Windows Defender detecting Virus JS/Adrozek.A
-
VDNKh last edited by
@leocg said in Windows Defender detecting Virus JS/Adrozek.A:
Those getting the alert should contact Microsoft and ask why the alert is popping up.
The alert pops up when some task in Opera re-creates the file named c0ac6bec106548d2_0 and it happens just leaving the browser open on the home page.
@mouse said in Windows Defender detecting Virus JS/Adrozek.A:
I can't open the suspect js cache files because Defender quarantines them.
You can access the quarantined file closing Opera (just to prevent code execution) and restore them from Defender's history.
-
leocg Moderator Volunteer last edited by
@VDNKh said in Windows Defender detecting Virus JS/Adrozek.A:
The alert pops up when some task in Opera re-creates the file named c0ac6bec106548d2_0 and it happens just leaving the browser open on the home page.
Most probably the file is being cached from a visited page or from an extension. That's why me and others don't see the alert. And that's why Microsoft needs to say why the file is being considered a threat.
-
mouse last edited by
@leocg Thanks for the advice. But the last time I called MS, I told a tech person in the Philippines that I must have deleted a Microsoft system font. She said the only way to fix it was to re-install Windows 10! I fixed it after researching the matter and copying Segoe font into the Win font folder. Most are clueless. One in 100 have more knowledge than me.
-
tjall last edited by tjall
@burnout426 The weird thing is yesterday I got the same result trying to copy & paste that url to different text file - MSE started poping and deleting each file with the url.
But, today it doesn't - the file exists.
Wtf, are you sure you guys don't have the file still?
Please try to search "c0ac6bec106548d2_0"Seems like the Microsoft AV likes the file now... :S
-
burnout426 Volunteer last edited by
@mouse said in Windows Defender detecting Virus JS/Adrozek.A:
have "Force Download 1.08" at ashus.ashus.net.
I checked out the source of that one. It looks fine at least.
-
burnout426 Volunteer last edited by
@mouse said in Windows Defender detecting Virus JS/Adrozek.A:
HD Video Downloader
Link? I see a Chrome app for it, but not an extension.
-
tjall last edited by tjall
@Svarnoy60 said in Windows Defender detecting Virus JS/Adrozek.A:
Removed the SaveFrom.net video upload extension. The threats are gone.
Who has this extension?I had it, though I'm not sure it was it.
-
mouse last edited by
@burnout426 - i think this is it: https://addoncrop.com/en/
But what is the suspect link now? Someone sounded like we know what it is.
-
burnout426 Volunteer last edited by
@mouse said in Windows Defender detecting Virus JS/Adrozek.A:
@burnout426 - i think this is it: https://addoncrop.com/en/
The Youtube Downloader one? I checked it out and it doesn't seem like that's the culprit. It does contain some obfuscated strings in its apps/scripts/background.js file though, so I wouldn't totally trust it without looking more into it and decoding the string escapes.
-
burnout426 Volunteer last edited by
@Svarnoy60 said in Windows Defender detecting Virus JS/Adrozek.A:
Removed the SaveFrom.net video upload extension. The threats are gone.
Upload extension or download extension? As in, is it this one https://addons.opera.com/en/extensions/details/savefromnet-helper/?display=en?
I installed that one and don't get the problem. I looked at the source briefly, but there's a lot of code in there.
-
wanderlei last edited by
@tjall said in Windows Defender detecting Virus JS/Adrozek.A:
But, today it doesn't - the file exists.
Wtf, are you sure you guys don't have the file still?
Please try to search "c0ac6bec106548d2_0"Seems like the Microsoft AV likes the file now... :S
Same, not getting alerts from defender anymore but I searched and found the same file.
@Svarnoy60 said in Windows Defender detecting Virus JS/Adrozek.A:
Removed the SaveFrom.net video upload extension. The threats are gone.
Who has this extension?I have that extension.
The file has link to https://lookmeet.tv/ a russian site.
I will delete file and disable extension and see if it regenerates again.
-
mouse last edited by
@wanderlei - Perhaps "https://lookmeet.tv/" is not the culprit.
I have 44,450 files in my js folder. I found "https://lookmeet.tv/" in 20 of those files. Yet I had no Defender warnings since 9-8 @11:24AM (ie over 24 hrs). Either it's not the threat or else Microsoft turned off the warnings for that site. But I'm no expert in this stuff.
-
mouse last edited by
@wanderlei - So perhaps MS got wind of this nuisance from various sources and adjusted Defender's virus signatures.
-
burnout426 Volunteer last edited by
@mouse I reported the string in https://forums.opera.com/post/223970 as a false positive to the Defender time. I got notification that the issue was resolved. And, that string in Notepad++'s backup files (for documents you're editing) no longer triggers Defender after today's 9/9/2020 Virus and Thread Protection update. So, perhaps it's indeed sorted out.
-
jclinansmtih last edited by
@jclinansmtih Its been over 24 hours now with plenty of intensive Opera usage. No new threats. I have to hang my hat on that SaveFrom.net extension.