New flash player annoyance - malware?



  • I'm a newbie to Vivaldi just in the last couple days. At least once, maybe twice a session so far, a new tab will open all by itself without my permission to a long URL at http://www.newfiledss.com. A javascript dialog pops up "a new media downloader is available." On the page behind the dialog, "Please install the new flash player (recommended)" (see attached screenshot). I searched the forum and the Vivaldi site for any reference to this URL or a recommended flash player and did not find any. This could be malware for all I know. What is it, why is it happening without my permission, and what do I have to do to make it disappear forever? Thank you. Attachments: [img]https://forum.vivaldi.net/uploads/attachments/84141/vivaldimalware.jpg[/img]


  • Moderator

    Given your description, it is not related in any way to Vivaldi, is not on the up-and -up, and probably loaded onto your machine because of some unsafe site you visited, or because you downloaded software you shouldn't have.


  • Moderator

    People have been receiving this hack since 2014. Per the AVG website:

    "Pop-up like “There is a new Video Player version” is part of adware operation that aims to promote unknown programs. In this case, it wants you to download a video player that is found to be wrapped with various adware. Installing any files from “There is a new Video Player version” pop-up may place your system at risk. Thus, we highly suggest staying away from this kind of fake update page.

    Normally, computer will see “There is a new Video Player version” pop-up if adware is present on the computer. You may have acquired the adware from malicious sites previously visited. Links from spam email messages and social networking sites likewise leads to the location of codes that when executed will make “There is a new Video Player version” pop-up to appear.

    Presence of “There is a new Video Player version” may mean that changes have been made on the browser. It affects programs like Internet Explorer, Google Chrome, and Mozilla Firefox. Because it is not a virus, this threat is not contagious. It will never have an effect on your files and systems. It targets mostly browser and relevant files."

    You can clean your Vivaldi profile quite easily, but if that's not where it's coming from , that won't help.



  • Mac OS X 10.11.3 El Capitan. Firefox and Chrome installed and run daily without a problem. No adware or malware visible in either browser. Ran Malwarebytes scan and it returned nothing. If you have a better scanner recommendation, I'm open to it.

    I uninstalled Vivaldi using the Appcleaner app which deletes any files associated with Vivaldi. I installed version 1.2 again from Vivaldi.com. The only extensions I installed were Adblock Plus and Lastpass. Lastpass seemed to be there by default which seems fishy so I uninstalled it and reinstalled it from the Chrome app store.

    I only went to Facebook.That's it, no other sites in Vivaldi. Yet, I get an tab opening without permission telling me to install a video player. The page looks different this time, but it serves the same function.

    What do you all recommend? Are the packages on the Vivaldi.com web site verified and secure? I can't use this now, it seems like a nice browser and certainly is fast, and lord knows Firefox is garbage with Facebook and other large sites and I'd like to get rid of it. But this isn't reliable right now. Wish it was.


  • Moderator

    What I do know for sure is that your appcleaner app didn't delete all files associated with Vivaldi. There is NO WAY LastPass was there by default. It was left over from your prior install and your prior use.

    So, your profile was not cleaned. Open Vivaldi and go to Menu/help/about and read the line labeled "profile path." That tells you where the Default folder is. I'd tell you myself, but I don't speak Mac. I only know where it is on Windows. With Vivaldi closed, go to it and delete it or rename it. I normally only recommend to rename it, so that you can move data from the folder back to your new profile, but since it may contain malware you are safer deleting it. You might want to export your bookmarks first, if you have many and want to keep them. Further, you might want to backup the "login data" file if you are keeping any passwords in the browser. If you're using LastPass, this is probably unnecessary.

    Re-start Vivaldi so that it can create a new Default folder and see if it's clean now.

    I have no idea what is the best scanner to actually scan your entire drive for adware. I haven't had an infection of any kind in over a decade, so I'm not up on good cleaners.

    I guarantee Vivaldi from the Vivaldi website is utterly free of malware, adware, spyware of any kind.



  • Hi!
    I know for sure what Malwarebytes misses some Ransomware, including LOCKY.
    My laptop has this protection http://myspybot.com/thor-virus-files/ and here everything is always good. The computer has AVAST, if you scan I have a Trojan :angry:



  • The Vivaldi installer made several attempts to connect to "redirector (dot) gvt1 (dot) com" during setup, all of which I denied after searching for info about that address. The connection requests appear to be part of the install/setup process for some reason.

    It could be coincidence, but Vivaldi ran slow after installation (maybe because of my denials) and so did the Mac. After using EasyFind to destroy all traces of Vivaldi and rebooting, everything worked properly again.



  • @joa149 Vivaldi has no flash installer.
    You mean Vivaldi installer wanted to connect somewhere?

    Where did you download the installer from? Form https://vivaldi.com/download/?
    Unauthoriezed Installers are not from vivaldi.com and may contain malware. Please read: https://vivaldi.net/en-US/teamblog/201-unauthorized-vivaldi-installers-help-us-find-them


Log in to reply
 

Looks like your connection to Vivaldi Forum was lost, please wait while we try to reconnect.