[Solved]Opera auto-updater flagged by Avast - false positive?
-
schikaneder last edited by
Hello,
Wasn't using Opera, but its auto-updater and Installer got flagged by Avast file detection system as 'suspicious'. Opened Opera later and it updated itself when I clicked "About Opera". Here's the reported detection by Avast.. Can anyone confirm that this is a false positive?:"C:\Windows\Temp\Opera_installer_2017422425122.dll [L] Win32:Evo-gen [Susp] (0)
C:\Windows\Temp\opera autoupdate\Opera_installer_2017422654251.dll [L] Win32:Evo-gen [Susp] (0)" -
donq last edited by
Upload this dll into virustotal.com and if it has less than 5-10 hits, then it is certainly false positive.
-
sgunhouse Moderator Volunteer last edited by
Suspicious is not an actual positive ...
If they mark something as "suspicious" that means they think it is acting like a virus would, and any background updater looks the same as a "file dropper" (the part of a virus that downloads the rest of it). So nothing unusual there.
-
schikaneder last edited by
Thanks for the replies.. however, the temp files flagged by Avast disappeared afterwards (and they were not quarantined), so there's nothing to upload to VT. Is that normal for temporary files during Opera update process?
-
Deleted User last edited by
Is that normal for temporary files during Opera update process?
Yes.
Win32:Evo-gen sounds alarming but appears to be a codename used exclusively by Avast. It does not indicate a ‘positive’ in any way and only informs you of possible malicious behaviour of a program.
Without being able to analyse the file or knowing the file hash, no one would be able to give you a concise answer.
Opera uses a similar naming convention for files saved to that folder. After updating, the update files are removed which matches your story.