to Invalidprefs.js if there is a problem with the prefs.js file. I don't know what that problem is in your case and whether your security software could be responsible for this corruption in the first place. See: *https://dxr.mozilla.org/mozilla-release/source/modules/libpref/Preferences.cpp#913
melen 0 solutions 4 answers

cor-el said

It looks that Firefox copies prefs.js to Invalidprefs.js if there is a problem with the prefs.js file. I don't know what that problem is in your case and whether your security software could be responsible for this corruption in the first place. See:

I just remembered that a few weeks ago BitDefender flagged it as malicious. I did remove the prefs.ja file as I mentioned. As of now, Firefox seems to be performing without any issues and I haven't lost any of my bookmarks. Thank you for your valuable advice, I appreciate your time.

''cor-el [[#answer-987040|said]]'' <blockquote> It looks that Firefox copies prefs.js to Invalidprefs.js if there is a problem with the prefs.js file. I don't know what that problem is in your case and whether your security software could be responsible for this corruption in the first place. See: *https://dxr.mozilla.org/mozilla-release/source/modules/libpref/Preferences.cpp#913 </blockquote> I just remembered that a few weeks ago BitDefender flagged it as malicious. I did remove the prefs.ja file as I mentioned. As of now, Firefox seems to be performing without any issues and I haven't lost any of my bookmarks. Thank you for your valuable advice, I appreciate your time.
FredMcD
  • Top 10 Contributor
4247 solutions 59409 answers

These add-ons can be a great help by backing up and restoring Firefox

https://addons.mozilla.org/en-US/firefox/addon/febe/ FEBE (Firefox Environment Backup Extension)

FEBE allows you to quickly and easily backup your Firefox extensions, history, passwords, and more. In fact, it goes beyond just backing up -- It will actually rebuild your saved files individually into installable .xpi files. It will also make backups of files that you choose.

https://addons.mozilla.org/en-US/firefox/addon/opie/ OPIE

Import/Export extension preferences

These add-ons can be a great help by backing up and restoring Firefox https://addons.mozilla.org/en-US/firefox/addon/febe/ FEBE (Firefox Environment Backup Extension) FEBE allows you to quickly and easily backup your Firefox extensions, history, passwords, and more. In fact, it goes beyond just backing up -- It will actually rebuild your saved files individually into installable .xpi files. It will also make backups of files that you choose. https://addons.mozilla.org/en-US/firefox/addon/opie/ OPIE Import/Export extension preferences