Author Topic: Opera autoupdate FP? (Read 4655 times)

REDACTED · « **on:** April 22, 2017, 11:01:43 AM »

Hi everyone.. new user here. Today out of the blue, I got a warning from Avast about Opera browser auto update; it was flagged as suspicious by EvoGen. I didn't get a screenshot of warning, but do have screenshot from the Report for File system shield (see attached).

At first I ignored it (was distracted) and just clicked close on the notification, then it popped up again.. this time I reported as possible false positive then clicked close again. In hindsight I might have sent it to chest or something first, but it seemed like a legit process. Later I opened Opera (which I rarely use) and it indeed did an update right away, so this seems like an FP by avast, but.. Is there any way to get that confirmed by Avast?

Asyn · « **Reply #1 on:** April 22, 2017, 03:55:31 PM »

Test the file at VT (https://www.virustotal.com) and post the link to the result here.

Eddy · « **Reply #2 on:** April 22, 2017, 03:59:07 PM »

My Opera updated to 44.0.2510.1218 (PGO) today and I didn't got a alert.

REDACTED · « **Reply #3 on:** April 22, 2017, 11:40:01 PM »

Quote from: Asyn on April 22, 2017, 03:55:31 PM

Test the file at VT (https://www.virustotal.com) and post the link to the result here.

Unfortunately the temp dll's flagged by Avast disappeared immediately afterwards (and they were not quarantined), so there's nothing to upload to VT. Is that normal for temporary files during an update process?

Quote from: Eddy on April 22, 2017, 03:59:07 PM

My Opera updated to 44.0.2510.1218 (PGO) today and I didn't got a alert.

Thanks.. I guess the fact that an update was pushed out makes this extremely unlikely to be anything but a false positive. Odd that Avast flagged mine but not yours.. perhaps our settings are a bit different. (My file system shield is on "normal" sensitivity, fwiw.)

Milos · « **Reply #4 on:** April 24, 2017, 07:52:17 AM »

Hello,
send us the detected files through https://www.avast.com/false-positive-file-form.php

Milos

REDACTED · « **Reply #5 on:** April 24, 2017, 08:04:41 AM »

Quote from: Milos on April 24, 2017, 07:52:17 AM

Hello,
send us the detected files through https://www.avast.com/false-positive-file-form.php

Milos

Hi Milos, as I said, those temp files disappeared soon after, though I did use Avast's option to report a potential false positive at the time of the second detection.

FWIW, I also asked over at the Opera forums and they said it sounded like normal behavior for Opera during auto update was detected as a false positive 'virus dropper' by Avast's heuristics.

Milos · « **Reply #6 on:** April 24, 2017, 10:55:38 AM »

Hello,
the detected files should be in Avast's virus chest.

Milos

REDACTED · « **Reply #7 on:** April 26, 2017, 09:48:07 AM »

Hi Milos.. there are no files in the virus chest. I just noticed that my file system shield was set to delete suspicious files (I don't know why.. I didn't set it that way to my knowledge!), so maybe that's why?

Milos · « **Reply #8 on:** April 26, 2017, 12:40:55 PM »

Yes, change the settings to send the detected files to Virus chest and if this happen again send us the detected files using https://www.avast.com/false-positive-file-form.php

Milos

Author Topic: Opera autoupdate FP? (Read 4655 times)

REDACTED

Opera autoupdate FP?

Asyn

Re: Opera autoupdate FP?

Eddy

Re: Opera autoupdate FP?

REDACTED

Re: Opera autoupdate FP?

Milos

Re: Opera autoupdate FP?

REDACTED

Re: Opera autoupdate FP?

Milos

Re: Opera autoupdate FP?

REDACTED

Re: Opera autoupdate FP?

Milos

Re: Opera autoupdate FP?