NOD repeatedly targeting legitimate file

Yesterday I started repeatedly getting reports of a "HTML/Iframe.B.Gen virus" in the file that Firefox uses for storing sessions, sessionstore.js, with the comment "Event occured during an attempt to access the file by the application firefox.exe."

These would come up during browsing with firefox (presumably firefox keeps modifying the file while I'm using it, because it's able to restore a session after a crash).

I'm not sure, but I think this started happening after I updated to Firefox 19, so I suspected that this is NOD making a mistake, that somethign changed in the way ffox modifies this file with the update and NOD is mistaking this normal activity by ffox for a virus. So as this kept popping up I kept clicking "no action" in response. Today, however, when I restarted ffox it didn't restore my previous session and there wasn't a sessionstore file from yesterday.

So my questions are:

1. is this really a virus or could it be that it's NOD making a mistake?

2. I need my lost session back BAD, what could NOD have done with it? Could it be quarantined or something along those lines? Is there any hope I might find it somewhere?

 

When exactly does NOD32 show the threat popup, when you start the browser, when you visit a particular website? And no I doubt it is an FP.

I don't use FF, but by "session" do you mean that FF automatically launches the same websites that you had open when you closed FF?

If YES, then if a website among those that was in your session is infected then NOD32 will alert you everytime you launch the same session, until the infected site is cleaned or no longer in the session.

If I got it all wrong then i'm sorry

HTH

 

Please right-click the file in quarantine and select "Submit for analysis". Enclose the url to this thread in the Notes field in the submission form.