Opera Installer Hijack DLL
-
rlwieneke last edited byMay 16th, suddenly for no reason Opera Installer popped up on the screen wanting to download a new version of Opera. Seeing as this had never happened before I killed the process from Task manager. I being naturally suspicious of anomalies such as this uninstalled Opera and deleted all its directories. Then I started scanning the computer with my Virus/Malware/Spyware scanners and surprise, surprise Norton Power Eraser found an infected stray Opera (supposedly Opera) dll file:
C:\Users\User1\AppData\Local\Temp\Opera_installer_2005170234494355388.dll
Seeing as I'd just uninstalled my only browser I was not able to upload the file to VirusTotal to analyze it. Norton Power Eraser said it uploaded a report on the file to Symantec and deleted the file.
-
-
burnout426 Volunteer last edited by burnout426
Opera's installer does create dlls in the temp directory that are named like that and some anti-virus programs are known to give false positives of stuff Opera's isntaller does. It's most likely a false positive.
-
rlwieneke last edited by
Norton Power Eraser is bad about Not saying what something is infected with. The issue I have is Opera Installer out of the blue launching on it's own and then Norton "Coincidentally" fingering an Opera dll file right after the incident occurred. What are the odds of that happening by accident. Kind of a awful big coincidence.
-
burnout426 Volunteer last edited by
@rlwieneke In the Windows Task Scheduler, there's a scheduled task (2 of them per release channel actually. One is for the browser assistant) for updating Opera and runs once in a while. If Opera wasn't at the newest version at the time, it could have fetched the update and launched the installer.
