Help Sought: When Using Mozilla Firefox AVG Reports Virus

If there's a risk of javascript in the HTML file that's being reported, surely opening it in a browser is asking for trouble.

Open the file in a text editor, look for any javascript. There shouldn't be any tags in that file - if there are, something has infected it.

Dan

Hi,

Has anybody come across the following problem?

AVG Free Edition (Virus Database: 487 Release Date: 2nd August, 2004) reports that the computer could be infected by a virus - JS/Fortnight in \\Mozilla\\Firefox\\Profiles\\Default.A4E\\Bookmarks.html

Is this overprotective AVG or a problem with Firefox? Any ideas? Please advise?

cya ??

There is no risk of JavaScript in the Bookmarks.html. Mozilla creates the file Bookmarks.html during the initial installation. When the user saves a web page URL Mozilla copies the URL into Bookmarks.html as a "Text Link".

It is the Links that might contain a redirect to a web site with malicious content, that can be seen in the Statue Bar on the bottom of the Mozilla window.

Michael

If a virus/worm has written javascript into the bookmarks.html file, then there is a risk if you just blindly open the file in any browser that supports javascript. I'm not talking about Mozilla adding links to the file, I'm talking about a possible issue if a virus/worm has been written to infect either specifically that file, or all html files on the infected pc. If AVG is reporting a possible virus in that file, it's possible that something has modified it outside of Mozilla, isn't it?

Dan

OK, lets explore that theory. The Bookmarks.html file is located in the user's Mozilla profile, this profile is a unique path with a unique pathname known only to Mozilla when Mozilla is installed. The user can further enhance the security of Mozilla if he/she uses a unique profile name in place of the "default profile".

If the virus/worm were to place a javascript into Bookmarks.html then the virus/worm would have to insert the payload javascript into all files marked .html, and AVG would be reporting virus/worms in hundreds of html files.

To put aside the fears of a javascript inside Bookmarks.html the OP could also open NotePad and navigate to his/her Mozilla profile and open Bookmarks.html. No known executable type code can execute inside a text only application. From there the OP can see if there is any javascript inside the file Bookmarks.html.

Michael

OK, easy overcome by a recursive find through the directory structure of the drive, and it wouldn't be the first virus to do this. Even crude VBS worms have had this using FileSystemObject calls, it's a matter of a few lines of simple code.

If there were hundreds of html files on the drive. With a cleanish install of Windows and only using Mozilla for browsing there would be only a couple. And if AVG is spitting up the message when opening Mozilla, it would indicate it's not being used to scan the drive, but only check as files are being opened (such as Bookmarks.html) - so it wouldn't alert on other html files unless they were being opened.

Which is what I recommended in my first post, and is what I always recommend when dealing with potentially infected HTML files.

Dan