Avast WEBforum
Other => Viruses and worms => Topic started by: REDACTED on April 22, 2017, 11:01:43 AM
-
Hi everyone.. new user here. Today out of the blue, I got a warning from Avast about Opera browser auto update; it was flagged as suspicious by EvoGen. I didn't get a screenshot of warning, but do have screenshot from the Report for File system shield (see attached).
At first I ignored it (was distracted) and just clicked close on the notification, then it popped up again.. this time I reported as possible false positive then clicked close again. In hindsight I might have sent it to chest or something first, but it seemed like a legit process. Later I opened Opera (which I rarely use) and it indeed did an update right away, so this seems like an FP by avast, but.. Is there any way to get that confirmed by Avast?
-
Test the file at VT (https://www.virustotal.com) and post the link to the result here.
-
My Opera updated to 44.0.2510.1218 (PGO) today and I didn't got a alert.
-
Test the file at VT (https://www.virustotal.com) and post the link to the result here.
Unfortunately the temp dll's flagged by Avast disappeared immediately afterwards (and they were not quarantined), so there's nothing to upload to VT. Is that normal for temporary files during an update process?
My Opera updated to 44.0.2510.1218 (PGO) today and I didn't got a alert.
Thanks.. I guess the fact that an update was pushed out makes this extremely unlikely to be anything but a false positive. Odd that Avast flagged mine but not yours.. perhaps our settings are a bit different. (My file system shield is on "normal" sensitivity, fwiw.)
-
Hello,
send us the detected files through https://www.avast.com/false-positive-file-form.php
Milos
-
Hello,
send us the detected files through https://www.avast.com/false-positive-file-form.php
Milos
Hi Milos, as I said, those temp files disappeared soon after, though I did use Avast's option to report a potential false positive at the time of the second detection.
FWIW, I also asked over at the Opera forums and they said it sounded like normal behavior for Opera during auto update was detected as a false positive 'virus dropper' by Avast's heuristics.
-
Hello,
the detected files should be in Avast's virus chest.
Milos
-
Hi Milos.. there are no files in the virus chest. I just noticed that my file system shield was set to delete suspicious files (I don't know why.. I didn't set it that way to my knowledge!), so maybe that's why?
-
Yes, change the settings to send the detected files to Virus chest and if this happen again send us the detected files using https://www.avast.com/false-positive-file-form.php
Milos