Is Prefs.js File a Virus?

Is Prefs.js File a Virus?

The article will help you understand what is the Prefs.js file and how to remove it if needed. Follow the removal instructions given at the end if you are sure you need to remove it.

Prefs.js is a completely legitimate file, which is responsible for keeping the preferences for the Mozilla Firefox browser. Those preferences include Privacy settings, along with what theme is in use and for other features to stay turned on or off. As much as this file is important for the browser to run the way you like it, it is also detected by some anti-malware software programs. The reason for those detections is because malware such as a browser hijacker or adware has modified or affected that Prefs.js file and the security tool makes an association between the file and the malware. The most noticeable change you can see when Prefs.js is altered is when you browse you will be redirected or see lots of ads.

Threat Summary

TypeJavaScript File
Short DescriptionPrefs.js is a legitimate file used by the Mozilla Firefox and browsers based on it. Sometimes AV vendors could detect that file because of scripts, false positives or mainly because the file has been affected by malware.
SymptomsIn case the file is modified by malware such as browser hijackers, redirects or adware, some browser settings get changed. The home page, new tab, extensions, themes, privacy settings could be altered. You could experience redirects, lots of new tabs popping up or multiple advertisements showing when you browse and you can’t reverse those settings no matter how you try to save them.
Distribution MethodsFreeware Installations, Bundled Packages, Extensions, Malware
Detection Tool See If Your System Has Been Affected by Prefs.js


Malware Removal Tool

User ExperienceJoin Our Forum to Discuss Prefs.js.

Prefs.js – What Is It?

Prefs.js is a file that comes with the browser Mozilla Firefox and all its variations and forks, such as Nightly or PaleMoon for instance. That JavaScript file keeps various and mostly all preferences associated with Firefox browsers.

You can preview the contents of the file from the below screenshot:

Look at what is explicitly said in the beginning of that file by the developers of Mozilla Firefox:

# Mozilla User Preferences

/* Do not edit this file.
* If you make changes to this file while the application is running,
* the changes will be overwritten when the application exits.

This file is not made to be edited from people who do not know how to do so and what the result will be. You shouldn’t be tampering with it, but probably an application you have installed without realizing has altered the file. That can be easily spotted if you witness changes in preferences and tweaks of your browser.

The following settings and preferences are contained in Prefs.js:

  • Themes
  • Home page
  • Download location for files
  • Toggle for remembering passwords
  • History settings (as is it “saved” or not)
  • Incognito mode settings
  • Other tracking settings
  • Sending Reports and Telemetry setting
  • Update settings

As you can see above, that is quite the long list and it will take you a while to change those settings back if needed. Installing an extension could modify those preferences to something you don’t want.

Prefs.js – Where Is It Located?

The Prefs.js is located on your computer on one of your disk drives. By knowing its location you can open it with notepad, make changes, try to restore previous versions, or switch it with a new Prefs.js file to make sure it is clean.

The following Windows command is used to access a folder which contains another, randomly named folder to finally reach the Prefs.js file:


That command will open a folder, which has only one sub-folder, containing lots of files related to the browser, including the Prefs.js file itself. You can see the contents of that sub-folder right down here in the picture:

The full directory in this case is:


Another way to access the file, or to make changes inside it rather, is by typing about:config into your browser. However, that will show the following warning page, before unlocking the page with the actual code:

The text states the following:

This might void your warranty!
Changing these advanced settings can be harmful to the stability, security, and performance of this application. You should only continue if you are sure of what you are doing.

Also, if you go into the directory and open the file, there will be another warning inside, which we mentioned above when describing the contents of Prefs.js. Make sure you know what you are doing, before making any changes or make a copy of the file beforehand so you have a backup if you mess things up and want to restore it.

Prefs.js – Why Is It Detected by Security Tools?

Prefs.js is detected by Anti-malware and security tools only in the case that the file is somehow connected to malware. That can happen in various ways, but it is certainly an indication of the file being tampered with or directly affected by some form of malware. In most cases that malware is a browser hijacker, redirect or adware.

The adware spams you with advertisements, which can cover the whole page; they can be triggered upon clicking on specific locations on a page, including links; or appear as pop-ups and on the side of pages on a website. The redirect is simply made to modify the browser so redirects you when a certain action is met, or from every single link and tab. The browser hijacker can be a combination of adware with redirects or something in a milder form. In all cases, that is not only highly annoying, but could end up having a serious impact on your browsing and work.

If you have any doubts or see any of the abovementioned symptoms you should immediately check your browsers and computer systems for any suspicious software and also do a scan with a security tool.

Should You Remove Prefs.js?

There is no real harm in manually locating the file and straight out deleting it. Your browser, be it the original Firefox, one of its other official editions or a fork written on the same code, will still save your Bookmarks and Add-ons. Besides, any Firefox browser will create a new Prefs.js on its launch and any new changes will be saved on it, afterward.

Here are browsers which use the file:

  • Mozilla Firefox
  • Nightly
  • Aurora
  • PaleMoon
  • Waterfox
  • Comodo IceDragon
  • xB Browser
  • Flock

All of the browser builds elicited above will have a Prefs.js, while some may put it inside the main drive they are installed on. You should just type the name of the file and do a search if it’s not found in its usual place.

In case you do not want to lose any of the preferences saved by that file or there is seemingly some malware on your system that keeps modifying the file, you should consider scanning your system by following the step-by-step removal instructions provided below. If the manual removal does not get rid of the malware causing the changes and its files completely, you should search for and remove any leftovers with an advanced anti-malware tool. Such a tool can keep your computer safe in the future.

Berta Bilbao

Berta is a dedicated malware researcher, dreaming for a more secure cyber space. Her fascination with IT security began a few years ago when a malware locked her out of her own computer.

More Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share