Do more on the web, with a fast and secure browser!

Download Opera browser with:

  • built-in ad blocker
  • battery saver
  • free VPN
Download Opera

unwanted download and install

  • Rafaelluik,I'm not sure if it's a real Opera. I don't want to use software that magically appears on my system. So far, I delete it as soon as it appears. I am the administrator on my system, and have looked at the registry, scheduler, and all most everywhere else on my drive to find out what's calling for Opera to download and install. I've also been working with Vipre, my virus software people. They aren't having any success either. I thought someone on this forum might have heard of some hacker that thought we all should be using Opera.

    I'd consider using Opera, if it weren't for this intrusion on my system. Actually, I wouldn't have even known about Opera if it wasn't for this. I run Chrome and Firefox right now. When I've solved this problem I'll probably give Opera a try.

    Thanks for the comment Rafaelluik

  • I should mention I've deleted this install at least four times. Every three days it downloads and installs

  • In the week or so BEFORE you saw Opera first appear, did you download/install any software on the system, especially freeware? The behavior is reminiscent of an adware "software auto-updater" that too often users find bundled (sometimes covertly) with other downloads. These malicious programs embed themselves deeply in multiple ways so that they can respawn themselves periodically to do whatever they're trying to do.

    One of the ways to spot these is to look in Task Manager for suspicious processes that magically reappear if killed there, but you do have to have a "feel" for what should ordinarily appear there on your system so as not to kill a key system process.

    Also, take a look at your system using both AdwCleaner and Malwarebytes. They're free, highly reputable, and they can find things a regular antivirus program overlooks.

  • I don't want to use software that magically appears on my system.
    But you said "I'm not sure if it's a real Opera."

    So if it's a fake Opera browser or a highly modified version to get you to use other search engines that pay or promote this kind of distribution, to get you to see different ads and track you via extensions, made by a malicious person, or perhaps a third-party installer or utility pushing it into your system and you're going to blame Opera Software ASA for that and **** on their products?

  • blackbird71,that was my first thought. When the SSL thing hit the news I installed LastPass password generator, but not anything else. I've added Bitmeter since this started. I've searched out malicious software like you mentioned, but this one really has me stumped. Since Vipre hasn't been able to detect this, I agree it's got to be hiding somewhere like you mentioned. I'll give those two programs you gave me a try, thanks.

  • It really does sound like this is malware of some sort.
    Things don't just install themselves without some other agent being involved.
    When and if it happens again, look in Task Manager to see what's actually running.
    If the file opera.exe is listed as running, find it on the system and look at its properties, especially the digital signature.
    I'd be very surprised if it's a genuine opera file.
    🙂

  • Even if it's the genuine Opera, a third-party app may be pushing the installer. Maybe Opera partnered with a third-party to advertise their software and they have no knowledge this third-party is doing things like that perhaps to fool Opera into thinking this company's ad campaign is very successful...

    We just don't know yet.

    Until now we have no info about what's running in your system, no log, no screenshots... I'll remain skeptic. If it's proven Opera is doing that on purpose, I'll be the first to defend you and try to get this practice to shut down.

  • One step might be to disable and delete all MSIE toolbars.

    What's your default browser? IE, Firefox, Chrome, ???

  • Do a scan with Malwarebytes in safe mode.

  • You guys are great!

    As I continue to dig into this I find a record in my Vipre antivirus that shows 22.0.1471.70 as the version of Opera that is being installed. Since July 8, there have been six downloads and installs. I've run both AdwCleaner and Malwarebytes, but not in safe mode. They did pick up a couple of culprits that Vipre has been blocking too. I've made a copy of my processes with no apps running, and will be watching for Opera to sneak in again. I'll be going back into safe mode to see what else I can catch. Vipre scan has been run in safe mode twice now.

    Considering the response here, I really have to consider Opera as one of my browsers when I've solved this problem. What's the opinion here about what would happen, if I had the newest version of Opera already installed? Would I at least get some notice that Opera was already on my computer? Right now the only notice I get is the icon that shows on my desktop. My main browser right now is Firefox, and I rarely use Chrome. Internet Explorer has been deleted since this system was new. I could drop Chrome and add Opera.

    I can't imagine Opera would be trying on its own to install on my system. Like most of you, I believe somehow I let the download/install sneak in with some other program. Until this started I had no connection with Opera.

    I really have to thank all of you. Until I got on this forum it was beginning to look like I'd be formatting my hard drive, and starting over. Of course, I'm still not sure I've got a fix yet.

