• Community
    • Community
    • Vivaldi Social
    • Blogs
  • Forum
    • Vivaldi Forum
    • Categories
    • Recent
    • Popular
  • Themes
    • Vivaldi Themes
    • My Themes
    • FAQ
  • Contribute
    • Contribute
    • Volunteer
    • Donate
  • Browser
    • Vivaldi Browser
    • Latest News
    • Snapshots
    • Help
Register Login

Vivaldi

  • Community
  • Themes
  • Contribute
  • Browser

Navigation

    • Home
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Groups
    1. Home
    2. Desktop
    3. Vivaldi for Windows
    4. Virus on cache

    Virus on cache

    Scheduled Pinned Locked Moved Vivaldi for Windows
    39 Posts 8 Posters 1.8k Views 3 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • I
      Inmazes
      last edited by

      I had Vivaldi for some time and never had a problem, but lately Windows Defender has been detecting a malware that comes from the programs cache, a Troyan to be specific, I deleted the cache and even the cache folder but the Troyan seems to be coming back, is there anything I can do? Thanks (https://imgur.com/a/M0Wxr3x)

      Catweazle
      C
      edwardp
      E
      2 Replies Last reply
      Reply Quote 0
    • Catweazle
      C
      Catweazle @Inmazes
      last edited by Catweazle

      @Inmazes, Phonzy is an generic name by the Defender for this type of Virus. Deleting the cache isn't enough, because this script reproduce itself.
      The only manner to eliminate it is to make an complete scan with the Defender (can last much time in which isn't advisable to use the PC) or also using MalwareBytes, Panda Cloud Cleaner, etc.

      Writeup by Andisearch about this Virus

      Trojan:Script/Phonzy.A!ml, a malicious software that infiltrates systems, often without the user's knowledge. This Trojan is known to perform harmful activities such as downloading and installing additional malware, stealing sensitive information, modifying system settings, or opening backdoors for remote access21.

      The Trojan:Script/Phonzy.A!ml typically spreads through various means such as malicious email attachments, infected websites, or social engineering techniques1. Once executed on a system, it may perform actions such as downloading and installing additional malware, stealing sensitive information, modifying system settings, or opening backdoors for remote access.

      To eliminate this Trojan, users are advised to use specialized tools to detect and eradicate all associated files and registry entries. Tools such as WiperSoft Antispyware, Malwarebytes Anti-Malware, and GridinSoft Anti-Malware are recommended. Manual removal is also possible, but it requires a certain level of expertise2.

      >Laptop ACER, AMD Ryzen, GPU AMD RadeonΒ  RAM 16GB, SSD 512GB -Win11 Home 64 v24H2| Vivaldi last stable|

      πŸ‘‰ Vivaldi linksπŸ‘ˆ My Themes

      1 Reply Last reply Reply Quote 0
    • VivaldiFan2023
      V
      VivaldiFan2023
      last edited by

      I don't recommend trying to get rid of the malware by using several scanner. You won't be able to detect and eliminate EVERY entry from the malware.

      Best way is to format the device and to re-install the system. I hope you made a clean backup in the past? If so, you're lucky. If not, you have more work to do.

      Don't slip up trusting diverse malware scanners. If you use them to scan your system be aware that that they are running on an already compromised system. For this reason you can't trust their findings.

      Do you know how you got this malware? Did you open a suspicious link? Or was your system not up to date?

      Samsung Galaxy Tab S8 Ultra / Samsung Galaxy S24 Ultra /Android 15

      "It always seems impossible until it's done!" [Nelson Mandela]

      1 Reply Last reply Reply Quote 0
    • U
      ullman
      last edited by

      This post is deleted!
      Pathduck
      P
      1 Reply Last reply
      Reply Quote 0
    • edwardp
      E
      edwardp Soprano Supporters Ambassador @Inmazes
      last edited by

      @Inmazes Thank you for posting the information. I have mentioned this internally.

