MozillaZine

MalwareBytes Detects Safe File All the Time.. What to do?

User Help for Mozilla Firefox
zlaer
 
Posts: 57
Joined: June 29th, 2018, 11:11 am

Post Posted December 4th, 2018, 10:51 pm

When i run Malwarebytes it identifies 'pref.js' in the firefox directory as unsafe. I then choose the option to quarantine it even if its a needed and safe file thats part of firefox. When I run Malwarebytes again, it detects it again! Malwarebytes fails to quarantine it, if its supposed to do that. Should I leave this file alone?

costark
 
Posts: 313
Joined: July 14th, 2004, 5:03 am

Post Posted December 5th, 2018, 4:38 am

In a Mozilla.org Forum a Moderator suggested putting - prefs.js - in the Exclusion module, although for a different issue.
I can't speak to What is Triggering the "unsafe" BUT IF it's a False Positive you can exclude - Prefs.js - from Mbam Scanning per ...............
Settings/ Exclusion tab/ Add Exclusion/ Exclude File-Folder ... and Browse to where the FF Profile is containing - prefs.js -.
Starts w (Win 7/ 10 likely same)-- C:\users\AppData\Roaming\Your name (usually)\ Mozilla\Profile\target Profile\prefs.js

As you probably know ... Mbam Forum ---- https://forums.malwarebytes.com/forum/4 ... ort-forum/

EDIT: https://support.mozilla.org/en-US/questions/994795

The above is a 2014 Thread about Mbam not liking FF and this Forum's (not a surprise) jscher2000 contributed to a Solution. This seems to involve - user.js - and a "you don't want" Babylon Toolbar somehow installed. THAT toolbar was triggering a PUP alert in Mbam, BUT How - prefs.js - is causing anything maybe - jscher2000 / other Experts here - can deduce IF / WHEN he sees this.
Firefox 63.0.3 (64) - Win 7-64 Hm Prem - Hm-Stdnt Ofce '10 - ESET EIS - Mbam Prem v3 - DK PRO '15 - NO Java or Flash -

zlaer
 
Posts: 57
Joined: June 29th, 2018, 11:11 am

Post Posted December 5th, 2018, 11:17 am

costark wrote:In a Mozilla.org Forum a Moderator suggested putting - prefs.js - in the Exclusion module, although for a different issue.
I can't speak to What is Triggering the "unsafe" BUT IF it's a False Positive you can exclude - Prefs.js - from Mbam Scanning per ...............
Settings/ Exclusion tab/ Add Exclusion/ Exclude File-Folder ... and Browse to where the FF Profile is containing - prefs.js -.
Starts w (Win 7/ 10 likely same)-- C:\users\AppData\Roaming\Your name (usually)\ Mozilla\Profile\target Profile\prefs.js

As you probably know ... Mbam Forum ---- https://forums.malwarebytes.com/forum/4 ... ort-forum/

EDIT: https://support.mozilla.org/en-US/questions/994795

The above is a 2014 Thread about Mbam not liking FF and this Forum's (not a surprise) jscher2000 contributed to a Solution. This seems to involve - user.js - and a "you don't want" Babylon Toolbar somehow installed. THAT toolbar was triggering a PUP alert in Mbam, BUT How - prefs.js - is causing anything maybe - jscher2000 / other Experts here - can deduce IF / WHEN he sees this.


Looking into your info and links. Thanks.

Brummelchen
 
Posts: 3893
Joined: March 19th, 2005, 10:51 am

Post Posted December 6th, 2018, 10:06 am

malwarebytes software can read content of prefs file and if found a malicious value the whole file is flagged. the logfile should explain which one.

btw which software of malwarebytes is concerned? adwcleaner oder mbam?

therube

User avatar
 
Posts: 19183
Joined: March 10th, 2004, 9:59 pm
Location: Maryland USA

Post Posted December 6th, 2018, 10:11 am

That's particularly odd, I would think?
Given that in Quantum, extension prefs are not stored in prefs.js, so all that should be there would be "mozilla" prefs.
So, wondering what it is not liking?
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball CopyURL+ FetchTextURL FlashGot NoScript

makaiguy

User avatar
 
Posts: 16669
Joined: November 18th, 2002, 6:44 pm
Location: Somewhere in SE USA

Post Posted December 6th, 2018, 1:40 pm

MalwareBytes Detects Safe File All the Time.. What to do?


Well, the FIRST thing I'd do is edit the first post and change the title to indicate an UNsafe file is being detected. :-"
Doug Wilson, "The Makai Guy"
Win10 (64bit): FF 52.9.0 ESR (64bit), TB 60.3.1 (32-bit) ║ Android 8.0/7.1.1: FF Mobile 63.0.2 No TB for Android available, dammit!
What a fool believes he sees, no wise man has the power to reason away - Doobie Brothers

jscher2000

User avatar
 
Posts: 10356
Joined: December 19th, 2004, 12:26 am
Location: Silicon Valley, CA USA

Post Posted December 6th, 2018, 9:52 pm

Are you getting PUP.Conduit in the report about the file? That came up in another thread. I don't know what in the file was being detected. Possibly there is a reference to a sketchy extension in the preference that stores toolbar button information?

Return to Firefox Support


Who is online

Users browsing this forum: Bing [Bot] and 14 guests