Malware found in Opera browser download for Windows?

jdomainer

jdomainer last edited by

I downloaded the 2 Opera files for Windows:

OperaSetup.exe AND
Opera_40.0.2308.54_Setup.exe

... I then checked them for virus/malware with:

https://www.virustotal.com

... and results show Malware present:

Malware.Heuristic!ET (rdm+)

Here is a link to a screenshot of the results: http://postimg.org/image/b49ahjen9/

I don't want to install Opera Browser until this is explained.
Anyone know what's going on?
Thanks in advance.

blackbird71

blackbird71 last edited by

Assuming you downloaded the programs from an official Opera site, it's a 'false positive' in the AV. Opera keeps their own download sites squeaky clean and virus-free. If you downloaded from a non-Opera site, all bets are off about the program safety.

A heuristically-identified 'virus' is when an AV analyzes a program and concludes it behaves in a virus-like way (eg: installing itself, installing other programs it has spawned, trying to set up access to the Internet, etc). This contrasts with the more-typical AV 'signature' ID where virus code matches the bit patterns (or signature) of known viruses. Normally AV software will white-list known-safe installer programs to avoid false positives of legitimate programs, but sometimes the AV signatures lag behind the real world and a new, clean software installer version will get ID'd as virus-like simply because it... well... 'installs' things. Normally, if a user runs into this on his own system AV, he should notify the AV maker to update his whitelists to add the installer to the AV whitelist. But with something like VirusTotal, the AVs are running at VT's site, so I'm not sure how one should communicate a false-positive for a known-clean program on an AV in VT's panel of AVs.

A Former User

A Former User last edited by

Find a way to upload it for inspection/analysis to the very VT whatever team. I use an AV that does it semiautomatic when it sees it necessary.

jdomainer

jdomainer last edited by

On the results page of virustotal.com ( https://postimg.org/image/b49ahjen9/ ), the AV company reporting the malware seems to be Rising Anti-virus. They are a Chinese company that have ceased supporting an English website, but do support a free version of their AV software. But I don't want to install their software. All other companies listed on virustotal.com show a clean file. But even 1 AV result showing malware is enough to want to be sure the file is safe. Other comments seem to inducate that the result is a false-positive.