I noticed a strange file, whose filepath was C:\extensions.sqlite on my XP SP3. I noticed the file when I had to check my Programs Files folder and the file's creation date was Feb. 3 2013 and it had a filesize of 0B. Out of my 4 machines (1x XP, 2x Vistas, 1x Win 7) my XP and one of my Vista machine are the ones that I use actively online to do things like check yahoo email, gmail, online shopping site called Play-Asia, and Paypal. I only use Firefox with NoScript and all of my machines have McAfee Internet Security installed.
When I checked my other machines, my Vista and XP were the only ones that had the file in that location. My other 2 machines that aren't used online as actively but I do update its program like Java, Flash Player, Adobe Reader, and Firefox didn't have this file.
I did a quick google search of "C:\extensions.sqlite" all of the results were related to malware. In addition, all of the results said something like "files created: C:\extensions.sqlite" for the malware. However, I did a full scan with McAfee and Malwarebytes Free 2 days ago and it found nothing. I deleted the file using SHIFT+Del and restarted my computer a couple of times with it disconnected from the Internet, but the file didn't recreate itself
So is this file a possible malware as it is mentioned on google? Or is it some kind of legitimate Windows related file?
I forgot to mention that on my XP machine the file's creation date was Feb. 3 2013 at 8:52am. For my Vista machine the file's creation date was Feb. 1 2013 at 9:34pm, which I wasn't connected to the Internet and was just writing a short double-spaced 1 and 1/2 page Word Document using Office 2007 Home.
I have the same zero-byte file in the C: root directory. The date on it is last July. And as far as I know my system is free of any malware.
There are lots of references to Firefox creating a file with this name, although usually in the Firefox profile section.
It doesn't matter if the file is deleted, I would have thought. It's no big deal, and nothing to worry about.
I see, but it is weird because my other two machines also have Firefox and when I update Firefox, I update it on all machines. Each of the Firefox on each machines are the same with the same versions of Adobe Reader, Adobe Flash, etc. But only the two that I frequently use had this file. Any idea, why it was just those two machines and not the other two?
Also do you have any idea why this file was listed as related to malware? I know the top search results was a threatexperts page that said a malware creates that file along with application data/dealcabby folder with some files.
When you said that Firefox may have dropped it in the wrong location, that doesn't make sense because for my Vista machine that has the file. The file was created Feb. 1 2013 at 9:34pm and on that night my machine wasn't connected to the internet at all and I didn't use Firefox. I also didn't use that machine at all until about 9pm, which after I turned it on I was only writing a word document.
I am going to download stinger and getsusp, but my ISP is having technical difficulties. Is there any chance, you or someone that has the same file in the same location run those programs? Whatever the results you or someone gets, I will assume that is the same for my machine. Since my machine are rarely used online it is probably clean.
Scanned my version of the extensions.sqlite with both stinger and getsusp and passed fine. Mine on windows 8 size 0kb 11/06/12 (that is 11th june )
Also scanned with latest malwarebytesMessage was edited by: Peacekeeper on 2/03/13 8:01:15 PM