Vivaldi keeps asking me to download or open index.php

eviva

Hi everybody.

Todays internet session started with a bug that makes using vivaldi rather annoying.

The browser keeps asking wether it should open or download an index.php whenever a new site is opened. If I don't prompt the popup panel further browsing is impossible. Changing download settings don't help.

I've noticed, that firefox users seem to have the same problems and it was suggested to them, to delete their browsers mimeTypes.rdf in order to solve those problems.

Some Questions:

Would that be helpful in my case as well?
Where do I find this file, if I have to delete it?
Why is the browser behaving this way all of a sudden?
Are there any other (and permanent) solutions?

Thanks for your help!

pafflick

Hi, first of all, check your extensions. Disabling them all would be advisable. That is, assuming that you didn't do any changes (even outside the browser) that could cause this. Other things worth trying for a start:

1. Open the page that's causing the issue in Private Window (by default: press [CTRL] + [SHIFT] + [N] to launch a new Private Window or select Menu > File > New Private Window). If the issue is gone in Private Window, then follow the next step. If the issue persists, try step 3 instead.
2. Clear browsing data and restart the browser if necessary;
3. Refresh your profile.

I haven't had such issue, so I can't tell exactly what's causing this, but these are the things that I would try before deleting any files.

eviva

Hi pafflick.

Thanks for your advice so far!

I noticed, that the browser keeps asking to save a particular index.php only. The adress is flagged a spam in here, so I can't write it down for you. I certainly didn't visit or search for it by any means. Getting rid of however that one was stored within the browser might probably help.

eviva

Step 2. was allready performed before but didn't help.

Step 3. doesn't reproduce the problem. No repeated asking while using the private mode.

If necessary, I will perform step 1 later.

pafflick

If that happens only on one particular site, then it's probably configured incorrectly and you cannot fix it yourself (unless you're an admin of that website). Usually, a website administrator can set mime types manually to force downloading of particular files instead of opening them. In this case, though, it's most likely a server-side error, since PHP files (especially named "index") are meant to be viewed in browsers (after being executed on the server), not downloaded.

Posting URLs for new users is blocked temporarily, that's the forum's anti-SPAM policy, sorry for the inconvenience.

eviva

It seems to me you probably got it wrong due to an incorrect explanation on my side: It's not happaning "on" that particular site only, it's happening on every site visited.

Let's put it this way: That particular site has the adress "Spam(dot)com". That one has an index.php allright. I didn't visit it and I don't have any intention to either! It must have been shoved down the browser somehow without my active participation.

Now I visit the site "Legit(dot)com". Any other site will do too. The panel pops up and urges me to either open or save that certain index.php from "Spam(dot)com". How can that be?

What I try to make clear: There is no active site of "Spam(dot)com" on display nor within the browsing data, but the panel pops up on it's behalf on every other site I visit regardless.

zaibon

@eviva This sounds like your browser might got hijacked. Do you get any results when you run security software? (like "malwarebytes" or "spybot search and destroy")

pafflick

@eviva OK, now I get it. Have you tried disabling all extensions? You didn't mention them anywhere. Next step would be to scan your computer, as suggested by @zaibon.

eviva

Allright! I will do as suggested. That will take a while so I'll get back here with the results later.

In the meantime two more question: how does a hack like this usually happen without giving any notice whatsoever (codefilter addon was on / adblocker as well /security software didn't alert) or where is the code for repeating a specific (unauthorized!) browser performance (apart from a supercookie) stored at usually?

Why isn't private windows browsing affected?

TbGbe

@eviva said in Vivaldi keeps asking me to download or open index.php:

Allright! I will do as suggested. That will take a while so I'll get back here with the results later.

Why isn't private windows browsing affected?

First guess would be that (by default but can be changed by user) extensions are disabled in Private Windows.

If so, that strongly suggests that one (or more) of your extensions is causing the problem.

Second guess would be rogue cookies stored in your non-private data. So you could also try clearing cookies and see if that solves it.

eviva

Thanks for your help everybody!

Looks like I found the reason responsible for the mess. After disabling all
addons and turning them back on again one by one the addon responsible
turned up right away: Free Video Downloader 2.9 has now bee deinstalled.

The problem is solved!

wax

@eviva Thanks for the fix, I had exactly the same problem as you.

pafflick

That was the very first thing that I suggested. I'm glad that you were able to get rid of your problem. Now, it would be nice of you guys if you'd report this extension to the Chrome Web Store for abuse. To do that, go to the extension's page in the Chrome Web Store and click on the "Report Abuse" link on the first page. Thank you.

wax

@pafflick Great work with your suggestion to check the extensions - thanks for your advice. I was fortunate to come in at the end when @eviva had found the extension that was causing the problem so I could go straight to it. I did try to "Report Abuse" for the extension but it appears that the extension is no longer available. Clicking on 'Details' in the extension brings up a pop-up with a link to 'View in store' - clicking on this link brings up a 404 error.

pafflick

@wax Well then, it looks like the Google has already handled this by removing this extension from their store. Good for them. If it was removed due to the terms violation, then it should be disabled automatically for everyone who still has this extension installed. On the extensions page in the browser, there should appear a short note: "This extension violates the Chrome Web Store policy."

Unless the developer pulled it out himself and the error was caused by some service that is no longer working.

wax

@pafflick I think the developer must have pulled it as I can't see a violation message.