etilqs xxxxxxxxxxxx

Discussion in 'other anti-malware software' started by tbay2athome, Jul 17, 2008.

Thread Status:
Not open for further replies.
  1. tbay2athome
    Offline

    tbay2athome Registered Member

    I upgraded to the latest version of Firefox 3.0.1 today on a couple of machines. Since then every time I start Firefox, a few minutes later WinPatrol alerts me on a new hidden file which is always in C:\Documents and Settings\myname\Local Settings\Temp\etilqs (followed by random numbers and letters and changes with every restart of Firefox).
    I'm pretty sure it isn't malware but does anybody know what function this file performs?
    Running Symantec corporateV10 and GeSWall paid.
    Thanks!
  2. tbay2athome
    Offline

    tbay2athome Registered Member

    I got a reply from Bill Pytlovany, developer of WinPatrol and he told me that by default the option to monitor hidden files is turned off because a lot of legitimate programs create hidden files. He also said the main reason for having this feature is to help clean up malware which does include partner programs which are hidden.
  3. G1111
    Offline

    G1111 Registered Member

    I get the same thing. I saved one of the files and it was 0 KB in size. No indication what it is, but it started happening after the 3.01 update to Firefox.
  4. prius04
    Offline

    prius04 Registered Member

  5. SystemJunkie
    Offline

    SystemJunkie Resident Conspiracy Theorist

    Yes but why are they created?
  6. prius04
    Offline

    prius04 Registered Member

    That is a question for someone who is one heck of a lot more knowledgeable than am I.

    Just speculating......(a) it could be that the use of sqlite *requires* that a temp file be specified, even if it's not utilized, (b) a temp file is used to write changes to the table before they're (ultimately) written to the sqlite files that reside in the profiles directory.

    Regardless, the important point (considering where this inquiry was posted) is that the file is there by design and is not malware.
  7. Bio-Hazard
    Offline

    Bio-Hazard Registered Member

    I am glad that i wasnt only one :) I have trying to hunt this temp file down. Well now i can stop ;)
  8. Bubba
    Offline

    Bubba Updates Team

    Do you have Spiceworks installed ?

    etilqs sqlite logs

    "random numbers and letters" bolding mine

    From Bugzilla@Mozilla – Bug 385470

    Thousands of "etilqs_******" files created in the TEMP folder
    Last edited: Jul 19, 2008
  9. tbay2athome
    Offline

    tbay2athome Registered Member

    Nope, on none of four different PCs.
  10. Franklin
    Offline

    Franklin Registered Member

    http://ychittaranjan.wordpress.com/2008/06/27/urlclassifier3sqlite-woes-on-firefox-3/
    Mozilla Article
    SQLiteSpy
  11. SystemJunkie
    Offline

    SystemJunkie Resident Conspiracy Theorist

    You never know everything no matter how knowledgeable you are, even Guru XYZ can´t know all spheres of knowledge in detail.

    Mainly created by firefox.

    It is easy to kill etilqs. Start Process Explorer > search handle > kill etilqs.

    By chance I caught a etilqs from memory but it is filled with kinda slackspace, visible invisibility.
    Last edited: Jul 28, 2008
Thread Status:
Not open for further replies.