NOD repeatedly targeting legitimate file

Discussion in 'ESET NOD32 Antivirus' started by Dimitri001, Feb 22, 2013.

Thread Status:
Not open for further replies.
  1. Dimitri001

    Dimitri001 Registered Member

    Joined:
    Feb 22, 2013
    Posts:
    1
    Yesterday I started repeatedly getting reports of a "HTML/Iframe.B.Gen virus" in the file that Firefox uses for storing sessions, sessionstore.js, with the comment "Event occured during an attempt to access the file by the application firefox.exe."

    These would come up during browsing with firefox (presumably firefox keeps modifying the file while I'm using it, because it's able to restore a session after a crash).

    I'm not sure, but I think this started happening after I updated to Firefox 19, so I suspected that this is NOD making a mistake, that somethign changed in the way ffox modifies this file with the update and NOD is mistaking this normal activity by ffox for a virus. So as this kept popping up I kept clicking "no action" in response. Today, however, when I restarted ffox it didn't restore my previous session and there wasn't a sessionstore file from yesterday.

    So my questions are:

    1. is this really a virus or could it be that it's NOD making a mistake?

    2. I need my lost session back BAD, what could NOD have done with it? Could it be quarantined or something along those lines? Is there any hope I might find it somewhere?
     
  2. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    When exactly does NOD32 show the threat popup, when you start the browser, when you visit a particular website? And no I doubt it is an FP.

    I don't use FF, but by "session" do you mean that FF automatically launches the same websites that you had open when you closed FF?

    If YES, then if a website among those that was in your session is infected then NOD32 will alert you everytime you launch the same session, until the infected site is cleaned or no longer in the session.

    If I got it all wrong then i'm sorry ;)

    HTH :)
     
  3. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Please right-click the file in quarantine and select "Submit for analysis". Enclose the url to this thread in the Notes field in the submission form.
     
Thread Status:
Not open for further replies.