installer_helper_64.exe detected as malware
-
Maltisohn last edited by
I did scan of my computer with Sophos Scan & Clean and it flagged two of Opera GX files as malware. I attached photos. Should I be worried? Anybody ever saw installer_helper_64.exe flagged as malware?
-
sgunhouse Moderator Volunteer last edited by
@Maltisohn Some malware scanners use "heuristic" scanning - that is, they flag software based on suspicious features rather than it being actual known malware. And yes, typically that would include network installers since that is something a lot of trojans do (install other malware from the net).
If it gives you the option. turn off heuristic scanning and try again. Not that it would hurt you too badly to quarantine those files as they'd only be used during an update or uninstall, but if it flagged those two then it will flag the ones for future versions as well.
-
C7suede last edited by
@Maltisohn Any update? Had same issue and when I put it into virustotal one of the listed names was cobaltstrike_hijackloader, not sure that means it’s the same file tho. Can anyone verify if this is a normal Opera GX file? Like is it currently in other people’s files or is it malware?
-
C7suede last edited by leocg
installer_helper_64.exe what is it? And why was it flagged as malware?
More so just curious if this is a legitimate Opera GX file or not. Virustotal gave it a 0/72 which is good, but it had some really suspicious names (not that I understand the correlation between names and the actual file) one such name was cobaltstrike_hijackloader_ryuk which definitely doesn’t sound good. But I don’t know if that means it is that file, they just had the same hash
-
-
C7suede last edited by
@Maltisohn sounds good, yea I just had it quarantined and then removed from pc, and then stopped using opera, we used the same AV scan program as well. Thanks
