Beware Opera.exe malware
#950416
04/16/14 03:59 PM
04/16/14 03:59 PM
|
Joined: Nov 2000
Posts: 8,165 B.C. Canada
hagatha
OP
BAAG Specialist
|
OP
BAAG Specialist
Joined: Nov 2000
Posts: 8,165
B.C. Canada
|
Recently having had horrible problems with Chrome, I decided to give Opera another try yesterday.
Bad idea. It downloaded malware, win32:installer-AR[PUP]. I could see something was terribly wrong within a minute because my anti-virus was going nuts, so I uninstalled it and the two programs that it came bundled with (which may or may not have been legit).
I continued to have issues with unknown files wanting to download but fortunately Avast found and apparently removed the malware file.
Just wanted everyone to be aware that Opera is seriously compromised.
I think I'm quite ready for another adventure.
|
|
|
Re: Beware Opera.exe malware
[Re: hagatha]
#950421
04/16/14 04:19 PM
04/16/14 04:19 PM
|
Joined: Oct 2000
Posts: 40,644 southeast USA
Jenny100
GB Reviewer Glitches Moderator
|
GB Reviewer Glitches Moderator
Sonic Boomer
Joined: Oct 2000
Posts: 40,644
southeast USA
|
You have to be careful what site you download these things from. The Opera installer should not be bundled with other programs. Those other two programs that were bundled with it may have been what triggered your antivirus, rather than Opera itself (assuming what you downloaded was actually the Opera web browser). Did you download it from the Opera.com website or from some place like CNET? CNET is not trustworthy anymore. "PUP" means Potentially Unwanted Program. Not everything that is identified as a PUP is malware. It is not necessarily bad -- it's just an unknown, and your antivirus is warning you that it can't give it the "all clear." Adware that is bundled with other software is a PUP, and that may be what you got. Of course it could be some other type of unidentified malware. The last post on this Avast forum thread describes what a PUP is http://forum.avast.com/index.php?topic=101419.0Did you download Opera directly from Opera.com ? If they actually bundle adware with their browser, they're no longer trustworthy. However I don't see any WOT warning on the Opera.com website.
|
|
|
Re: Beware Opera.exe malware
[Re: hagatha]
#950428
04/16/14 04:24 PM
04/16/14 04:24 PM
|
Joined: Nov 2000
Posts: 8,165 B.C. Canada
hagatha
OP
BAAG Specialist
|
OP
BAAG Specialist
Joined: Nov 2000
Posts: 8,165
B.C. Canada
|
Hm. It seemed to me that I went to the official Opera site for the download. I know that Opera was badly compromised last year, as well.
I think I'm quite ready for another adventure.
|
|
|
Re: Beware Opera.exe malware
[Re: hagatha]
#950432
04/16/14 04:35 PM
04/16/14 04:35 PM
|
Joined: Mar 2004
Posts: 1,751 Rockland, Ontario, Canada
Starcom
Addicted Boomer
|
Addicted Boomer
Joined: Mar 2004
Posts: 1,751
Rockland, Ontario, Canada
|
The official Opera site seems to be a Clean site, if one is not sure there was a wonderful link released during the Bleeding Heart threat, it is a Combo of major Virus companies that Analyse the link in question: https://www.virustotal.com/en/Just copy and paste the link in question in the VirusTotal box and click on Analyse, if it gives you an older analyse date, then click on the "Reanalyse" button and you will get todays date.
|
|
|
Re: Beware Opera.exe malware
[Re: hagatha]
#950436
04/16/14 05:03 PM
04/16/14 05:03 PM
|
Joined: Jun 2005
Posts: 20,124 Near St. Louis, MO
Draclvr
Reviews Editor - Hints/Glitches Mod - Site Support
|
Reviews Editor - Hints/Glitches Mod - Site Support
True Blue Boomer
Joined: Jun 2005
Posts: 20,124
Near St. Louis, MO
|
I've been using virustotal for years and it is one of the best tools in my little virtual toolbox. You can also upload files and have it scan them. Web of Trust is also very helpful...
As Jenny says, you have to be very, very careful of where you download legitimate software from. The source is the only place I use any more. All my old trustworthy download sites like CNET, Tucows and others have gone to the darkside. CNET is one of the worst.
EDIT: I just Googled Opera and skipped the first option which was the Softpedia download site - which I've also had problems with - and went to the Opera website itself. I downloaded, right clicked the downloaded file and selected Scan with Malwarebytes which came up clean and then installed. No problems at all.
