Large virus spead detected in recent vivaldi (vivaldi2)
-
Hello. First of all i'l clarify a few things.
A: your cloud detection is listing my posting as spam. please fix that. I can't post
The MDA data. Your Aksimet is spam blocking literally everything. Seems to be blocking Canadian IP's1: All the web browser and antivirus are updated to the very last minute updates.
2: The first scan of this vivaldi install returned no virus detection's. about a week later since the last scan there is now what amount to the entire program files vivaldi folder being infected with a adware virus
3: There is no user data site visits virus detection.
virus: Adware.Heur.ELEX.823B.vl
EXE, .SD, .log. .viv files.The other chrome based web browsers including an updated vivaldi portable version on another drives work fine and are clean. All firefox based web browsers are clean.
This new vivaldi2.exe was clean but not after it's most recent update. I noticed it when glasswire notified me that the vivaldi.exe was changed. Glasswire certainly detected to trouble in a hurry.
I realize it could be a false positive but not the entire install folder and 99% of the install folder files as well. Of note Vivaldi was getting sluggish and i could barely even watch a youtube or twitch stream in 240p to 360p. I loaded up the portable vivaldi on the other drive and it works perfectly at 720pHD. Same for firefox and brave browser.
Loaris trojan remover and F-secure Nod32 both detected this virus so it's not a one off.MD DATA______________________ C:\Program Files\vivaldi2\Application\update_notifier.exe ---- General Threat Adware.Heur.ELEX.823B.vl ProdVer: 6.7.3329.26 FileVer: 6.7.3329.26 Name: Vivaldi update notifier Company: Vivaldi Technologies AS Signature verification: True Certificates: Vivaldi Technologies AS NAC: 27E20F05EB90A5E6CDECF4EAC666D761:46 MD5: 8795D5B25116B9E340AA4D6F4D6772D6:3615872 RIC: 64597BEFEEF64B1C663CB63BCF98EDA7:38341 RFH: 768:MyAypwqxStQV81v8lLrEjRU4fXD0kpwY8P:qydSWV81vuLAjq4fDdpwFP SUBS: Win32 GUI PE: x64 EP: 4883EC28E80B0000004883C428E97AFEFFFFCCCC48895C242055488BEC4883EC20488B0570D7120048BB32A2DF2D992B0000483BC375744883651800488D4D18FF EPSEC: 0 EPRVA: 001D48A0 IBASE: 0000000140000000 SEC: .text:60000020:E9F4D13B243E7BC891FA95BB09EC034B:2483712 .rdata:40000040:601790DEF2F9EF6332A20B4D16A0E741:659968 .data:C0000040:10377E7D61B39ABEA52386AE03AE7444:60928 .pdata:40000040:98A5B88F0A402BD5AB2F8172F5D6EF7A:84992 .gxfg:40000040:A301701B096A47D97B898449C60CB775:14848 .retplne:00000000:14AE79CB42844A5F44B9BF20E55E3527:512 .tls:C0000040:544539FDB0A390D6C00539A6F52D3EF8:512 LZMADEC:60000020:05E9EAB8428A551A281AB278073669FA:4608 _RDATA:40000040:700D0B7D09ADEEFA2581288EA42F9008:512 malloc_h:60000020:F95A674D28ABDF5283EB47015C1AC739:512 .rsrc:40000040:9DB3387FFEDA9CD279AD8DDC4C0A3434:260608 MD Data___________________________________ :\Program Files\vivaldi2\Application\vivaldi.exe ---- General Threat Adware.Heur.ELEX.823B.vl ProdVer: 6.7.3329.26 FileVer: 6.7.3329.26 Name: Vivaldi Company: Vivaldi Technologies AS Signature verification: True Certificates: Vivaldi Technologies AS NAC: DA79BFCD72AECAC7066DC26C53D65DAA:30 MD5: 4BCAC3141CFC8210CDE396F2B37C0A67:2541184 RIC: 