[Solved]Opera auto-updater flagged by Avast - false positive?

  • Hello,
    Wasn't using Opera, but its auto-updater and Installer got flagged by Avast file detection system as 'suspicious'. Opened Opera later and it updated itself when I clicked "About Opera". Here's the reported detection by Avast.. Can anyone confirm that this is a false positive?:

    "C:\Windows\Temp\Opera_installer_2017422425122.dll [L] Win32:Evo-gen [Susp] (0)
    C:\Windows\Temp\opera autoupdate\Opera_installer_2017422654251.dll [L] Win32:Evo-gen [Susp] (0)"

  • Upload this dll into virustotal.com and if it has less than 5-10 hits, then it is certainly false positive.

  • Suspicious is not an actual positive ...

    If they mark something as "suspicious" that means they think it is acting like a virus would, and any background updater looks the same as a "file dropper" (the part of a virus that downloads the rest of it). So nothing unusual there.

  • Thanks for the replies.. however, the temp files flagged by Avast disappeared afterwards (and they were not quarantined), so there's nothing to upload to VT. Is that normal for temporary files during Opera update process?

  • @schikaneder

    Is that normal for temporary files during Opera update process?

    Yes.

    Win32:Evo-gen sounds alarming but appears to be a codename used exclusively by Avast. It does not indicate a ‘positive’ in any way and only informs you of possible malicious behaviour of a program.

    Without being able to analyse the file or knowing the file hash, no one would be able to give you a concise answer.

    Opera uses a similar naming convention for files saved to that folder. After updating, the update files are removed which matches your story.

  • @tufuzay Thanks :) I did report this as a likely false positive to Avast.

Log in to reply
 

Looks like your connection to Opera forums was lost, please wait while we try to reconnect.