Virus on cache
-
@ullman said in Virus on cache:
So can we conclude that today's Windows Defender updated added some wrong AI scripts that now alert some normally generated cache files as a virus?
I don't know I don't use Defender, I use Avast
Ask MS I guess and ask them to improve their crappy product
PS. Can you please check if your Vivaldi browser creates new cache files every few seconds even when no website opened?
It does not, no. Where would those files be created?
-
This post is deleted! -
@ullman And you're using Vivaldi to post this? Then this page/tab would create cache files obviously.
Do you have open web panels that create cache files?
Do you have extensions installed that would create cache?If you mean the files in cache named
data_0todata_3andindexthose are always generated.The files named
f_<number>are cached files. If you have a program that allows you to look at file content you can easily see what they are (if you know a little about file headers). -
This post is deleted! -
@ullman I have no idea why these files are created then. There's always a reason, and no need to panic in any case.
I use Total Commander to quickly examine the content of any file.
Here's a PNG file in cache
Here's a JPG file:
HxD is a good hex editor for Windows:
https://mh-nexus.de/en/hxd/Here's a list of common file signatures:
https://en.wikipedia.org/wiki/List_of_file_signaturesA great tool from Nirsoft to allow you to see cache files and their sources.
https://www.nirsoft.net/utils/chrome_cache_view.html
Doesn't necessarily list everything though. -
This post is deleted! -
@ullman Send me the zipped file if you want and I could have a look what it actually is.
-
This post is deleted! -
@ullman said in Virus on cache:
No web panels opened, only start page. I only have 3 extension installed:
Maybe check for rogue "service worker" as well?
vivaldi://serviceworker-internals -
This post is deleted! -
This post is deleted! -
@ullman said in Virus on cache:
here you go: https://drive.google.com/file/d/11oUGVD2L2wcd1wa-mGxvxasnPLEfgqR2/view?usp=drive_link
Why did you not share it to everyone with the link, I had to request access
I have those, for me they look suspicious:
Of course, anything looks "suspicious" when you don't understand it.
Look at thechrome-extension://<extension_id>
Then open the extension manager, enable developer mode and find the same ID.
These are just manifest v3 extensions, and so have a service worker installed.
mpognobbkildjkofajifpdfhcoklimliis Vivaldi itself.So can extensions create cache files? I guess they can, because they also need to download stuff and do other things in the background.
-
This post is deleted! -
@ullman The cache file is a GZIP'd archive. Files are often downloaded in GZIP format to save bandwidth.
It unpacks to a JSON file containing:
https://0x0.st/XlLO.json
Hard to tell what's creating this - my guess would be it's some sort of list used by one of your extensions. So disable them all, delete cache and restart the browser with no tabs.It's certainly not a "dangerous" file as a JSON file can't do squat on its own.
-
@ullman They are all extensions (although as @Pathduck stated "mpognobbkildjkofajifpdfhcoklimli" is Vivaldi itself).
The others can be checked "easily" by using Guest Profile for a test, browse as usual for a bit and see if you get the same recurring alert.
At least you don't have any from "shady" websites
-
This post is deleted! -
@ullman, Avira is known for it's lack of privacy and bad behavior. Apart this extension isn't needed in a modern browser, Vivaldi itself and also the antimalware script in the inbuild adblocker are enough.
Apart also the Defender block any malware download, which even is blocked in the download menu.
DDG essentials is also not needed, because is included by default in the Vivaldi trackerblocker.
-
This post is deleted! -
@ullman Happy to have helped
Hopefully the OP @Inmazes will also return and let us know if the issue was also caused by the Avira extension or something else.
All we know it's not anything dangerous
π»Volunteer helper Β· Forum moderator Β· Sopranos tester π οΈTroubleshooting πReport a bug πMarkdown help
π¦"With a rubber duck, one's never alone" -Douglas Adamsπ¦ -
@Pathduck, in any case, it is good to take a Defender Trojan alarm seriously and run a scan to be sure.
Trust is good, but control is better in these cases. The Defender does not usually have false positives. It have probably discovered unusual web connections from this script, which may well be the case with Avira, known to share data
>Laptop ACER, AMD Ryzen, GPU AMD RadeonΒ RAM 16GB, SSD 512GB -Win11 Home 64 v24H2| Vivaldi last stable|
π Vivaldi linksπ My Themes
