Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Lolu chungechunge lwabekwa kunqolobane. Uyacelwa ubuze umbuzo omusha uma udinga usizo.

prefs.js keeps popping up as a malware threat

  • 3 uphendule
  • 3 zinale nkinga
  • 66 views
  • Igcine ukuphendulwa ngu James

more options

Hello, My Avast Free Antivirus keeps alerting me of the following file that it declares as an Advanced persistent threat. Please see the attached screenshot.

Hello, My Avast Free Antivirus keeps alerting me of the following file that it declares as an Advanced persistent threat. Please see the attached screenshot.
Ama-screenshot ananyekiwe

All Replies (3)

more options

I was having the same issue except I have a different path in which pref.js files are created.

From few minutes I'm not getting any popup anymore but Firefox is not redirecting me in any site I wanna. It's not working at all. What is happening?

Okulungisiwe ngu notSoYoung

more options

Hi, this seems to be affecting numerous Avast/AVG users. For background:

(1) prefs.js is a file that stores customized settings

Those include:

  • Add-on IDs -- connects an add-on installed in your Firefox with its local storage files
  • URLs -- including any custom home page, pinned shortcuts on the new tab page, and numerous URLs used for background updates

At this point, I haven't seen a post identifying exactly what setting is causing the detection. If someone is very comfortable reading a quarantined file in a text editor -- don't double-click prefs.js because your OS may execute it as a system script -- we could learn more by searching for "vbs" or any other know indications of this attack.

Related Reddit thread: https://www.reddit.com/r/firefox/comments/tk9w7l/corrupt_prefsjs_files_virus_related/

(2) Try running in Firefox's Troubleshoot Mode

In Troubleshoot Mode, Firefox disables all add-ons temporarily, which provides breathing room to take a closer look at those.

If Firefox is running:

You can restart Firefox in Safe/Troubleshoot Mode using either:

  • "3-bar" menu button > Help > Troubleshoot Mode... (before Fx88: Restart with Add-ons Disabled)
  • (menu bar) Help menu > Troubleshoot Mode... (before Fx88: Restart with Add-ons Disabled)

and OK the restart. A small dialog should appear. Click the Open button (before Fx88: "Start in Safe Mode" button).

If Firefox is not running:

Hold down the Shift key when starting Firefox. (On Mac, hold down the option/alt key instead of the Shift key.) A small dialog should appear. Click the Open button (before Fx88: "Start in Safe Mode" button).

Investigating Extensions

You can view, disable, and often remove unwanted or unknown extensions on the Add-ons page. Either:

  • Ctrl+Shift+a (Mac: Command+Shift+a)
  • "3-bar" menu button (or Tools menu) > Add-ons
  • type or paste about:addons in the address bar and press Enter/Return

In the left column of the Add-ons page, click Extensions. On the right side, find the "Manage Your Extensions" heading.

If there is at least one extension before the next heading -- "Recommended Extensions" -- please continue:

Then cast a critical eye over the list below that heading. Any extensions Firefox installs for built-in features are hidden from this page, so everything listed here is your choice (and your responsibility) to manage. Anything suspicious or that you just do not remember installing or why? If in doubt, disable (or remove). For your privacy and security, don't let mystery programs linger here.

Anything unexpected there?

more options

Okulungisiwe ngu James