Once again, weeds are my life!
|
|
|
Re: Beware Opera.exe malware
[Re: Draclvr]
#950444
04/16/14 05:45 PM
04/16/14 05:45 PM
|
Joined: Jan 2010
Posts: 3,293 Rivellon
traveler
Addicted Boomer
|
Addicted Boomer
Joined: Jan 2010
Posts: 3,293
Rivellon
|
Hehe. Now that you've downloaded the best browser, you should use it, Draclvr. Gil.
"Best not to think about it. I don't want to fall to bits 'cos of excess existential thought."
|
|
|
Re: Beware Opera.exe malware
[Re: hagatha]
#950446
04/16/14 05:57 PM
04/16/14 05:57 PM
|
Joined: Jan 2006
Posts: 1,923 Texas
Terri824
Addicted Boomer
|
Addicted Boomer
Joined: Jan 2006
Posts: 1,923
Texas
|
hagatha. What kind of problems were you having with Chrome? I ask because I've also been having some problems with it.
When you live in the past, it costs you the present.
|
|
|
Re: Beware Opera.exe malware
[Re: hagatha]
#950451
04/16/14 06:32 PM
04/16/14 06:32 PM
|
Joined: Jun 2005
Posts: 20,124 Near St. Louis, MO
Draclvr
Reviews Editor - Hints/Glitches Mod - Site Support
|
Reviews Editor - Hints/Glitches Mod - Site Support
True Blue Boomer
Joined: Jun 2005
Posts: 20,124
Near St. Louis, MO
|
Gil, I've REALLY tried it several time just because YOU like it, because for me that is a great recommendation! But I just can't get warm and fuzzy with it at all. I think I'm just too set in my ways...
Once again, weeds are my life!
|
|
|
Re: Beware Opera.exe malware
[Re: hagatha]
#950463
04/16/14 08:34 PM
04/16/14 08:34 PM
|
Joined: Nov 2000
Posts: 8,165 B.C. Canada
hagatha
OP
BAAG Specialist
|
OP
BAAG Specialist
Joined: Nov 2000
Posts: 8,165
B.C. Canada
|
Guys, I have something really wrong with my machine now. I've done boot scans with Avast and it comes up fine, but when I go onto Steam I get all sorts of pop-ups pushing their way to the fore demanding that I download this and suggesting that I have to do that, and even some loud video about how to make money on line.
It doesn't seem to be affecting this site, but Steam is now unusable for me.
I'm going to have to do a reinstall of my system.
SO much for having fun. All day today and yesterday it was non-stop computer stuff.
BTW, I've never done a system reinstall. Is it hard?
I think I'm quite ready for another adventure.
|
|
|
Re: Beware Opera.exe malware
[Re: hagatha]
#950466
04/16/14 08:39 PM
04/16/14 08:39 PM
|
Joined: Jun 2005
Posts: 20,124 Near St. Louis, MO
Draclvr
Reviews Editor - Hints/Glitches Mod - Site Support
|
Reviews Editor - Hints/Glitches Mod - Site Support
True Blue Boomer
Joined: Jun 2005
Posts: 20,124
Near St. Louis, MO
|
Have you done a complete scan with Malwarebytes yet? That would be the first thing to do after Avast.
What browser are you using to go to Steam? Check in the add-ons to see if there is anything nefarious there. Try a different browser and see what happens.
Once again, weeds are my life!
|
|
|
Re: Beware Opera.exe malware
[Re: hagatha]
#950467
04/16/14 08:48 PM
04/16/14 08:48 PM
|
Joined: Nov 2000
Posts: 8,165 B.C. Canada
hagatha
OP
BAAG Specialist
|
OP
BAAG Specialist
Joined: Nov 2000
Posts: 8,165
B.C. Canada
|
Sorry, Malwarebytes? Where do I get this?
I'm using IE to access Steam. I don't know what you mean about checking add-ons.
I'm just really stressed. I hope to god my system restore disk is okay. Otherwise I'm in trouble. The reason I say this is because my Acer recovery disks that I made when I bought my computer turned out not to work and it cost me a huge amount of money to fix it all. I'm utterly exhausted as we are trying to sell our house and this was my one chance to have a day off. SOme day off.
Okat, one of the pop-ups that keeps coming to the fore is an alleged game. I'm just going to see the name.
Also, one site that kept popping up in Steam was called Appimat. It was trying to get me to download something.
Last edited by hagatha; 04/16/14 08:55 PM.
