Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Repeat malware on malaware bytes from firefox user data profile

more options

I keep getting an issue within Firefox via Malaware Bytes that sees two items quarantined that are coming from Mozilla User Data Profile.

This is the message:

ile: 2 PUP.Optional.Conduit, C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2913HXCN.DEFAULT-RELEASE\PREFS.JS, Replaced, [204], [301520],1.0.12281 PUP.Optional.Conduit, C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2913HXCN.DEFAULT-RELEASE\PREFS.JS, Replaced, [204], [303091],1.0.12281

Any ideas on what to do? Maybe delete my Firefox sync account and reinstall?

I keep getting an issue within Firefox via Malaware Bytes that sees two items quarantined that are coming from Mozilla User Data Profile. This is the message: ile: 2 PUP.Optional.Conduit, C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2913HXCN.DEFAULT-RELEASE\PREFS.JS, Replaced, [204], [301520],1.0.12281 PUP.Optional.Conduit, C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2913HXCN.DEFAULT-RELEASE\PREFS.JS, Replaced, [204], [303091],1.0.12281 Any ideas on what to do? Maybe delete my Firefox sync account and reinstall?

All Replies (6)

more options

Hi jonathanweber82, that file --

...\2913HXCN.DEFAULT-RELEASE\PREFS.JS

-- stores a variety of settings, from your content blocking preferences to your home page URL(s). The report you're getting isn't specific enough to indicate where the problem is. For example, a Conduit add-on might be modifying some settings, but which one(s)?

One possible culprit would be an extension. You can view, disable, and often remove unwanted or unknown extensions on the Add-ons page. Either:

  • Ctrl+Shift+a (Mac: Command+Shift+a)
  • "3-bar" menu button (or Tools menu) > Add-ons
  • type or paste about:addons in the address bar and press Enter/Return

In the left column of the Add-ons page, click Extensions.

Then cast a critical eye over the list on the right side. Any extensions Firefox installs for built-in features are hidden from this page, so everything listed here is your choice (and your responsibility) to manage. Anything suspicious or that you just do not remember installing or why? If in doubt, disable (or remove).

Any improvement?

more options

Hey,

Thanks for the help. The only extension that is there is AdBlock Plus that is enabled with Avast as disabled. So not sure why that still keeps happening. I'm going to include the whole log file for what Malaware Bytes is finding. Maybe I'm just missing something. My other thought is to delete Mozilla and unsync my account as I did sync it onto a new computer. Perhaps it is something in the history/cookies/etc that is causing an issue.

Malwarebytes www.malwarebytes.com

-Log Details- Scan Date: 9/1/19 Scan Time: 2:39 PM Log File: 3e7cbe74-ccf0-11e9-bdc0-68f728b1fdee.json

-Software Information- Version: 3.8.3.2965 Components Version: 1.0.613 Update Package Version: 1.0.12281 License: Premium

-System Information- OS: Windows 10 (Build 18362.329) CPU: x64 File System: NTFS User: System

-Scan Summary- Scan Type: Threat Scan Scan Initiated By: Scheduler Result: Completed Objects Scanned: 278862 Threats Detected: 2 Threats Quarantined: 2 Time Elapsed: 2 min, 6 sec

-Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect

-Scan Details- Process: 0 (No malicious items detected)

Module: 0 (No malicious items detected)

Registry Key: 0 (No malicious items detected)

Registry Value: 0 (No malicious items detected)

Registry Data: 0 (No malicious items detected)

Data Stream: 0 (No malicious items detected)

Folder: 0 (No malicious items detected)

File: 2 PUP.Optional.Conduit, C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2913HXCN.DEFAULT-RELEASE\PREFS.JS, Replaced, [204], [301520],1.0.12281 PUP.Optional.Conduit, C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2913HXCN.DEFAULT-RELEASE\PREFS.JS, Replaced, [204], [303091],1.0.12281

Physical Sector: 0 (No malicious items detected)

WMI: 0 (No malicious items detected)


(end)

more options

Do these parameters mean anything to you, or can you use them to determine what was quarantined:

...\PREFS.JS, Replaced, [204], [303091],1.0.12281

There's just not enough information to determine why the Conduit-related items show up in the prefs.js file.

Most of the prefs.js entries can be viewed as Modified entries in the about:config preferences editor. But I don't know what Malwarebytes would consider a match, so that could be searching for a needle in a haystack.

If you want to take a look: Configuration Editor for Firefox (click the Status column heading to group the Modified items together)

more options

You could disconnect from Sync without making any other changes or deleting any data. Then watch for a day or two to see whether the problem returns. If not, perhaps it is coming over through Sync.

See the "Remove a device from Sync" section of How do I set up Sync on my computer? IMPORTANT: when disconnecting from Sync, do not delete data.

more options

Did you install Malwarebytes recently or did you use it before with the same profile?

more options

I used it before with the same profile. I had bought the premium version and had it installed on my old laptop so I copied the license over to my new laptop since I had just purchased the premium version recently. Is there something I need to do within Malaware Bytes premium to correct the issue?