It looks like some troubles in firefox's folder
Recently, when I was using firefox-nightly, the antivirus software prompted me that several virus files of type 'virus.js.unsafe.2' were detected in the 'entries' folder of firefox.
But I don't know where the virus is coming from for now, it could be an extension or a TamperMonkey plugin. so now I want to understand what the files in Firefox's entries folder do and where they come from?
I’m a Chinese. Sorry for my weak English levels
الحل المُختار
Your English is much, much better than my Chinese.
The files under "cache2" are usually saved from pages as you browse, and are not part of an add-on's code or data. You may have visited a site with some malicious scripts.
It may be difficult to determine what site it was because the file names are nonsense. Firefox does provide an index of the contents of the disk cache on the about:cache page (type or paste that into your address bar and press Enter to load it, then use the link under Disk Cache). But it does not match up with the file names.
It's okay to delete those files, or to clear the entire web cache. If a cached file is missing, Firefox will request it again on the next visit to the site that needed it.
Reference: How to clear the Firefox cache
Read this answer in context 👍 1All Replies (3)
الحل المُختار
Your English is much, much better than my Chinese.
The files under "cache2" are usually saved from pages as you browse, and are not part of an add-on's code or data. You may have visited a site with some malicious scripts.
It may be difficult to determine what site it was because the file names are nonsense. Firefox does provide an index of the contents of the disk cache on the about:cache page (type or paste that into your address bar and press Enter to load it, then use the link under Disk Cache). But it does not match up with the file names.
It's okay to delete those files, or to clear the entire web cache. If a cached file is missing, Firefox will request it again on the next visit to the site that needed it.
Reference: How to clear the Firefox cache
Those cache entries contain both meta date like the HTTP headers and the actual (compressed) file data, so you can possibly check those items in a Hex file viewing utility for more info.
TO: @jscher2000, @cor-el
I really appreciate your help!
I've cleared all the files in the 'entries' folder and downgraded firefox-nightly back to the normal version, and it hasn't happened again in the last few days.
I also tried uploading the virus samples to VirusTotal for analysis, and only one of the antivirus programs indicated a 'Gzip bomb' - it looks like a countermeasure some sites are doing to prevent web crawlers.
Anyway, that's the end of it. Thanks again for your replies, it's been a big help for me!