Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

It looks like some troubles in firefox's folder

  • 3 replies
  • 0 have this problem
  • 5 views
  • Last reply by Durandal

more options

Recently, when I was using firefox-nightly, the antivirus software prompted me that several virus files of type 'virus.js.unsafe.2' were detected in the 'entries' folder of firefox.

But I don't know where the virus is coming from for now, it could be an extension or a TamperMonkey plugin. so now I want to understand what the files in Firefox's entries folder do and where they come from?

I’m a Chinese. Sorry for my weak English levels

Recently, when I was using firefox-nightly, the antivirus software prompted me that several virus files of type 'virus.js.unsafe.2' were detected in the 'entries' folder of firefox. But I don't know where the virus is coming from for now, it could be an extension or a TamperMonkey plugin. so now I want to understand what the files in Firefox's entries folder do and where they come from? I’m a Chinese. Sorry for my weak English levels
Attached screenshots

Chosen solution

Your English is much, much better than my Chinese.

The files under "cache2" are usually saved from pages as you browse, and are not part of an add-on's code or data. You may have visited a site with some malicious scripts.

It may be difficult to determine what site it was because the file names are nonsense. Firefox does provide an index of the contents of the disk cache on the about:cache page (type or paste that into your address bar and press Enter to load it, then use the link under Disk Cache). But it does not match up with the file names.

It's okay to delete those files, or to clear the entire web cache. If a cached file is missing, Firefox will request it again on the next visit to the site that needed it.

Reference: How to clear the Firefox cache

Read this answer in context 👍 1

All Replies (3)

more options

Chosen Solution

Your English is much, much better than my Chinese.

The files under "cache2" are usually saved from pages as you browse, and are not part of an add-on's code or data. You may have visited a site with some malicious scripts.

It may be difficult to determine what site it was because the file names are nonsense. Firefox does provide an index of the contents of the disk cache on the about:cache page (type or paste that into your address bar and press Enter to load it, then use the link under Disk Cache). But it does not match up with the file names.

It's okay to delete those files, or to clear the entire web cache. If a cached file is missing, Firefox will request it again on the next visit to the site that needed it.

Reference: How to clear the Firefox cache

Helpful?

more options

Those cache entries contain both meta date like the HTTP headers and the actual (compressed) file data, so you can possibly check those items in a Hex file viewing utility for more info.

Helpful?

more options

TO: @jscher2000, @cor-el

I really appreciate your help!

I've cleared all the files in the 'entries' folder and downgraded firefox-nightly back to the normal version, and it hasn't happened again in the last few days.

I also tried uploading the virus samples to VirusTotal for analysis, and only one of the antivirus programs indicated a 'Gzip bomb' - it looks like a countermeasure some sites are doing to prevent web crawlers.

Anyway, that's the end of it. Thanks again for your replies, it's been a big help for me!

Helpful?

Ask a question

You must log in to your account to reply to posts. Please start a new question, if you do not have an account yet.