64597BEFEEF64B1C663CB63BCF98EDA7:38341 RFH: 768:MyAypwqxStQV81v8lLrEjRU4fXD0kpwY8P:qydSWV81vuLAjq4fDdpwFP SUBS: Win32 GUI PE: x64 EP: 4883EC28E80B0000004883C428E97AFEFFFFCCCC48895C242055488BEC4883EC20488B0550F00E0048BB32A2DF2D992B0000483BC375744883651800488D4D18FF EPSEC: 0 EPRVA: 00133FC0 IBASE: 0000000140000000 SEC: .text:60000020:2EF2AE081E1962BEE3F48705E93CD05D:1976320 .rdata:40000040:0150420E4FFA66B902FF397E31C0F1D2:257536 .data:C0000040:A3DFD1FF1620CE48BAF9AA25BE5B1F16:60928 .pdata:40000040:B2EAE094B7577A42B0878420EDE39C03:55808 .gxfg:40000040:133BBD43E0B29E003B9139A57A0FFCC7:12288 .retplne:00000000:ADA58C4E0969186BFA459DC73C86E1E9:512 .tls:C0000040:62278F64AFFF35066BD7F5E764137463:1024 CPADinfo:C0000040:60D3EA61D541C9BE2E845D2787FB9574:512 LZMADEC:60000020:05E9EAB8428A551A281AB278073669FA:4608 _RDATA:40000040:DF2275B5677BF60A4FBAAC9E377BEC91:512 malloc_h:60000020:61D0E27442A5F30B62FEAB04984029B8:1536 .rsrc:40000040:1481A6643F9D496B6DC850857227F42A:147968 .reloc:42000040:27999E03FC14E8579B1379CACEDC35A1:8704 .reloc:42000040:C7A5939F1E9597630EE8BC36D80C7176:31232
modedit: please learn to use code blocks: </> icon
-
@sovryn You are a new user so akismet will prevent you from editing posts, and make you wait five minutes between posts. That will soon stop once you have another reputation point.
Why are you installing in the vivaldi2 folder?
From where did you download the installer?
-
@Pesala https://downloads.vivaldi.com/stable/Vivaldi.6.7.3329.26.x64.exe
I just ran the installer again and that's the default install parameters.Also i had to vpn to a USA server to be able to post here. That's proof enough.
-
$ md5sum update_notifier.exe 8795d5b25116b9e340aa4d6f4d6772d6 *update_notifier.exe $ md5sum vivaldi.exe 4bcac3141cfc8210cde396f2b37c0a67 *vivaldi.exe
So that's the same files.
Uploaded to Virustotal:
https://www.virustotal.com/gui/file/8c003af1462efde20975f45f45a9d8d93f59da5bd1694e6e931b28da82007794https://www.virustotal.com/gui/file/f6b7fa2785a730e609f7d4a124da0a03dc126f8cdddd44aef61865b5d2309dbc
Please contact your AV vendor and report as a false positive. Most good AV vendors have such a feature in their product.
-
@Pathduck I have already. Still doesnt' explain a few things but thanks anyway.
You can close this thread. I wont' be wasting time on it. -
@sovryn Any heuristic scan is more likely to give false positives. A heuristic result means it looks like it could function as that type of thing (in this case, adware), not that it actually does.
-
All the web browser and antivirus are updated
How many and which AV do you use?
1 The current Windows Defender is one of the best AV, there isn't any third party AV anymore needed. This is why certain AV companies may try to encourage you to use it with false positives.Windows Defender would not have even allowed you to download, let alone install, an infected update, it would have blocked it outright.
2 Using several AV at the same time isn't more effective and lead to conflicts and errors. -
@sovryn said in Large virus spead detected in recent vivaldi (vivaldi2):
Adware.Heur.ELEX.823B.vl
Likely some bad site stored in the browsers data and/or a heuristic scan false positive :
https://www.malwarebytes.com/adwcleaner