Virus on cache
-
This post is deleted! -
@ullman said in Virus on cache:
here you go: https://drive.google.com/file/d/11oUGVD2L2wcd1wa-mGxvxasnPLEfgqR2/view?usp=drive_link
Why did you not share it to everyone with the link, I had to request access
I have those, for me they look suspicious:
Of course, anything looks "suspicious" when you don't understand it.
Look at thechrome-extension://<extension_id>
Then open the extension manager, enable developer mode and find the same ID.
These are just manifest v3 extensions, and so have a service worker installed.
mpognobbkildjkofajifpdfhcoklimliis Vivaldi itself.So can extensions create cache files? I guess they can, because they also need to download stuff and do other things in the background.
-
This post is deleted! -
@ullman The cache file is a GZIP'd archive. Files are often downloaded in GZIP format to save bandwidth.
It unpacks to a JSON file containing:
https://0x0.st/XlLO.json
Hard to tell what's creating this - my guess would be it's some sort of list used by one of your extensions. So disable them all, delete cache and restart the browser with no tabs.It's certainly not a "dangerous" file as a JSON file can't do squat on its own.
-
@ullman They are all extensions (although as @Pathduck stated "mpognobbkildjkofajifpdfhcoklimli" is Vivaldi itself).
The others can be checked "easily" by using Guest Profile for a test, browse as usual for a bit and see if you get the same recurring alert.
At least you don't have any from "shady" websites
-
This post is deleted! -
@ullman, Avira is known for it's lack of privacy and bad behavior. Apart this extension isn't needed in a modern browser, Vivaldi itself and also the antimalware script in the inbuild adblocker are enough.
Apart also the Defender block any malware download, which even is blocked in the download menu.
DDG essentials is also not needed, because is included by default in the Vivaldi trackerblocker.
-
This post is deleted! -
@ullman Happy to have helped
Hopefully the OP @Inmazes will also return and let us know if the issue was also caused by the Avira extension or something else.
All we know it's not anything dangerous
๐ปVolunteer helper ยท Forum moderator ยท Sopranos tester ๐ ๏ธTroubleshooting ๐Report a bug ๐Markdown help
๐ฆ"With a rubber duck, one's never alone" -Douglas Adams๐ฆ -
@Pathduck, in any case, it is good to take a Defender Trojan alarm seriously and run a scan to be sure.
Trust is good, but control is better in these cases. The Defender does not usually have false positives. It have probably discovered unusual web connections from this script, which may well be the case with Avira, known to share data
>Laptop ACER, AMD Ryzen, GPU AMD Radeonย RAM 16GB, SSD 512GB -Win11 Home 64 v24H2| Vivaldi last stable|
๐ Vivaldi links๐ My Themes
-
@Catweazle said in Virus on cache:
The Defender does not usually have false positives.
No, never...
https://www.google.com/search?q=Phonzy+"false+positive"&num=100It have probably discovered unusual web connections from this script,
A JSON file in the browser's cache cannot make "unusual connections" or any connection at all.
But yeah, false positives are a PITA, I'm not saying Avast doesn't have its fair share of those...
I get this for instance trying to watch the biggest TV channel here (still works fine though, just annoying):
And this when trying to download the latest PuTTY:
The difference of course, is that I don't panic and think the browser or my system is "infected" - I know what this - false positives - and I will report them, as soon as I can be bothered.
๐ปVolunteer helper ยท Forum moderator ยท Sopranos tester ๐ ๏ธTroubleshooting ๐Report a bug ๐Markdown help
๐ฆ"With a rubber duck, one's never alone" -Douglas Adams๐ฆ -
@Pathduck, mot at all, see also the answer of M$
https://answers.microsoft.com/en-us/windows/forum/all/potential-false-positive/d637f10d-9d90-4aac-bf7c-1f88acda3e88>Laptop ACER, AMD Ryzen, GPU AMD Radeonย RAM 16GB, SSD 512GB -Win11 Home 64 v24H2| Vivaldi last stable|
๐ Vivaldi links๐ My Themes
-
@Catweazle Ya, let's see MS try telling that to all the people panicking and continuously posting "Halp my PC is infected" on help forums all over the web because Defender detected a "scary file".
๐ปVolunteer helper ยท Forum moderator ยท Sopranos tester ๐ ๏ธTroubleshooting ๐Report a bug ๐Markdown help
๐ฆ"With a rubber duck, one's never alone" -Douglas Adams๐ฆ -
@Pathduck, even if it is not a virus, it is a "scary file", at least what is known as PUP and better not to have. The Defender is certainly somewhat histeric with files in protected folders, but at least I had never issues with false positives in W10.
-
@Pathduck Welp I was kinda scared yesterday but I tried another antivirus and the problem was solved.
It's weird because I didn't seem to find the origin of the virus, and I was worried more about my PC integrity than to analyze the virus, but thanks for the help anyway.
Ironically, I installed Avira lol -
@Inmazes Yes, this is the problem. People get these alerts, they panic, flounder around, maybe go to the step of reinstalling the OS or installing (yet) another AV in the hope this will "fix" things.
When all it is is a false positive.
IMO AV vendors should stop notifying users of this at all. It causes panic and confusion. If the "virus" is put into Quarantine and deleted then there's nothing the user should need to know. A good AV should work silently in the background. Defender takes the opposite approach - "Look at me I caught a virus!"
๐ปVolunteer helper ยท Forum moderator ยท Sopranos tester ๐ ๏ธTroubleshooting ๐Report a bug ๐Markdown help
๐ฆ"With a rubber duck, one's never alone" -Douglas Adams๐ฆ -
@Pathduck, every AV say it when it found an Malware or suspicious file, It would be sad if it didn't do this.
Naturally, it is not necessary to overact on the part of the user, such as formatting and reinstalling the system, which is almost never necessary.
As you say, if the Defender reports having put this file in quarantine, normally the issue is resolved, but if despite this this file appears again, which is definitely not a desirable behavior because it shows that other files are involved, in any case it is necessary to investigate a little more and a complete scan of the system is surely recommended.As also happens with these hijackers (most bundleware), which are normal programs that even appear in the list of installed programs and can be uninstalled as such, but they are reproduced, because they have corresponding links also located in the registry, in the cache and even in the shortcuts with scripts that cause this file to be reinstalled. They are normally annoying but not dangerous on their own, but they can open ports to those that are and should be eliminated for this reason.
More than 80,000(!) new types of malware appear on the Internet every day and we must always take the warnings of a good AV seriously and act accordingly to avoid greater evils. In my computer beginnings as a confident newbie, I learned it the hard way.
-
This post is deleted!
