I upgraded to the latest version of Firefox 3.0.1 today on a couple of machines. Since then every time I start Firefox, a few minutes later WinPatrol alerts me on a new hidden file which is always in C:\Documents and Settings\myname\Local Settings\Temp\etilqs (followed by random numbers and letters and changes with every restart of Firefox).
I'm pretty sure it isn't malware but does anybody know what function this file performs?
Running Symantec corporateV10 and GeSWall paid.
Thanks!

I got a reply from Bill Pytlovany, developer of WinPatrol and he told me that by default the option to monitor hidden files is turned off because a lot of legitimate programs create hidden files. He also said the main reason for having this feature is to help clean up malware which does include partner programs which are hidden.

{QUOTE-> I upgraded to the latest version of Firefox 3.0.1 today on a couple of machines. Since then every time I start Firefox, a few minutes later WinPatrol alerts me on a new hidden file which is always in C:\Documents and Settings\myname\Local Settings\Temp\etilqs (followed by random numbers and letters and changes with every restart of Firefox).
I'm pretty sure it isn't malware but does anybody know what function this file performs?
Running Symantec corporateV10 and GeSWall paid.
Thanks! <-QUOTE}

I get the same thing. I saved one of the files and it was 0 KB in size. No indication what it is, but it started happening after the 3.01 update to Firefox.

etilqs = sqlite

http://www.sqlite.org/

Yes but why are they created?

That is a question for someone who is one heck of a lot more knowledgeable than am I.

Just speculating......(a) it could be that the use of sqlite *requires* that a temp file be specified, even if it's not utilized, (b) a temp file is used to write changes to the table before they're (ultimately) written to the sqlite files that reside in the profiles directory.

Regardless, the important point (considering where this inquiry was posted) is that the file is there by design and is not malware.

I am glad that i wasnt only one :) I have trying to hunt this temp file down. Well now i can stop ;)

{QUOTE-> hidden file which is always in C:\Documents and Settings\myname\Local Settings\Temp\etilqs (followed by random numbers and letters
~snip~
I'm pretty sure it isn't malware but does anybody know what function this file performs? <-QUOTE}Do you have Spiceworks (http://www.spiceworks.com/) installed ?

etilqs sqlite logs (http://community.spiceworks.com/topic/8891)

{QUOTE-> Spiceworks produces sqlite log files (?) prefixed with "etilqs....." in the "\local settings\temp" drive of the domain Administrator account.
~snip~
Below is a line from Process Monitor showing the write of the etilqs file:

318784 16:43:38.2476080 spiceworks.exe 2596 WriteFile C:\Documents and Settings\Administrator.<our domain>\Local Settings\Temp\etilqs_1icqibPV47RobHbOR57T SUCCESS Offset: 5,120, Length: 1,024 <-QUOTE}"random numbers and letters" bolding mine

From Bugzilla@Mozilla – Bug 385470

Thousands of "etilqs_******" files created in the TEMP folder (https://bugzilla.mozilla.org/show_bug.cgi?id=385470)

{QUOTE-> Do you have Spiceworks (http://www.spiceworks.com/) installed ? <-QUOTE}

Nope, on none of four different PCs.

{QUOTE-> The urlclassifier2.sqlite file contains information on known phishing sites that is used to warn you should you visit one. The information is downloaded by default from a Google database once a day. This functionality can be modified or turned off in “Tools → Options → Security / Tell me... forgery”.

Originally, a file named urlclassifier.sqlite was used, but the format had to be changed because the file (obviously) contained references to phishing sites, which anti-virus software noticed and complained about. urlclassifier2.sqlite obfuscates the names of the sites to prevent this from happening. <-QUOTE}
http://ychittaranjan.wordpress.com/2008/06/27/urlclassifier3sqlite-woes-on-firefox-3/
Mozilla Article (http://kb.mozillazine.org/Urlclassifier2.sqlite)
SQLiteSpy (http://www.yunqa.de/delphi/doku.php/products/sqlitespy/index)

{QUOTE-> That is a question for someone who is one heck of a lot more knowledgeable than am I. <-QUOTE}You never know everything no matter how knowledgeable you are, even Guru XYZ can´t know all spheres of knowledge in detail.

Mainly created by firefox.

It is easy to kill etilqs. Start Process Explorer > search handle > kill etilqs.

By chance I caught a etilqs from memory but it is filled with kinda slackspace, visible invisibility.