Join the AMA (Ask Me Anything) with the Firefox leadership team to celebrate Firefox 20th anniversary and discuss Firefox’s future on Mozilla Connect. Mark your calendar on Thursday, November 14, 18:00 - 20:00 UTC!

This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

ابحث في الدعم

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

It looks like some troubles in firefox's folder

  • 3 ردود
  • 0 have this problem
  • 1 view
  • آخر ردّ كتبه Durandal

more options

Recently, when I was using firefox-nightly, the antivirus software prompted me that several virus files of type 'virus.js.unsafe.2' were detected in the 'entries' folder of firefox.

But I don't know where the virus is coming from for now, it could be an extension or a TamperMonkey plugin. so now I want to understand what the files in Firefox's entries folder do and where they come from?

I’m a Chinese. Sorry for my weak English levels

Recently, when I was using firefox-nightly, the antivirus software prompted me that several virus files of type 'virus.js.unsafe.2' were detected in the 'entries' folder of firefox. But I don't know where the virus is coming from for now, it could be an extension or a TamperMonkey plugin. so now I want to understand what the files in Firefox's entries folder do and where they come from? I’m a Chinese. Sorry for my weak English levels
Attached screenshots

الحل المُختار

Your English is much, much better than my Chinese.

The files under "cache2" are usually saved from pages as you browse, and are not part of an add-on's code or data. You may have visited a site with some malicious scripts.

It may be difficult to determine what site it was because the file names are nonsense. Firefox does provide an index of the contents of the disk cache on the about:cache page (type or paste that into your address bar and press Enter to load it, then use the link under Disk Cache). But it does not match up with the file names.

It's okay to delete those files, or to clear the entire web cache. If a cached file is missing, Firefox will request it again on the next visit to the site that needed it.

Reference: How to clear the Firefox cache

Read this answer in context 👍 1

All Replies (3)

more options

الحل المُختار

Your English is much, much better than my Chinese.

The files under "cache2" are usually saved from pages as you browse, and are not part of an add-on's code or data. You may have visited a site with some malicious scripts.

It may be difficult to determine what site it was because the file names are nonsense. Firefox does provide an index of the contents of the disk cache on the about:cache page (type or paste that into your address bar and press Enter to load it, then use the link under Disk Cache). But it does not match up with the file names.

It's okay to delete those files, or to clear the entire web cache. If a cached file is missing, Firefox will request it again on the next visit to the site that needed it.

Reference: How to clear the Firefox cache

more options

Those cache entries contain both meta date like the HTTP headers and the actual (compressed) file data, so you can possibly check those items in a Hex file viewing utility for more info.

more options

TO: @jscher2000, @cor-el

I really appreciate your help!

I've cleared all the files in the 'entries' folder and downgraded firefox-nightly back to the normal version, and it hasn't happened again in the last few days.

I also tried uploading the virus samples to VirusTotal for analysis, and only one of the antivirus programs indicated a 'Gzip bomb' - it looks like a countermeasure some sites are doing to prevent web crawlers.

Anyway, that's the end of it. Thanks again for your replies, it's been a big help for me!