      Vivaldi on Linux:
      openSUSE Tumbleweed and Slowroll (Xfce 4.20)
      Fedora 42 and Rawhide (Xfce 4.20)

      Android (10)

      Vivaldi user since 2016. Thank you to all Vivaldi users.

      1 Reply Last reply Reply Quote 0
    • Pathduck
      P
      Pathduck Moderator Soprano Supporters @ullman
      last edited by Pathduck

      @ullman It's not a Vivaldi issue, it's just a file in your the browser cache. Might be a false positive, might not be. This file was is probably created when you visited a web site, maybe a shady one, maybe not.

      • It's a pretty stupid antivirus to alert on files in browser cache
      • The antivirus says the file is quarantined so should be deleted in any case
      • It probably keeps getting generated because you keep visiting the same site
      • The file can't hurt your system and there's no reason to think your system is "infected by malware" just from the existence of this single file
      • A virus scan with a scanner can't hurt in any case
      • Try closing all open tabs and clearing cache, then restart the browser
      • Suggesting people reinstall the OS just for a single, possible false positive is ridiculous advice

      If anyone wants, find this file in the cache directory as per the AV report, or in the AV quarantine system. Move it out and zip it, then upload it somewhere and I could have a look what it actually is.

      🎻Volunteer helper Β· Forum moderator Β· Sopranos tester πŸ› οΈTroubleshooting πŸ›Report a bug πŸ“œMarkdown help
      πŸ¦†"With a rubber duck, one's never alone" -Douglas AdamsπŸ¦†

      1 Reply Last reply Reply Quote 0
    • U
      ullman
      last edited by

      This post is deleted!
      Pathduck
      P
      1 Reply Last reply
      Reply Quote 0
    • Pathduck
      P
      Pathduck Moderator Soprano Supporters @ullman
      last edited by Pathduck

      @ullman Well then I guess the natural next questions are:

      Have you visited some "shady" websites lately or have you installed some downloaded software containing malware lately? And if so, why didn't the so-called "Defender" defend you? Why did it only report this browser cache file?

      OR have you installed some shady extensions lately?

      I can try to catch the file and send it to you, if you want.

      Sure, do that πŸ‘

      🎻Volunteer helper Β· Forum moderator Β· Sopranos tester πŸ› οΈTroubleshooting πŸ›Report a bug πŸ“œMarkdown help
      πŸ¦†"With a rubber duck, one's never alone" -Douglas AdamsπŸ¦†

      U
      1 Reply Last reply
      Reply Quote 0
    • U
      ullman @Pathduck
      last edited by

      This post is deleted!
      1 Reply Last reply Reply Quote 0
    • Pathduck
      P
      Pathduck Moderator Soprano Supporters
      last edited by Pathduck

      From a little Googling and excluding all the BS advice sites that try to sell you some crap AV scanner or product, I found this nugget that made me laugh:

      https://github.com/NextronSystems/aurora-agent-lite/issues/13

      So basically the !ml in the detection string means it's detected by "machine learning" AKA idiot AI.
      It even detects a "virus" in a YML file πŸ˜‚

      🎻Volunteer helper Β· Forum moderator Β· Sopranos tester πŸ› οΈTroubleshooting πŸ›Report a bug πŸ“œMarkdown help
      πŸ¦†"With a rubber duck, one's never alone" -Douglas AdamsπŸ¦†

      U
      1 Reply Last reply
      Reply Quote 0
    • U
      ullman @Pathduck
      last edited by

      This post is deleted!
      Pathduck
      P
      1 Reply Last reply
      Reply Quote 0
    • Pathduck
      P
      Pathduck Moderator Soprano Supporters @ullman
      last edited by Pathduck

      @ullman said in Virus on cache:

      So can we conclude that today's Windows Defender updated added some wrong AI scripts that now alert some normally generated cache files as a virus?

      I don't know I don't use Defender, I use Avast πŸ˜‰
      Ask MS I guess and ask them to improve their crappy product πŸ˜‚

      PS. Can you please check if your Vivaldi browser creates new cache files every few seconds even when no website opened?

      It does not, no. Where would those files be created?