  • It would be very interesting to see what would happen if you did install Opera "properly"!
    🙂

  • Went to youtube and checked old reviews of Opera from the beginning of the year. All pretty good on ver 19. Since I'm not really using Chrome, I think I'll install a "real" version tonight and see what happens. Might as well turn this lemon into lemonade. 😉

  • You got the right spirit 😉

  • Internet Explorer has been deleted since this system was new.

    Huh?
    Come again?

  • Joshl, I never found IE to be a very good browser. First thing I do is disable or delete it.

  • ...
    I can't imagine Opera would be trying on its own to install on my system. Like most of you, I believe somehow I let the download/install sneak in with some other program. Until this started I had no connection with Opera.
    I really have to thank all of you. Until I got on this forum it was beginning to look like I'd be formatting my hard drive, and starting over. Of course, I'm still not sure I've got a fix yet.

    The only "legitimate" instances of auto-repeating install attempts I've ever run across are when Windows attempts a user-initiated or auto-update installation and somehow things get fouled up such that the installation breaks in mid-stream. Depending on how the install fails, Windows may repeatedly attempt to continue the install but be unable to complete it. Consequently, the "stuck" install may even attempt to unsuccessfully repeat itself each time the computer is re-started or the installation of another program is attempted.

    Because that seems significantly different from what you describe in your situation, because nobody has attempted an initial install of Opera on that system according to your posts, and because Opera ASA (being a reputable company) never attempts to force-install its software onto a computer that already does not have Opera installed (ie: update), the implication is that malware of one form or another is involved in your problem. The degree of maliciousness of that malware cannot be determined until it has been identified. What does seem clear is that your system has been compromised, with the degree and type of compromise remaining undetermined thus far. In such an atmosphere, I personally would not attempt to install anything new onto the system (including genuine Opera) until I had fully established the computer to be squeaky clean. In this case, 'squeaky clean' includes no longer experiencing the false Opera installation attempts, or any other abnormality. On the other hand, if you plan on reformatting the system anyhow, then of course you can do anything with it in the meantime.

    As you probably know, malware can take many forms and embed itself in many ways, up to and including rootkits (which intercept the operating system's internal 'calls' to completely hide itself from a user unless he's using very specialized anti-rootkit tools - and even then, it can be difficult to detect and remove some rootkits). Until you can analyze the actual cause of your problem, you should consider the system to be compromised, and that should impact what you do and trust with the computer, especially passwords and financial transactions. If you elect a reformat of the drive and re-installation of Windows, be sure to do a low-level format to make sure that any possible malware in the Master Boot Record of the drive is also wiped out.

  • Thanks for the input Blackbird71. Thought I was staying ahead of the criminals, but they keep making improvements.:(

  • I'll presume there isn't something else you know about that happens "every three days"? Does it always happen at the same time? (When you start up that day, 10:00 AM, etc.) Opera itself doesn't sound like something malware would install - though as suggested previously someone might include a malware extension - something to steal bank passwords or some such - or some of the fake search engines. Very strange ...

    If it always installs at the same time you might try watching for some strange process that runs just before that. Other than that - scan it before you delete it, perhaps? Send a copy of the installer to your AV people for them to examine?

    I have to presume whatever installer you get runs unattended - without any dialog that has buttons for Options, Install and Cancel? Presuming you're not an admin account in XP, do you get a UAC dialog (where Windows asks if the program is allowed to make changes to the computer)? Of course XP doesn't show such a dialog if you're an administrator.

  • sgunhouse, yesterday I was checking the history in Vipre,and in the Autopatch section I found a record of Opera installs. Turns out it's not every three days, but every two to four days and not the same time each day. I also found it strange that malware would want to install Opera. My thought was maybe Opera allowed access that my browsers didn't. It looks like Opera is more secure than Chrome or Firefox. So that might not be true.

    Right now we're trying to catch this process in the act so I can see what might be running then. This all happens in the background. I'm on Windows Seven. I was pleased to see Seven asks for permission to make changes to the hard drive, but whatever this is doesn't make itself known. At least not while it's running. I have installed Bitmeter, which I've used before when on XP. Since Bitmeter runs constantly, I can see a download even when my browser and email are closed.

    I've manually hunted down malware that got on a network I was administering, and had shut down Norton to infect the network. So it was a fairly sophisticated program, but that was years ago. Hackers have gotten a lot more clever, and I've been out of the business for quite a while now. It's been a very long time since I've had anything like this on one of my systems. Kind of scarey really.:(

  • @totrecal, have you tried using the free analysis tools like Process Explorer from Sysinternals (now part of Microsoft)? It gives a view of what has originated the various running processes. Also TCPview (also from Sysinternals/Microsoft) gives a view of what is in the TCP stack, from whence it originated, and where it might be calling out to.

Log in to reply