Is anyone familiar with this message in Kapersky Internet Security 2010?

enter image description here

Hi I just started my computer up & opened a website for my checking my mail, when I opened a Kaspersky Internet Security 2010 window popped up.

C:\Documents and Settings\username\Local Settings\Application Data\Mozilla\Firefox\Profiles\rse47wp8.default\Cache\C\79\D5CC9d01

Does anyone is familiar with this? I checked the path and this path doesn't exist. I couldn't remember that I have a file of D5CC9d01 once. Can somebody please tell me if this is a virus or not?

Thanks

tintincutes

Posted 2012-08-31T19:24:52.400

Reputation: 1 087

1Please provide us a screenshot of the message. Of course...I would just clear the cache for Firefox and be done with it. – Ramhound – 2012-08-31T19:26:46.340

Can you Please provide the Exact Message displayed in the Popup, so that we can understand the problem. – Ankit – 2012-08-31T19:32:50.920

@Ramhound: I just edited my answer. Please see the image above – tintincutes – 2012-08-31T19:32:58.080

@Lamb: I just edited my answer, can you see the image? I don't understand why my question is -1 now? :( – tintincutes – 2012-08-31T19:38:45.263

@tintincutes - Because this question isn't a good question. Your security program is saying that the file you quarantined is not actually infected. So your question does not make a great deal of sense. – Ramhound – 2012-08-31T19:43:32.747

@tintincutes Its not me. – Ankit – 2012-08-31T19:43:58.363

1I don't think the question is that bad. The security application is alerting on a clean file in quarantine. Depending on how the file got there (possibly by a previous action, or by magic), it's a valid question. – dangowans – 2012-08-31T20:09:39.297

Ramhound does not actually help any one, just critiques questions and makes assumptions here on SU.... – Moab – 2012-08-31T21:31:01.210

@Moab Views may differ, everybody has his right at SU, nothing personal here. – Ankit – 2012-08-31T22:31:08.900

Everyone has it, few exercise it. – Moab – 2012-09-01T01:19:54.773

Answers

The file that concerns you a Firefox browser cache file, a file temporarily saved to disk during a browsing session. It's saved to disk so you don't have to hit the network for it if for some reason it needs to read it more than once. This can be a shared image file (think a logo), some common code for javascript, or even to keep it around for your Back button and your history.

These files are only for Firefox to look at, so the filename is a jumble. It may have originally been this_is_a_pic_of_a_dog.gif, but in your cache it is D5CC9d01. As long as the browser knows what D5CC9d01 is, you don't need to.

As a cache file, since the browser knows it came from the network and can get it from the network at any time, it's free to delete it at any time.

So, what I think happened: you browsed some site, it put some html or javascript in a file in your cache. As it was churning, Kaspersky thought something wrong with the file and flagged it. Meanwhile, by the time you got to it, Firefox already deleted it. So don't worry about this particular file.

In rare cases, Javascript and HTML can cause harm to files, or spread malware, mostly by exploiting bugs in browsers. I'd keep my browser updated, look into NoScript and FlashBlock and such.

Rich Homolka

Posted 2012-08-31T19:24:52.400

Reputation: 27 121

As Rich Homolka mentioned, the path is pointing to a file within the Firefox browser cache, so that is likely why you do not recognize the name. It means nothing to you. Only Firefox really knows what document or image from your web travels that the file represents.

In the Kapersky message, it says Quarantined file is clean. You are advised to restore it.. I think that's the biggest reason why you can't find the file. The file is actually in the Kapersky quarantine folder. The message is just showing the original location of the file.

For some reason, Kapersky determined that the cached file was malicious and moved it to a safe location to further check it out. Maybe it was an image with something fishy in the background data. Maybe it was a dirty JavaScript file. Whatever it was, Kapersky did not like it, and moved the file to a quarantine folder for cleaning. Were you on a bad website when this message popped up? (You don't need to answer that.)

The message indicates that the file has been cleaned successfully, and can be moved back to its original location. If you said "Restore", the file would then return to the path mentioned. Until then though, it will remain in quarantine. Because the file is just a cached file from web browsing, it's not that crucial to restore it. Next time you visit the site, you'll just get a new copy.

dangowans

Posted 2012-08-31T19:24:52.400

Reputation: 1 774