Got malware with Vivaldi-snapshot



  • hello
    sorry for my english, I don't speak this language very well
    On my Ubuntu 17.10 I have vivaldi-snapshot_1.14.1047.3
    today when I want to run the browser, some page FunSafeTab.com appeared
    I can't do anything expect :
    1.install the software (hmmm..... no...)
    2.close the window
    I've "purge" Vivaldi and reinstalled this : same thing
    HELP !!!

    [modedit] changed title


  • Moderator

    Download a free copy of Malwarebytes and run it to clean your system. Malware is installed by some bad download sites, it has nothing to do with Vivaldi.



  • @Pesala

    @Sachouille
    Is using Linux.

    @Sachouille

    What is the latest installed extension?
    Or software?
    0_1514664808149_2017-12-30_211300.png


    Windows 10 (x64) | Anniversary Update
    Vivaldi Stable · Snapshot

    Vivaldi Reset and Back up


  • Moderator

    @zalex108 Oops!

    There are plenty of malware tools for Linux too.



  • @sachouille This is a textbook illustration of the importance of sandboxing all browsers [& all other internet-facing pgms too, IMO]. Once you have solved the current problem, i suggest you very seriously consider installing & using Firejail https://firejail.wordpress.com/

    Firejail is a SUID program that reduces the risk of security breaches by restricting the running environment of untrusted applications using Linux namespaces and seccomp-bpf. It allows a process and all its descendants to have their own private view of the globally shared kernel resources, such as the network stack, process table, mount table.
    Written in C with virtually no dependencies, the software runs on any Linux computer with a 3.x kernel version or newer. The sandbox is lightweight, the overhead is low. There are no complicated configuration files to edit, no socket connections open, no daemons running in the background. All security features are implemented directly in Linux kernel and available on any Linux computer. The program is released under GPL v2 license.
    
    Firejail can sandbox any type of processes: servers, graphical applications, and even user login sessions. The software includes security profiles for a large number of Linux programs: Mozilla Firefox, Chromium, VLC, Transmission etc. To start the sandbox, prefix your command with “firejail”
    

    Eg, here's my custom launchers for my V's:

    1. firejail --blacklist=/Seagate -- vivaldi-snapshot --disk-cache-dir=/tmp/vivaldi-snapshot-cache
    2. firejail --blacklist=/Seagate -- vivaldi-stable --disk-cache-dir=/tmp/vivaldi-stable-cache

    Without FJ, a malicious external actor has access to your /home/sachouille directory, somewhere within which i assume now lurks the intruder code. With FJ, the only access available is to this restricted subset [compare these to your unrestricted ones now, to see the radical difference]:
    0_1514676222332_20171231_001.png
    0_1514676258127_20171231_002.png

    As per the video in the FJ link above:
    0_1514676097242_20171231_003.png

    From https://firejail.wordpress.com/documentation-2/basic-usage/ :

    Any type of GUI programs should work. Sound, video and hardware acceleration available on the host platform, should also be available in the sandbox. This makes Firejail ideal for running untrusted programs such as Google Chrome, Dropbox, Skype, Adobe Reader, games.
    


  • @pesala I know this, I meant "I have a virus in my Vivaldi" not "Vivaldi is not clean" ;-)



  • @zalex108 the latest version?
    I don't know. In fact I've installed a beta version and it's a auto-update
    So, the latest was the version before the latest ;-)
    the latest extension, I think is the same in "Vivaldi" (I have both, Vivaldi and "snapshot") was "Nimbus screenshot'
    and the latest software.... I really don't know, sorry

    How to reset Vivaldi settings
    Go to vivaldi://about or to the Help menu > About Vivaldi.

    Like I said yesterday :
    I can't do anything expect :
    1.install the software (hmmm..... no...)
    2.close the window
    I've "purge" Vivaldi and reinstalled this : same thing

    and if the issue is due to an extension, how can I remove it? I can't find the "extension" folder..



  • I(ve tried to install an older version of Vivaldi : the only page I can see it's the "parameters"
    nothing else
    close
    :-c



  • désolé je passe en français :
    je suis assez perplexe je ne trouve RIEN sur mon problème
    il existe sur Windows, il y a plein de pages avec plein d'antivirus mais pas une page ne parle de "FunSafeTab" pour linux
    c'est fou, ça !!!
    j'ai cherché un fichier dans lequel il pourrait y avoir une ligne avec l'indication "démarrer avec FunSafeTab.com" mais je ne trouve pas


  • Moderator

    @sachouille said in malware in Vivaldi-snapshot:

    FunSafeTab

    If that happens only for the current logged in Linux user, something (a extension) changed your Snapshot's profile.

    Test with a clean Vivaldi profile in shell:
    Start terminal/konsole/shell
    Type vivaldi-snapshot --user-data-dir="/tmp/VTEST/" &
    If you get no such funtab page nothing should have infected you Linux.
    Best way is to reset the Vivaldi Profile



  • @gwen-dragon
    it would be nice if, like I said twice :
    I can't do anything

    I've searched for all "vivaldi-snapshot" forlder, deleted them (because some are still here with a "remove" and "purge" command :-(
    I'm installing another latest version.... and I return here ;-)



  • @gwen-dragon
    ok, what I said in the last message works
    :-)
    I will do what you asked me to do, it's better

    if everything works : THANKS FOR ALL YOU GUYS !!



  • @pesala said in Got malware with Vivaldi-snapshot:

    There are plenty of malware tools for Linux too.

    I knew about Mac, but didn't know about the whole Linux suffering from Malware/Virus.

    Despite that, web browsers are not OS related - mostly -.



  • @sachouille said in Got malware with Vivaldi-snapshot:

    @gwen-dragon
    ok, what I said in the last message works
    :-)
    I will do what you asked me to do, it's better

    if everything works : THANKS FOR ALL YOU GUYS !!

    But don't remove Vivaldi profile folder yet, rename the folder, then copy Bookmarks or any needed file - taking care do not copy the infected one -.

    File explanation on the "Reset the Vivaldi Profile" link that @Gwen-Dragon gave.


Log in to reply
 

Looks like your connection to Vivaldi Forum was lost, please wait while we try to reconnect.