Malwarebytes says Vivaldi = Trojan
-
Malwarebytes says Vivaldi = Trojan - Malwarebytes blocks website 159.203.64.166
Malwarebytes
www.malwarebytes.com-Log Details-
Protection Event Date: 7/31/21
Protection Event Time: 2:33 AM
Log File: 359c3c4e-f1c9-11eb-a451-704d7b6c0782.json-Software Information-
Version: 4.4.4.126
Components Version: 1.0.1413
Update Package Version: 1.0.43744
License: Premium-System Information-
OS: Windows 10 (Build 19043.1110)
CPU: x64
File System: NTFS
User: System-Blocked Website Details-
Malicious Website: 1
, C:\Users_____\AppData\Local\Vivaldi\Application\vivaldi.exe, Blocked, -1, -1, 0.0.0, ,-Website Data-
Category: Trojan
Domain:
IP Address: 159.203.64.166
Port: 443
Type: Outbound
File: C:\Users_____\AppData\Local\Vivaldi\Application\vivaldi.exe(end)
-
@liquidfusion Anti-virus and anti-malware often make false positives. My experience with Malwarebytes is it is prone to this stupidity more often than other products.
The IP 159.203.64.166 is no longer active. I suspect you installed a malicious extension that causes this network request to a blacklisted IP, and since it came from Vivaldi it decided the entire application was malware
Where did you install Vivaldi from?
Find your
vivaldi.exeinAppData\Local\Vivaldi\Applicationand upload it to:
https://www.virustotal.com/gui/home/upload
Check the results. -
Virus Total detected no issues in the latest update of Vivaldi Stable: Vivaldi.4.1.2369.15.x64.exe
No security vendors flagged this file as malicious
-
@liquidfusion , I do not use Malwarebytes for several reasons, first of all due to several false positives in the past, which in MWB regarding viruses and malware is higher than in the other regular AVs.
Nor do I use it because it is redundant compared to Windows Defender, much more efficient than MWB and the third reason, using the free version, although it only works on demand, however it remains memory resident, after the scan, occupying unnecessary RAM (see Task manager)
The only thing that can be useful in specific cases, from MWB is the small app AdwCleaner, quite efficient in its own way of eliminating the odd PUP that Defender has overlooked (very rare).
I therefore think that this supposed Trojan is either a false positive or caused by some extension, as @Pathduck claims.
Anyway, if you want to be sure, I recommend doing a scan with Panda Cloud Cleaner, a small and free app, which uses the list of all types of malware taken in real time from the servers (updated every few minutes), not from a list on disk -
Why does the log say "website" and then give a program?
If I recall, port 443 is used for mail. So they don't want you to send mail with M3, they think you must be spamming people.
-
@sgunhouse said in Malwarebytes says Vivaldi = Trojan:
Why does the log say "website" and then give a program?
I get it these all the time - I agree it could be easy to misunderstand. But it's just saying that the connection was initiated by the program, pretty natural for a browser...
On the other hand, if Malwarebytes then actually blocks Vivaldi from running, that's a different matter, and it would be a bad security program to block a browser from running just because its user (or possibly an extension) happened to start a connection to a blacklisted site.
If I recall, port 443 is used for mail. So they don't want you to send mail with M3, they think you must be spamming people.
Port 443 is HTTPS. You're confusing it with 143 for IMAP
https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers -
@liquidfusion Do you use extensions? Worth checking also them as security softwares sometimes flag the browser exe when one of them is affected or an infected site is visited. Do a check with adwcleaner. But is very likely a false positive.
Vivaldi Stable+Snap | Patience Is The Key To Get The Vivaldi Spree | Unsupported Extensions | Github | windows 11 | Manjaro KDE | Q4OS Trinity | Android 13
-
@hadden89 , I do not think that an extra scan with AdwCleaner is the most appropriate, since it is part of the Malwarebytes application that they also only offer as an independent app to detect adware, such as hijackers and the like that cause annoying popups or change the search engine, but not viruses or malware. A scan with Malwarebytes has already done so with this result. For this reason, I recommended to Panda that if it detects anything, including viruses, even invalid accesses.
-
Ppafflick moved this topic from Vivaldi for Windows on
