unwanted download and install
-
-
totrecal last edited by
Well it is on my system. I didn't install it to begin with. I've made extensive attempts to remove it completely, and it keeps coming back.
-
linuxmint7 last edited by
Then you need to do a thorough check of your system for malware.
Unless someone else is using your machine without you knowing about it ?.
-
A Former User last edited by
Is this a real and usable Opera, with Google as default search engine (or Yandex if you're in CIS or Baidu if you're in China instead of a hideous "competitor"), clean, no extensions installed, etc?
Are you the administrator of your system or are you on a enterprise-like domain? There's also software to roll back all changes in the computer when you restart it that could be involved here.
Do you see anything regarding this Opera setup in the Windows' task scheduler, services or start-up items?
Last question, why not use Opera?
What I saw another day was Opera being offered in the PDFCreator setup (it's a very clean and fair bundle i.e. it's not checked as default, it presents an image of Opera, describes what it is and asks if you want it with two buttons: "Accept" and "Decline"), but it surely doesn't install back if you uninstall it via the conventional ways (I did that myself).
-
totrecal last edited by
Rafaelluik,I'm not sure if it's a real Opera. I don't want to use software that magically appears on my system. So far, I delete it as soon as it appears. I am the administrator on my system, and have looked at the registry, scheduler, and all most everywhere else on my drive to find out what's calling for Opera to download and install. I've also been working with Vipre, my virus software people. They aren't having any success either. I thought someone on this forum might have heard of some hacker that thought we all should be using Opera.
I'd consider using Opera, if it weren't for this intrusion on my system. Actually, I wouldn't have even known about Opera if it wasn't for this. I run Chrome and Firefox right now. When I've solved this problem I'll probably give Opera a try.
Thanks for the comment Rafaelluik
-
totrecal last edited by
I should mention I've deleted this install at least four times. Every three days it downloads and installs
-
blackbird71 last edited byIn the week or so BEFORE you saw Opera first appear, did you download/install any software on the system, especially freeware? The behavior is reminiscent of an adware "software auto-updater" that too often users find bundled (sometimes covertly) with other downloads. These malicious programs embed themselves deeply in multiple ways so that they can respawn themselves periodically to do whatever they're trying to do.
One of the ways to spot these is to look in Task Manager for suspicious processes that magically reappear if killed there, but you do have to have a "feel" for what should ordinarily appear there on your system so as not to kill a key system process.
Also, take a look at your system using both AdwCleaner and Malwarebytes. They're free, highly reputable, and they can find things a regular antivirus program overlooks.
-
A Former User last edited by
I don't want to use software that magically appears on my system.
But you said "I'm not sure if it's a real Opera."So if it's a fake Opera browser or a highly modified version to get you to use other search engines that pay or promote this kind of distribution, to get you to see different ads and track you via extensions, made by a malicious person, or perhaps a third-party installer or utility pushing it into your system and you're going to blame Opera Software ASA for that and **** on their products?
-
totrecal last edited by
blackbird71,that was my first thought. When the SSL thing hit the news I installed LastPass password generator, but not anything else. I've added Bitmeter since this started. I've searched out malicious software like you mentioned, but this one really has me stumped. Since Vipre hasn't been able to detect this, I agree it's got to be hiding somewhere like you mentioned. I'll give those two programs you gave me a try, thanks.
-
A Former User last edited by
It really does sound like this is malware of some sort.
Things don't just install themselves without some other agent being involved.
When and if it happens again, look in Task Manager to see what's actually running.
If the file opera.exe is listed as running, find it on the system and look at its properties, especially the digital signature.
I'd be very surprised if it's a genuine opera file.
-
A Former User last edited by
Even if it's the genuine Opera, a third-party app may be pushing the installer. Maybe Opera partnered with a third-party to advertise their software and they have no knowledge this third-party is doing things like that perhaps to fool Opera into thinking this company's ad campaign is very successful...
We just don't know yet.
Until now we have no info about what's running in your system, no log, no screenshots... I'll remain skeptic. If it's proven Opera is doing that on purpose, I'll be the first to defend you and try to get this practice to shut down.
