My antivirus flagged a mozilla file as possible ransomware. Is this a legit file? c:\program files\mozilla firefox\firefox.exe
It could be a false positive. I just want to make sure before I mark it as an exception. It says that a potentially unsafe application attempted to change or delete my files. Targeted folder was c:\users\user name. c:\program files\mozilla firefox\firefox.exe was blocked. Why would it be flagged if it is legit ?
All Replies (15)
Make sure you download Mozilla programs only from Mozilla.org.
What AV software do you have?
What file is this about?
From what you wrote it looks that the Firefox.exe program is trying to access a file in your user data area (C:\Users\...).
cor-el said
What AV software do you have? What file is this about? From what you wrote it looks that the Firefox.exe program is trying to access a file in your user data area (C:\Users\...).
Bitdefender. Yes, it showed attempted access of user data. Everything is up to date. Mozilla should not do that -- should it ?
It says desktop is targeted " file " and user is targeted folder. A few weeks ago there was another ransomware flag with " lock " as targeted file and My TOR browser was the targeted folder. In that case tor.exe was blocked.
Just to be safe,
You may have ad/mal-ware. Further information can be found in this article; https://support.mozilla.org/en-US/kb/troubleshoot-firefox-issues-caused-malware?cache=no
Run most or all of the listed malware scanners. Each works differently. If one program misses something, another may pick it up.
Does BitDefender show what specific file or file path this is about?
cor-el said
Does BitDefender show what specific file or file path this is about?
via c:\users
I ran a system scan and nothing came up. Perhaps a false positive
All files from Mozilla.org are free from anything third party.
You would have to be more specific than c:\users. We would need the full file path including the file name to see what this message is about. Even you profile folder is in this path.
Firefox uses two locations for the Firefox profile folder. Location used for the main profile in "AppData\Roaming" that keeps your personal data.
- C:\Users\<user>\AppData\Roaming\Mozilla\Firefox\Profiles\<profile>\
Location used for the disk cache and other temporary files in "AppData\Local".
- C:\Users\<user>\AppData\Local\Mozilla\Firefox\Profiles\<profile>\
That is all the AV notification shows: Target: c:\users\user
Blocked:c:\program files\mozilla firefox\firefox.exe
Ransomware Protection
I think the roaming path has been flagged in the past.
> I think the roaming path has been flagged in the past.
Probably something in your profile folder that's causing issues? The path for the profile BitDefender would've flagged can be found at C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\xxxxxxxx.default
I keep getting... [PUP.Firefox][File] C:\Users\melen\AppData\Roaming\Mozilla\Firefox\Profiles\2O3gaW38.default\Invalidprefs.js -> as malicious and that it should be removed. Malwarebytes and Rogue Killer indicate as malicious so I removed it. What is this and is it malicious? I haven't encountered any issues after removal but I still want to know if I did the correct thing.
It looks that Firefox copies prefs.js to Invalidprefs.js if there is a problem with the prefs.js file. I don't know what that problem is in your case and whether your security software could be responsible for this corruption in the first place.
See:
cor-el said
It looks that Firefox copies prefs.js to Invalidprefs.js if there is a problem with the prefs.js file. I don't know what that problem is in your case and whether your security software could be responsible for this corruption in the first place. See:
I just remembered that a few weeks ago BitDefender flagged it as malicious. I did remove the prefs.ja file as I mentioned. As of now, Firefox seems to be performing without any issues and I haven't lost any of my bookmarks. Thank you for your valuable advice, I appreciate your time.
These add-ons can be a great help by backing up and restoring Firefox
https://addons.mozilla.org/en-US/firefox/addon/febe/ FEBE (Firefox Environment Backup Extension)
FEBE allows you to quickly and easily backup your Firefox extensions, history, passwords, and more. In fact, it goes beyond just backing up -- It will actually rebuild your saved files individually into installable .xpi files. It will also make backups of files that you choose.
https://addons.mozilla.org/en-US/firefox/addon/opie/ OPIE
Import/Export extension preferences