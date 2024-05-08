Large virus spead detected in recent vivaldi (vivaldi2)
Hello. First of all i'l clarify a few things.
1: All the web browser and antivirus are updated to the very last minute updates.
2: The first scan of this vivaldi install returned no virus detection's. about a week later since the last scan there is now what amount to the entire program files vivaldi folder being infected with a adware virus
3: There is no user data site visits virus detection.
virus: Adware.Heur.ELEX.823B.vl
EXE, .SD, .log. .viv files.
The other chrome based web browsers including an updated vivaldi portable version on another drives work fine and are clean. All firefox based web browsers are clean.
This new vivaldi2.exe was clean but not after it's most recent update. I noticed it when glasswire notified me that the vivaldi.exe was changed. Glasswire certainly detected to trouble in a hurry.
I realize it could be a false positive but not the entire install folder and 99% of the install folder files as well. Of note Vivaldi was getting sluggish and i could barely even watch a youtube or twitch stream in 240p to 360p. I loaded up the portable vivaldi on the other drive and it works perfectly at 720pHD. Same for firefox and brave browser.
Loaris trojan remover and F-secure Nod32 both detected this virus so it's not a one off.
MD DATA______________________ C:\Program Files\vivaldi2\Application\update_notifier.exe ---- General Threat Adware.Heur.ELEX.823B.vl ProdVer: 6.7.3329.26 FileVer: 6.7.3329.26 Name: Vivaldi update notifier Company: Vivaldi Technologies AS Signature verification: True Certificates: Vivaldi Technologies AS NAC: 27E20F05EB90A5E6CDECF4EAC666D761:46 MD5: 8795D5B25116B9E340AA4D6F4D6772D6:3615872 RIC: 64597BEFEEF64B1C663CB63BCF98EDA7:38341 RFH: 768:MyAypwqxStQV81v8lLrEjRU4fXD0kpwY8P:qydSWV81vuLAjq4fDdpwFP SUBS: Win32 GUI PE: x64 EP: 4883EC28E80B0000004883C428E97AFEFFFFCCCC48895C242055488BEC4883EC20488B0570D7120048BB32A2DF2D992B0000483BC375744883651800488D4D18FF EPSEC: 0 EPRVA: 001D48A0 IBASE: 0000000140000000 SEC: .text:60000020:E9F4D13B243E7BC891FA95BB09EC034B:2483712 .rdata:40000040:601790DEF2F9EF6332A20B4D16A0E741:659968 .data:C0000040:10377E7D61B39ABEA52386AE03AE7444:60928 .pdata:40000040:98A5B88F0A402BD5AB2F8172F5D6EF7A:84992 .gxfg:40000040:A301701B096A47D97B898449C60CB775:14848 .retplne:00000000:14AE79CB42844A5F44B9BF20E55E3527:512 .tls:C0000040:544539FDB0A390D6C00539A6F52D3EF8:512 LZMADEC:60000020:05E9EAB8428A551A281AB278073669FA:4608 _RDATA:40000040:700D0B7D09ADEEFA2581288EA42F9008:512 malloc_h:60000020:F95A674D28ABDF5283EB47015C1AC739:512 .rsrc:40000040:9DB3387FFEDA9CD279AD8DDC4C0A3434:260608 MD Data___________________________________ :\Program Files\vivaldi2\Application\vivaldi.exe ---- General Threat Adware.Heur.ELEX.823B.vl ProdVer: 6.7.3329.26 FileVer: 6.7.3329.26 Name: Vivaldi Company: Vivaldi Technologies AS Signature verification: True Certificates: Vivaldi Technologies AS NAC: DA79BFCD72AECAC7066DC26C53D65DAA:30 MD5: 4BCAC3141CFC8210CDE396F2B37C0A67:2541184 RIC: 64597BEFEEF64B1C663CB63BCF98EDA7:38341 RFH: 768:MyAypwqxStQV81v8lLrEjRU4fXD0kpwY8P:qydSWV81vuLAjq4fDdpwFP SUBS: Win32 GUI PE: x64 EP: 4883EC28E80B0000004883C428E97AFEFFFFCCCC48895C242055488BEC4883EC20488B0550F00E0048BB32A2DF2D992B0000483BC375744883651800488D4D18FF EPSEC: 0 EPRVA: 00133FC0 IBASE: 0000000140000000 SEC: .text:60000020:2EF2AE081E1962BEE3F48705E93CD05D:1976320 .rdata:40000040:0150420E4FFA66B902FF397E31C0F1D2:257536 .data:C0000040:A3DFD1FF1620CE48BAF9AA25BE5B1F16:60928 .pdata:40000040:B2EAE094B7577A42B0878420EDE39C03:55808 .gxfg:40000040:133BBD43E0B29E003B9139A57A0FFCC7:12288 .retplne:00000000:ADA58C4E0969186BFA459DC73C86E1E9:512 .tls:C0000040:62278F64AFFF35066BD7F5E764137463:1024 CPADinfo:C0000040:60D3EA61D541C9BE2E845D2787FB9574:512 LZMADEC:60000020:05E9EAB8428A551A281AB278073669FA:4608 _RDATA:40000040:DF2275B5677BF60A4FBAAC9E377BEC91:512 malloc_h:60000020:61D0E27442A5F30B62FEAB04984029B8:1536 .rsrc:40000040:1481A6643F9D496B6DC850857227F42A:147968 .reloc:42000040:27999E03FC14E8579B1379CACEDC35A1:8704 .reloc:42000040:C7A5939F1E9597630EE8BC36D80C7176:31232
@sovryn You are a new user so akismet will prevent you from editing posts, and make you wait five minutes between posts. That will soon stop once you have another reputation point.
Why are you installing in the vivaldi2 folder?
From where did you download the installer?
@Pesala https://downloads.vivaldi.com/stable/Vivaldi.6.7.3329.26.x64.exe
I just ran the installer again and that's the default install parameters.
Also i had to vpn to a USA server to be able to post here. That's proof enough.
$ md5sum update_notifier.exe 8795d5b25116b9e340aa4d6f4d6772d6 *update_notifier.exe $ md5sum vivaldi.exe 4bcac3141cfc8210cde396f2b37c0a67 *vivaldi.exe
So that's the same files.
Uploaded to Virustotal:
https://www.virustotal.com/gui/file/8c003af1462efde20975f45f45a9d8d93f59da5bd1694e6e931b28da82007794
https://www.virustotal.com/gui/file/f6b7fa2785a730e609f7d4a124da0a03dc126f8cdddd44aef61865b5d2309dbc
Please contact your AV vendor and report as a false positive. Most good AV vendors have such a feature in their product.
@Pathduck I have already. Still doesnt' explain a few things but thanks anyway.
You can close this thread. I wont' be wasting time on it.
@sovryn Any heuristic scan is more likely to give false positives. A heuristic result means it looks like it could function as that type of thing (in this case, adware), not that it actually does.
How many and which AV do you use?
1 The current Windows Defender is one of the best AV, there isn't any third party AV anymore needed. This is why certain AV companies may try to encourage you to use it with false positives.Windows Defender would not have even allowed you to download, let alone install, an infected update, it would have blocked it outright.
2 Using several AV at the same time isn't more effective and lead to conflicts and errors.
Likely some bad site stored in the browsers data and/or a heuristic scan false positive :
https://www.malwarebytes.com/adwcleaner