-
kuhlmanck last edited by
One step might be to disable and delete all MSIE toolbars.
What's your default browser? IE, Firefox, Chrome, ???
-
-
totrecal last edited by
You guys are great!
As I continue to dig into this I find a record in my Vipre antivirus that shows 22.0.1471.70 as the version of Opera that is being installed. Since July 8, there have been six downloads and installs. I've run both AdwCleaner and Malwarebytes, but not in safe mode. They did pick up a couple of culprits that Vipre has been blocking too. I've made a copy of my processes with no apps running, and will be watching for Opera to sneak in again. I'll be going back into safe mode to see what else I can catch. Vipre scan has been run in safe mode twice now.
Considering the response here, I really have to consider Opera as one of my browsers when I've solved this problem. What's the opinion here about what would happen, if I had the newest version of Opera already installed? Would I at least get some notice that Opera was already on my computer? Right now the only notice I get is the icon that shows on my desktop. My main browser right now is Firefox, and I rarely use Chrome. Internet Explorer has been deleted since this system was new. I could drop Chrome and add Opera.
I can't imagine Opera would be trying on its own to install on my system. Like most of you, I believe somehow I let the download/install sneak in with some other program. Until this started I had no connection with Opera.
I really have to thank all of you. Until I got on this forum it was beginning to look like I'd be formatting my hard drive, and starting over. Of course, I'm still not sure I've got a fix yet.
-
A Former User last edited by
It would be very interesting to see what would happen if you did install Opera "properly"!
-
totrecal last edited by
Went to youtube and checked old reviews of Opera from the beginning of the year. All pretty good on ver 19. Since I'm not really using Chrome, I think I'll install a "real" version tonight and see what happens. Might as well turn this lemon into lemonade.
-
-
A Former User last edited by
Internet Explorer has been deleted since this system was new.
Huh?
Come again?
-
totrecal last edited by
Joshl, I never found IE to be a very good browser. First thing I do is disable or delete it.
-
blackbird71 last edited by
...
I can't imagine Opera would be trying on its own to install on my system. Like most of you, I believe somehow I let the download/install sneak in with some other program. Until this started I had no connection with Opera.
I really have to thank all of you. Until I got on this forum it was beginning to look like I'd be formatting my hard drive, and starting over. Of course, I'm still not sure I've got a fix yet.The only "legitimate" instances of auto-repeating install attempts I've ever run across are when Windows attempts a user-initiated or auto-update installation and somehow things get fouled up such that the installation breaks in mid-stream. Depending on how the install fails, Windows may repeatedly attempt to continue the install but be unable to complete it. Consequently, the "stuck" install may even attempt to unsuccessfully repeat itself each time the computer is re-started or the installation of another program is attempted.
Because that seems significantly different from what you describe in your situation, because nobody has attempted an initial install of Opera on that system according to your posts, and because Opera ASA (being a reputable company) never attempts to force-install its software onto a computer that already does not have Opera installed (ie: update), the implication is that malware of one form or another is involved in your problem. The degree of maliciousness of that malware cannot be determined until it has been identified. What does seem clear is that your system has been compromised, with the degree and type of compromise remaining undetermined thus far. In such an atmosphere, I personally would not attempt to install anything new onto the system (including genuine Opera) until I had fully established the computer to be squeaky clean. In this case, 'squeaky clean' includes no longer experiencing the false Opera installation attempts, or any other abnormality. On the other hand, if you plan on reformatting the system anyhow, then of course you can do anything with it in the meantime.
As you probably know, malware can take many forms and embed itself in many ways, up to and including rootkits (which intercept the operating system's internal 'calls' to completely hide itself from a user unless he's using very specialized anti-rootkit tools - and even then, it can be difficult to detect and remove some rootkits). Until you can analyze the actual cause of your problem, you should consider the system to be compromised, and that should impact what you do and trust with the computer, especially passwords and financial transactions. If you elect a reformat of the drive and re-installation of Windows, be sure to do a low-level format to make sure that any possible malware in the Master Boot Record of the drive is also wiped out.
