Ransomware.
-
Everytime i open a web app i am getting a flag from my AV.
Example.. Microsoft teams web app.
if you join a conference you will get a warning.it loads the webapp.
Then after a delay.
i get the malware warning.
And defender kills vivaldi.
So i need to ask.. how is this happening?
Why?Same with the built in game that's in the browser.
Triggers the same warning.Why?
-
I am honestly considering another browser already.
This is a full on remote access Trojan.
-
What source did you install Vivaldi from?
Do you have any extensions installed? -
@Komposten
Straight from the downloads page.i am only using uBlock
if you like i am willing to record the desktop.
-
I just scanned the Vivaldi windows downloads at https://www.virustotal.com and they are all ok (both stable and snapshot, x64 and x86 exes)
https://www.virustotal.com/gui/url/6792ad5532e9935b55f52800c2aa6678df74486e7a1ae3468b9f33b2b974e68d/detection
https://www.virustotal.com/gui/url/e464bda1df8ec17ced29fbfce9811097bcae3aa8e14c53feb7df602a022283c2/detection
https://www.virustotal.com/gui/url/7d32b9bce50decf1d4de0f00d6367def8980a8820bbbbbb23cf0e28f2522c924/detection
https://www.virustotal.com/gui/url/cae706b0f30626a5f63f011b218e72237a08b98cce5e8cf7ee01569ee2f1c9da/detection
there must be something in YOUR installation, like a bad javascript in your cache or somewhere else. -
@Xeonic Do a scan with Zemana. It surely doesn't come from Vivaldi itself.
-
same on google meet
-
you can fix it by adding Vivaldi folder to whitelist by adding /users/YourUserName/local/vivaldi
-
@zalpaw Don't do that. If there is a ransom infection in the wild, this will cause damage.
-
@Xeonic said in Ransomware.:
@Komposten
Straight from the downloads page.i am only using uBlock
if you like i am willing to record the desktop.
Hmm...
I asked because there have been people in the past who have downloaded Vivaldi from some random shady page, or use shady extensions, but that doesn't appear to be the case here. -
@Hadden89 I downloaded browser from official site, and have only 4 addons (ublock, privacy badger, decentraleyes, betterTTV), so that shouldn't be a problem. I think it's just a bug so it won't be a big deal till devs fix it. I switched from firecocks yesterday so i didn't have enough time to fill it with any viruses yet. Or is it really a big deal to whitelist browser?
-
@zalpaw Whitelisting a potential ransomware on a windows PC will surely cause troubles.
-
*Solved.
Somehow Ublock is causing this. -
@Xeonic There are some versions of ublock which are actually malware.
https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm
The true version is this, please remove the other one. -
@Hadden89 I have exactly this one, and still got this bug
-
@Hadden89 using that exact extension.
-
@Xeonic That's even stranger. A past infection probably infected ubo, if you took it from the store
@zalpaw I think is the same issue. But if parts of the threat are in the ubo addon, I really can't suggest to whitelist Vivaldi. Too risky. Please, revert that.
Using another extension or the native blocker could be a workaround in the wait.
-
@Gwen-Dragon But why is triggered from ubo?
-
-
@iAN-CooG didn't work for me