I think I'm quite ready for another adventure.
|
|
|
Re: Beware Opera.exe malware
[Re: hagatha]
#950470
04/16/14 09:04 PM
04/16/14 09:04 PM
|
Joined: Jun 2005
Posts: 20,124 Near St. Louis, MO
Draclvr
Reviews Editor - Hints/Glitches Mod - Site Support
|
Reviews Editor - Hints/Glitches Mod - Site Support
True Blue Boomer
Joined: Jun 2005
Posts: 20,124
Near St. Louis, MO
|
Download the free version of Malwarebytes here... Malwarebytes Decline if they ask if you want a free trial of the Pro version. Run a full scan. Do this first. Get rid of anything it finds. Then in IE, go to Tools and then Manage Add-ons. See what is listed there. Try downloading Firefox and see if you get the same behavior. Firefox
Once again, weeds are my life!
|
|
|
Re: Beware Opera.exe malware
[Re: hagatha]
#950476
04/16/14 09:36 PM
04/16/14 09:36 PM
|
Joined: Nov 2000
Posts: 8,165 B.C. Canada
hagatha
OP
BAAG Specialist
|
OP
BAAG Specialist
Joined: Nov 2000
Posts: 8,165
B.C. Canada
|
Okay I ran the scan. It found stuff.
Now I cannot access the Internet. When I try I get error: The remote device won't accept the connection.
I disabled virus and firewall before malwarebytes install as directed. But they are now back on.
In add ons there is Avast, Microsoft live id sign in helper and a weird thing, Blog this in Live writer (listed ss not available).
Also now I see an error: proxy server is not responding.
I'm stumped.
Last edited by hagatha; 04/16/14 09:42 PM.
I think I'm quite ready for another adventure.
|
|
|
Re: Beware Opera.exe malware
[Re: hagatha]
#950488
04/16/14 10:03 PM
04/16/14 10:03 PM
|
Joined: Nov 2000
Posts: 8,165 B.C. Canada
hagatha
OP
BAAG Specialist
|
OP
BAAG Specialist
Joined: Nov 2000
Posts: 8,165
B.C. Canada
|
I have no restores. I thought I made one but it's not there. All I have is a system restore disk.
The malware was removed I think. But I disabled my firewall and now the settings are wrong and I cant xhange them. Cannot set windows firewall to connect my home or private netwok. This function seema to be unavailable. I think this is the problem. If I could get it to connwct my home network it wouls be okay but I dont know how.
Sorry for the typos. Using my android device now.
I think I'm quite ready for another adventure.
|
|
|
Re: Beware Opera.exe malware
[Re: hagatha]
#950490
04/16/14 10:12 PM
04/16/14 10:12 PM
|
Joined: Oct 2000
Posts: 40,644 southeast USA
Jenny100
GB Reviewer Glitches Moderator
|
GB Reviewer Glitches Moderator
Sonic Boomer
Joined: Oct 2000
Posts: 40,644
southeast USA
|
Did you try either of Condobloke's solutions at http://www.bleepingcomputer.com/forums/t/518464/ran-adwcleaner-now-cant-access-internet/Please click Start > Run, type inetcpl.cpl in the runbox and press enter. Click the Connections tab and click the LAN settings option. Verify if "Use a proxy..." is checked, if so, UNcheck it and click OK/OK to exit. Now check if the internet is working again.
OR
Go to Start ... Run and type in cmd A dos Window will appear. Type in the dos window:
netsh winsock reset
Click on the enter key. Reboot your system to complete the process.
If needed : type these one line at a time, press enter after each line. See if it works after each.
netsh interface ipv4 reset netsh interface ipv6 reset ipconfig /flushdns
|
|
|
Re: Beware Opera.exe malware
[Re: Jenny100]
#950491
04/16/14 10:13 PM
04/16/14 10:13 PM
|
Joined: Nov 2000
Posts: 8,165 B.C. Canada
hagatha
OP
BAAG Specialist
|
OP
BAAG Specialist
Joined: Nov 2000
Posts: 8,165
B.C. Canada
|
Yes I tried them. None of them worked.
And now I dont even get the error messages
Last edited by hagatha; 04/16/14 10:14 PM.
I think I'm quite ready for another adventure.
|
|
|
Re: Beware Opera.exe malware
[Re: hagatha]
#950493
04/16/14 10:23 PM
04/16/14 10:23 PM
|
Joined: Nov 2000
Posts: 8,165 B.C. Canada
hagatha
OP
BAAG Specialist
|
OP
BAAG Specialist
Joined: Nov 2000
Posts: 8,165
B.C. Canada
|
This is odd. I connect to Steam no problem. But no IE connection. What does that mean?
