搜尋 Mozilla 技術支援網站

防止技術支援詐騙。我們絕對不會要求您撥打電話或發送簡訊,或是提供個人資訊。請用「回報濫用」功能回報可疑的行為。

了解更多

mozilla.cfg infected with Adware.PL.Besttoolbars.vl

more options

Gridinsoft Anti-Malware v.4.2.66 Report file date: 3/4/2023 14:35:47 Last update: 3/4/2023 14:35:47

Quick Scan started Scanning process...


c:\program files\mozilla firefox\mozilla.cfg ---- General PartOfThreat

Adware.PL.Besttoolbars.vl MD5: 18F38A5E209C9812EB124D0BB62E76C1:800


I have tried all means to remove this but still get the warning after each reboot with this infected file. Ran Spybot Search and Destroy, Gridinsoft Anti-Malware, MRT (twice, 23 hours each time), MSERT (twice)..., RogueKiller, and a few others.

Gridinsoft Anti-Malware v.4.2.66 Report file date: 3/4/2023 14:35:47 Last update: 3/4/2023 14:35:47 Quick Scan started Scanning process... ----- c:\program files\mozilla firefox\mozilla.cfg ---- General PartOfThreat Adware.PL.Besttoolbars.vl MD5: 18F38A5E209C9812EB124D0BB62E76C1:800 I have tried all means to remove this but still get the warning after each reboot with this infected file. Ran Spybot Search and Destroy, Gridinsoft Anti-Malware, MRT (twice, 23 hours each time), MSERT (twice)..., RogueKiller, and a few others.

被選擇的解決方法

Okay, it seems that the files are related, but I don't know why they were created. Maybe Spybot has some documentation on it.

從原來的回覆中察看解決方案 👍 0

所有回覆 (5)

more options

Are you able to view the contents of the mozilla.cfg file? For example, right-click > Open With, then choose Notepad or Wordpad (or another plain text editor).

It would be part of a two file startup script that modifies Firefox in some way. The other part would be here:

C:\Program Files\Mozilla Firefox\defaults\pref

In that folder, you should only find one file, named

channel-prefs.js

Any other file there is a customization you can remove. If your computer is managed by an IT department, though, check with them first.

Two Additional Notes:

(1) By default, Windows hides the .js file extension. You can set Windows to show all file extensions so it is clearer what kinds of files you are dealing with. This site has steps: https://www.bleepingcomputer.com/tutorials/how-to-show-file-extensions-in-windows/

(2) Do not double-click a .js file -- that causes Windows to execute it as a system script. To view its contents, right-click the file and choose Edit.

more options

text says:

lockPref("extensions.blocklist.enabled", true); lockPref("browser.safebrowsing.phishing.enabled", true); lockPref("browser.safebrowsing.malware.enabled", true); lockPref("browser.safebrowsing.blockedURIs.enabled", true); lockPref("browser.safebrowsing.downloads.enabled", true); lockPref("browser.safebrowsing.downloads.remote.enabled", true); lockPref("browser.safebrowsing.downloads.remote.block_dangerous", true); lockPref("browser.safebrowsing.downloads.remote.block_dangerous_host", true); lockPref("browser.safebrowsing.downloads.remote.block_potentially_unwanted", true); lockPref("browser.safebrowsing.downloads.remote.block_uncommon", true); lockPref("browser.pagethumbnails.capturing_disabled", false); lockPref("webgl.disabled", false); lockPref("webgl.enable-webgl2", true);


And C:\Program Files\Mozilla Firefox\defaults\pref has two files, here is screenshot of the second one. Beacon is part of Spybot.

Could the c:\program files\mozilla firefox\mozilla.cfg be a false positive?

more options

If you right-click > Edit antibeacon.js, does it point Firefox to mozilla.cfg?

Either way, the contents of mozilla.cfg do not look dangerous so I don't know what the alert was about, unless it also cleaned the file.

more options

pref("general.config.filename", "mozilla.cfg"); pref("general.config.obscure_value", 0);

more options

選擇的解決方法

Okay, it seems that the files are related, but I don't know why they were created. Maybe Spybot has some documentation on it.