Beware Opera.exe malware

Recently having had horrible problems with Chrome, I decided to give Opera another try yesterday.

Bad idea. It downloaded malware, win32:installer-AR[PUP]. I could see something was terribly wrong within a minute because my anti-virus was going nuts, so I uninstalled it and the two programs that it came bundled with (which may or may not have been legit).

I continued to have issues with unknown files wanting to download but fortunately Avast found and apparently removed the malware file.

Just wanted everyone to be aware that Opera is seriously compromised.

You have to be careful what site you download these things from.
The Opera installer should not be bundled with other programs.
Those other two programs that were bundled with it may have been what triggered your antivirus, rather than Opera itself (assuming what you downloaded was actually the Opera web browser).

Did you download it from the Opera.com website or from some place like CNET?
CNET is not trustworthy anymore.

"PUP" means Potentially Unwanted Program.
Not everything that is identified as a PUP is malware.
It is not necessarily bad -- it's just an unknown, and your antivirus is warning you that it can't give it the "all clear."
Adware that is bundled with other software is a PUP, and that may be what you got.

Of course it could be some other type of unidentified malware.
The last post on this Avast forum thread describes what a PUP is
http://forum.avast.com/index.php?topic=101419.0

Did you download Opera directly from Opera.com ?
If they actually bundle adware with their browser, they're no longer trustworthy.
However I don't see any WOT warning on the Opera.com website.

Hm. It seemed to me that I went to the official Opera site for the download. I know that Opera was badly compromised last year, as well.

The official Opera site seems to be a Clean site, if one is not sure there was a wonderful link released during the Bleeding Heart threat, it is a Combo of major Virus companies that Analyse the link in question:

https://www.virustotal.com/en/

Just copy and paste the link in question in the VirusTotal box and click on Analyse, if it gives you an older analyse date, then click on the "Reanalyse" button and you will get todays date.

I've been using Web of Trust for a while and have been saved several times from clicking on a site that looked legit. I recommend it.

I've been using virustotal for years and it is one of the best tools in my little virtual toolbox. You can also upload files and have it scan them. Web of Trust is also very helpful...

As Jenny says, you have to be very, very careful of where you download legitimate software from. The source is the only place I use any more. All my old trustworthy download sites like CNET, Tucows and others have gone to the darkside. CNET is one of the worst.

EDIT: I just Googled Opera and skipped the first option which was the Softpedia download site - which I've also had problems with - and went to the Opera website itself. I downloaded, right clicked the downloaded file and selected Scan with Malwarebytes which came up clean and then installed. No problems at all.

Hehe.
Now that you've downloaded the best browser, you should use it, Draclvr.



Gil.

hagatha. What kind of problems were you having with Chrome? I ask because I've also been having some problems with it.

Gil, I've REALLY tried it several time just because YOU like it, because for me that is a great recommendation! But I just can't get warm and fuzzy with it at all. I think I'm just too set in my ways...

Guys, I have something really wrong with my machine now. I've done boot scans with Avast and it comes up fine, but when I go onto Steam I get all sorts of pop-ups pushing their way to the fore demanding that I download this and suggesting that I have to do that, and even some loud video about how to make money on line.

It doesn't seem to be affecting this site, but Steam is now unusable for me.

I'm going to have to do a reinstall of my system.

SO much for having fun. All day today and yesterday it was non-stop computer stuff.

BTW, I've never done a system reinstall. Is it hard?

Have you done a complete scan with Malwarebytes yet? That would be the first thing to do after Avast.

What browser are you using to go to Steam? Check in the add-ons to see if there is anything nefarious there. Try a different browser and see what happens.

Sorry, Malwarebytes? Where do I get this?

I'm using IE to access Steam. I don't know what you mean about checking add-ons.

I'm just really stressed. I hope to god my system restore disk is okay. Otherwise I'm in trouble. The reason I say this is because my Acer recovery disks that I made when I bought my computer turned out not to work and it cost me a huge amount of money to fix it all. I'm utterly exhausted as we are trying to sell our house and this was my one chance to have a day off. SOme day off.

Okat, one of the pop-ups that keeps coming to the fore is an alleged game. I'm just going to see the name.

Also, one site that kept popping up in Steam was called Appimat. It was trying to get me to download something.

Download the free version of Malwarebytes here... Malwarebytes

Decline if they ask if you want a free trial of the Pro version. Run a full scan. Do this first. Get rid of anything it finds.

Then in IE, go to Tools and then Manage Add-ons. See what is listed there.

Try downloading Firefox and see if you get the same behavior. Firefox

Okay I ran the scan. It found stuff.

Now I cannot access the Internet. When I try I get error: The remote device won't accept the connection.

I disabled virus and firewall before malwarebytes install as directed. But they are now back on.

In add ons there is Avast, Microsoft live id sign in helper and a weird thing, Blog this in Live writer (listed ss not available).

Also now I see an error: proxy server is not responding.


I'm stumped.

Check Condobloke's 4th post on this thread
http://www.bleepingcomputer.com/forums/t/518464/ran-adwcleaner-now-cant-access-internet/


You don't have a restore point from before this mess, do you?
If that worked, it would be the easiest way.

I have no restores. I thought I made one but it's not there. All I have is a system restore disk.

The malware was removed I think. But I disabled my firewall and now the settings are wrong and I cant xhange them. Cannot set windows firewall to connect my home or private netwok. This function seema to be unavailable. I think this is the problem. If I could get it to connwct my home network it wouls be okay but I dont know how.

Sorry for the typos. Using my android device now.

Did you try either of Condobloke's solutions at
http://www.bleepingcomputer.com/forums/t/518464/ran-adwcleaner-now-cant-access-internet/

Yes I tried them. None of them worked.

And now I dont even get the error messages

This is odd. I connect to Steam no problem. But no IE connection. What does that mean?

Also my email works. This is getting strange. Explorer is on the firewall exceptions list so it isnt that.

I can also log into Uplay, which is how this all started.

It sounds like everything may be fixed except IE.
IE may be set to use a proxy.

These instructions are for IE9, but they show you how to check if your IE is set to use a proxy
http://www.wikihow.com/Enter-Proxy-Settings-in-Internet-Explorer

What you want is NOT to use a proxy, so if you see the proxy server box checked, then uncheck it and OK the change.

I did try that, too.

In the end its easier to restore my system.

Thanks for all the help. I now have Malwarebytes installed and know to stay away from CNET so I'm ahead of the game.

Edit: Everything seems to be working now, including Uplay. Thank heaven for System Restore. Having to download a few things is nothing compared to the alternative. I missed having restore points all those years of using Vista.

Oh, good news! I thought you said earlier that you said you didn't have any restore points.

It isn't just CNET. Somewhere here in Glitches I posted a link a couple of months ago to an article on the dangers of downloading from anywhere but the developer website.

Software Download Sites: Beware

And another...

Watch Out for These Download Danger Signs

Apparently my computer made a restore point right after I turned it on for the first time. I did make a restore disk, too, but having those restore points is much easier.

I definitely agree! It makes life much easier. Hope it's all smooth sailing for you now!

Oh yeah. This is a sweet computer, all in all.

Glad you are back to enjoying your lovely new computer, hagatha