      🎻Volunteer helper Β· Forum moderator Β· Sopranos tester πŸ› οΈTroubleshooting πŸ›Report a bug πŸ“œMarkdown help
      πŸ¦†"With a rubber duck, one's never alone" -Douglas AdamsπŸ¦†

      U
      1 Reply Last reply
      Reply Quote 0
    • U
      ullman @Pathduck
      last edited by

      This post is deleted!
      Pathduck
      P
      1 Reply Last reply
      Reply Quote 0
    • Pathduck
      P
      Pathduck Moderator Soprano Supporters @ullman
      last edited by Pathduck

      @ullman And you're using Vivaldi to post this? Then this page/tab would create cache files obviously.

      Do you have open web panels that create cache files?
      Do you have extensions installed that would create cache?

      If you mean the files in cache named data_0 to data_3 and index those are always generated.

      The files named f_<number> are cached files. If you have a program that allows you to look at file content you can easily see what they are (if you know a little about file headers).

      🎻Volunteer helper Β· Forum moderator Β· Sopranos tester πŸ› οΈTroubleshooting πŸ›Report a bug πŸ“œMarkdown help
      πŸ¦†"With a rubber duck, one's never alone" -Douglas AdamsπŸ¦†

      U
      1 Reply Last reply
      Reply Quote 0
    • U
      ullman @Pathduck
      last edited by

      This post is deleted!
      Pathduck
      P
      TbGbe
      T
      2 Replies Last reply
      Reply Quote 0
    • Pathduck
      P
      Pathduck Moderator Soprano Supporters @ullman
      last edited by Pathduck

      @ullman I have no idea why these files are created then. There's always a reason, and no need to panic in any case.

      I use Total Commander to quickly examine the content of any file.

      Here's a PNG file in cache
      f7f13e9c-7288-4b22-840b-cadcc107d8ab-image.png

      Here's a JPG file:
      d7c1ded2-c733-44ba-b6c4-4fb39cc856ee-image.png

      HxD is a good hex editor for Windows:
      https://mh-nexus.de/en/hxd/

      Here's a list of common file signatures:
      https://en.wikipedia.org/wiki/List_of_file_signatures

      A great tool from Nirsoft to allow you to see cache files and their sources.
      https://www.nirsoft.net/utils/chrome_cache_view.html
      Doesn't necessarily list everything though.

      🎻Volunteer helper Β· Forum moderator Β· Sopranos tester πŸ› οΈTroubleshooting πŸ›Report a bug πŸ“œMarkdown help
      πŸ¦†"With a rubber duck, one's never alone" -Douglas AdamsπŸ¦†

      U
      1 Reply Last reply
      Reply Quote 1
    • U
      ullman @Pathduck
      last edited by

      This post is deleted!
      Pathduck
      P
      1 Reply Last reply
      Reply Quote 1
    • Pathduck
      P
      Pathduck Moderator Soprano Supporters @ullman
      last edited by

      @ullman Send me the zipped file if you want and I could have a look what it actually is.

      🎻Volunteer helper Β· Forum moderator Β· Sopranos tester πŸ› οΈTroubleshooting πŸ›Report a bug πŸ“œMarkdown help
      πŸ¦†"With a rubber duck, one's never alone" -Douglas AdamsπŸ¦†

      U
      2 Replies Last reply
      Reply Quote 0
    • U
      ullman @Pathduck
      last edited by

      This post is deleted!
      1 Reply Last reply Reply Quote 1
    • TbGbe
      T
      TbGbe @ullman
      last edited by

      @ullman said in Virus on cache:

      No web panels opened, only start page. I only have 3 extension installed:

      Maybe check for rogue "service worker" as well?
      vivaldi://serviceworker-internals

      Win: Snapshot Vivaldi 7.5.3735.34

      U
      1 Reply Last reply
      Reply Quote 1
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    • 1
    • 2
    • 1 / 2
    • First post
      Last post

    Copyright © Vivaldi Technologies™ β€” All rights reserved. Privacy Policy | Code of conduct | Terms of use | Vivaldi Status