Windows Defender detecting Virus JS/Adrozek.A

vendimia

vendimia last edited by leocg 6 Sept 2020, 04:09 6 Sept 2020, 00:49

Hello, I hope you can help me.

I have a problem that is happening to me on all my computers and also to other people I know who use Opera.
The problem is that Windows Defender detects the files that Opera generates in the following location as a virus

file: C:\Users\Usuario\AppData\Roaming\Opera Software\Opera Stable\Code Cache\js\c0ac6bec106548d2_0

I deleted everything that was in that folder but when Opera starts to create the files again Windows defender starts notifying me of viruses all the time, I think they are Opera cache files, it becomes impossible to use because it is one alert after another.
Deactivate extensions and stay the same

leocg

leocg Moderator Volunteer @vendimia last edited by 6 Sept 2020, 04:10

@vendimia You need to try to find out from which page it's coming from. Supposing that it's not a false positive.

vendimia

vendimia @leocg last edited by 6 Sept 2020, 04:53

@leocg Hi! The page that generates it is indistinct, even if I clean the history and cache it happens again, here I leave a link to this report that other users already experience.
https://answers.microsoft.com/es-es/protect/forum/all/windows-defender-me-detecta-archivos-temporales/0e10a04a-06a1-4782-b51c-0e91bf992734

sgunhouse

sgunhouse Moderator Volunteer last edited by 6 Sept 2020, 05:52

Whigh websites do you have open? What extensions are installed? Either might be downloading a virus to your system.

leocg

leocg Moderator Volunteer @vendimia last edited by 6 Sept 2020, 06:01

@vendimia Did you empty the Code Cache folder, where the supposed malware were found?

Your are probably visiting the problematic page again, so you are getting the alert.

quocvo

quocvo @vendimia last edited by 6 Sept 2020, 14:06

@vendimia I got the same problem

tjall

tjall last edited by 6 Sept 2020, 19:46

+1

rxckeet

rxckeet last edited by 6 Sept 2020, 19:52

yea, same.

burnout426

burnout426 Volunteer last edited by 7 Sept 2020, 02:03

I'd copy the file and look at it in a text editor and hex editor to see if there's anything revealing. Might have to run it through a Javascript bytecode decompiler or something too.

Anyone want to zip up the file and make it available for download?

tjall

tjall last edited by 7 Sept 2020, 10:37 This post is deleted!

wanderlei

wanderlei last edited by 8 Sept 2020, 04:14

Same issue for me. Opera browser keeps generating this threat. Website visited is irrelevant to its creation.

leocg

leocg Moderator Volunteer @wanderlei last edited by 8 Sept 2020, 05:43

@wanderlei So after you have cleaned cache and the directory mentioned on the alert, you get the alert again in the first page you visit?

burnout426

burnout426 Volunteer last edited by burnout426 8 Sept 2020, 06:36 8 Sept 2020, 06:32

@tjall, just pasting this part of the URL you posted in Notepad++ triggers Windows Defender for me (in the Notepad++ backup file that gets auto-generated for the document):

I suggest others with this problem look in the detected file to see what URL is listed. Just in case, do a screen shot of it or something so it doesn't trigger defender when users visit this thread

Svarnoy60

Svarnoy60 @leocg last edited by 8 Sept 2020, 07:52

@leocg @vendimia Вам нужно попробовать узнать, с какой страницы он идет. Предположим, что это не ложное срабатывание.

ни с какой страницы. просто при открытии браузера

vsolanic

vsolanic last edited by 8 Sept 2020, 08:20

I have the same issue. Is it clear by now if it is a real virus, or what exactly it is?

wanderlei

wanderlei @leocg last edited by 8 Sept 2020, 08:37

@leocg said in Windows Defender detecting Virus JS/Adrozek.A:

@wanderlei So after you have cleaned cache and the directory mentioned on the alert, you get the alert again in the first page you visit?

What happen with me, I got alert from defender, I removed the suspect file, I start browsing completely different site, the same alert from defender again. This happened 6 times across different sites.

I downloaded and ran malwarebytes but everything thing was clean.

I run a few extensions, I will disable all of those and see what happens.

mouse

mouse last edited by 8 Sept 2020, 08:39

@wanderlei said in Windows Defender detecting Virus JS/Adrozek.A:

wanderlei

I suspect you're right. It's not a bad web page. Not likely that we're all on that web page. This has been happening for just a few days. I think it's a false positive. When I run Super anti-spyware or Spybot on the cache, it picks up no threat. But i could be wrong.

jclinansmtih

jclinansmtih last edited by 8 Sept 2020, 08:41

Same thing just started popping up for me too. Only with Opera. I am starting to wonder if there is something going on with Windows Defender and Opera. We all cant be visiting the same sites who have posted in this thread.

quocvo

quocvo last edited by 8 Sept 2020, 11:38

I just removed a video dowloader extension. And It worked. Hope it help.

burnout426

burnout426 Volunteer @quocvo last edited by 8 Sept 2020, 11:44

@quocvo What's the name and link of the extension?