Also my email works. This is getting strange. Explorer is on the firewall exceptions list so it isnt that.
I can also log into Uplay, which is how this all started.
Last edited by hagatha; 04/16/14 10:31 PM.
I think I'm quite ready for another adventure.
|
|
|
Re: Beware Opera.exe malware
[Re: hagatha]
#950498
04/16/14 10:47 PM
04/16/14 10:47 PM
|
Joined: Oct 2000
Posts: 40,644 southeast USA
Jenny100
GB Reviewer Glitches Moderator
|
GB Reviewer Glitches Moderator
Sonic Boomer
Joined: Oct 2000
Posts: 40,644
southeast USA
|
It sounds like everything may be fixed except IE. IE may be set to use a proxy. These instructions are for IE9, but they show you how to check if your IE is set to use a proxy http://www.wikihow.com/Enter-Proxy-Settings-in-Internet-ExplorerWhat you want is NOT to use a proxy, so if you see the proxy server box checked, then uncheck it and OK the change.
|
|
|
Re: Beware Opera.exe malware
[Re: hagatha]
#950501
04/16/14 11:09 PM
04/16/14 11:09 PM
|
Joined: Nov 2000
Posts: 8,165 B.C. Canada
hagatha
OP
BAAG Specialist
|
OP
BAAG Specialist
Joined: Nov 2000
Posts: 8,165
B.C. Canada
|
I did try that, too.
In the end its easier to restore my system.
Thanks for all the help. I now have Malwarebytes installed and know to stay away from CNET so I'm ahead of the game.
Edit: Everything seems to be working now, including Uplay. Thank heaven for System Restore. Having to download a few things is nothing compared to the alternative. I missed having restore points all those years of using Vista.
Last edited by hagatha; 04/17/14 01:46 AM.
I think I'm quite ready for another adventure.
|
|
|
Re: Beware Opera.exe malware
[Re: hagatha]
#950592
04/17/14 10:30 AM
04/17/14 10:30 AM
|
Joined: Jun 2005
Posts: 20,124 Near St. Louis, MO
Draclvr
Reviews Editor - Hints/Glitches Mod - Site Support
|
Reviews Editor - Hints/Glitches Mod - Site Support
True Blue Boomer
Joined: Jun 2005
Posts: 20,124
Near St. Louis, MO
|
Oh, good news! I thought you said earlier that you said you didn't have any restore points. It isn't just CNET. Somewhere here in Glitches I posted a link a couple of months ago to an article on the dangers of downloading from anywhere but the developer website. Software Download Sites: Beware And another... Watch Out for These Download Danger Signs
Once again, weeds are my life!
|
|
|
Re: Beware Opera.exe malware
[Re: hagatha]
#950639
04/17/14 04:35 PM
04/17/14 04:35 PM
|
Joined: Nov 2000
Posts: 8,165 B.C. Canada
hagatha
OP
BAAG Specialist
|
OP
BAAG Specialist
Joined: Nov 2000
Posts: 8,165
B.C. Canada
|
Apparently my computer made a restore point right after I turned it on for the first time. I did make a restore disk, too, but having those restore points is much easier.
I think I'm quite ready for another adventure.
|
|
|
Re: Beware Opera.exe malware
[Re: hagatha]
#950643
04/17/14 04:47 PM
04/17/14 04:47 PM
|
Joined: Jun 2005
Posts: 20,124 Near St. Louis, MO
Draclvr
Reviews Editor - Hints/Glitches Mod - Site Support
|
Reviews Editor - Hints/Glitches Mod - Site Support
True Blue Boomer
Joined: Jun 2005
Posts: 20,124
Near St. Louis, MO
|
I definitely agree! It makes life much easier. Hope it's all smooth sailing for you now!
Once again, weeds are my life!
|
|
|
Re: Beware Opera.exe malware
[Re: hagatha]
#950685
04/17/14 09:22 PM
04/17/14 09:22 PM
|
Joined: Nov 2000
Posts: 8,165 B.C. Canada
hagatha
OP
BAAG Specialist
|
OP
BAAG Specialist
Joined: Nov 2000
Posts: 8,165
B.C. Canada
|
Oh yeah. This is a sweet computer, all in all.
I think I'm quite ready for another adventure.
|
|
|
|
|