etilqs xxxxxxxxxxxx

Discussion in 'other anti-malware software' started by tbay2athome, Jul 17, 2008.

Thread Status:
Not open for further replies.
  1. tbay2athome

    tbay2athome Registered Member

    Joined:
    May 24, 2008
    Posts:
    38
    I upgraded to the latest version of Firefox 3.0.1 today on a couple of machines. Since then every time I start Firefox, a few minutes later WinPatrol alerts me on a new hidden file which is always in C:\Documents and Settings\myname\Local Settings\Temp\etilqs (followed by random numbers and letters and changes with every restart of Firefox).
    I'm pretty sure it isn't malware but does anybody know what function this file performs?
    Running Symantec corporateV10 and GeSWall paid.
    Thanks!
     
  2. tbay2athome

    tbay2athome Registered Member

    Joined:
    May 24, 2008
    Posts:
    38
    I got a reply from Bill Pytlovany, developer of WinPatrol and he told me that by default the option to monitor hidden files is turned off because a lot of legitimate programs create hidden files. He also said the main reason for having this feature is to help clean up malware which does include partner programs which are hidden.
     
  3. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,034
    Location:
    USA
    I get the same thing. I saved one of the files and it was 0 KB in size. No indication what it is, but it started happening after the 3.01 update to Firefox.
     
  4. prius04

    prius04 Registered Member

    Joined:
    Apr 14, 2007
    Posts:
    1,191
    Location:
    USA
  5. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    Yes but why are they created?
     
  6. prius04

    prius04 Registered Member

    Joined:
    Apr 14, 2007
    Posts:
    1,191
    Location:
    USA
    That is a question for someone who is one heck of a lot more knowledgeable than am I.

    Just speculating......(a) it could be that the use of sqlite *requires* that a temp file be specified, even if it's not utilized, (b) a temp file is used to write changes to the table before they're (ultimately) written to the sqlite files that reside in the profiles directory.

    Regardless, the important point (considering where this inquiry was posted) is that the file is there by design and is not malware.
     
  7. Bio-Hazard

    Bio-Hazard Registered Member

    Joined:
    Jan 10, 2007
    Posts:
    529
    Location:
    Cornwall, UK
    I am glad that i wasnt only one :) I have trying to hunt this temp file down. Well now i can stop ;)
     
  8. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Do you have Spiceworks installed ?

    etilqs sqlite logs

    "random numbers and letters" bolding mine

    From Bugzilla@Mozilla – Bug 385470

    Thousands of "etilqs_******" files created in the TEMP folder
     
    Last edited: Jul 19, 2008
  9. tbay2athome

    tbay2athome Registered Member

    Joined:
    May 24, 2008
    Posts:
    38
    Nope, on none of four different PCs.
     
  10. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    http://ychittaranjan.wordpress.com/2008/06/27/urlclassifier3sqlite-woes-on-firefox-3/
    Mozilla Article
    SQLiteSpy
     
  11. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    You never know everything no matter how knowledgeable you are, even Guru XYZ can´t know all spheres of knowledge in detail.

    Mainly created by firefox.

    It is easy to kill etilqs. Start Process Explorer > search handle > kill etilqs.

    By chance I caught a etilqs from memory but it is filled with kinda slackspace, visible invisibility.
     
    Last edited: Jul 28, 2008
Thread Status:
Not open for further replies.