Opera Autoupdate detected by Norton Security as Heur.AdvML.B

peterinscotland

peterinscotland last edited by

Norton Security was recently ( a week or two ago) automatically installed on my computer without my permission when I was away from the keyboard by a program called "Norton Security Scan" that I've had for a long time.

For about three days now, several times a day files of the following pattern (long number varies)
C:\Windows\Temp\opera autoupdate\opera_installer_20168174929173.dll
and
C:\Windows\Temp\opera_installer_20168171540162.dll
are being blocked and quarantined, having been categorized by Norton as Heur.AdvML.B

There are also some in a different folder - such as c:windows\syswow64\config\systemprofile\downloads\opera autoupdate\opera_installer_201681736254774.dll

It is the ones in the main Temp folder that are getting Quarantined, and these are for Opera Beta, so I suspect the ones in the opera autoupdate subfolders may be for Opera Stable. These are getting blocked rather than Quarantined.

I did a Live Chat but I felt uneasy about giving remote access to my computer to someone whose name suggested there was a high chance that he was in a third world country (India). He suggested I also use Norton Power Eraser but that didn't find anything to do with Opera.

Both Opera Stable and Opera Next are saying that they are up to date, so it is questionable whether Norton Security is actually succeeding in blocking updates, though the opera_autoupdate.log in the C:\Windows\Temp\opera autoupdate\ folder says
[3092:3948:0817/173636:333935:WARNING:ipc_channel_win.cc(371)] Unable to create pipe "\.\pipe\chrome.oauc_task_pipee59e7323ed1cebd78082538c8b9cbe70" in client mode: The system cannot find the file specified. (0x2)

The one in the c:windows\syswow64\config\systemprofile\downloads\opera autoupdate\ says
[3744:6912:0817/172409:29640876:ERROR:ipc_channel_win.cc(213)] pipe error: 109

The one in the main C:\Windows\Temp\ folder says:
[3092:3948:0817/173636:333935:WARNING:ipc_channel_win.cc(371)] Unable to create pipe "\.\pipe\chrome.oauc_task_pipee59e7323ed1cebd78082538c8b9cbe70" in client mode: The system cannot find the file specified. (0x2)

Control Panel\Programs\Programs and Features only shows two versions of Opera on my system:
Opera beta 40.0.2308.11
Opera Stable 39.0.2256.48

sgunhouse

sgunhouse Moderator Volunteer last edited by

As far as Norton ... anything with "Heur" in the name is a heuristic match - they are warning you because they think the file is behaving like a virus, not because it actually matches any known virus. Up to you if you want to disable the heuristic rules, disable Norton, or just ignore it.

leocg

leocg Moderator Volunteer last edited by

False positive: http://www.opera.com/blogs/desktop/2016/08/opera-developer-update-41-0-2323-0/#comment-2841985285

A Former User

A Former User last edited by

Peter, next time you share some technical lines containing non-alphabet characters, use either putting it between backticks (like an accent diacritic sign, found far left in the EnGB layout) or placing it on a separate line starting it with four whitespaces.

Those Markdown instruments match respectively HTML's monospace and code formatting tools.