Windows Defender detecting Virus JS/Adrozek.A
-
-
-
Svarnoy60 last edited by
Removed the SaveFrom.net video upload extension. The threats are gone.
Who has this extension? -
-
VDNKh last edited byVery same problem here, it started to happen from 02/09 browsing ansa.it website: history for the last days recorded negligible browsing with just the usual 3 tabs opened (youtube (for music) , gpone and amazon; no extension added in months.
A full disk scan with Defender found the same threat in 4 different cache files and removed them: alerts still coming from the above mentioned file regenerating in js cache but any new full scan now is clean.
-
A Former User last edited by
@Svarnoy60 - I do not use the savefrom downloader. I have "Force Download 1.08" at ashus.ashus.net. and I have "HD Video Downloader". But I don't use them. I use IDM instead. I will disable the ones I don't use. But this is a hit or miss exercise. Why can't Opera troubleshoot this? I can't open the suspect js cache files because Defender quarantines them.
-
leocg Moderator Volunteer last edited by
@mouse said in Windows Defender detecting Virus JS/Adrozek.A:
But this is a hit or miss exercise. Why can't Opera troubleshoot this?
Basically, you already answered your own question. So far there doesn't seem to be a way to reproduce the issue and, therefore, there isn't a way to find out what the problem would be.
Those getting the alert should contact Microsoft and ask why the alert is popping up.
-
VDNKh last edited by
@leocg said in Windows Defender detecting Virus JS/Adrozek.A:
Those getting the alert should contact Microsoft and ask why the alert is popping up.
The alert pops up when some task in Opera re-creates the file named c0ac6bec106548d2_0 and it happens just leaving the browser open on the home page.
@mouse said in Windows Defender detecting Virus JS/Adrozek.A:
I can't open the suspect js cache files because Defender quarantines them.
You can access the quarantined file closing Opera (just to prevent code execution) and restore them from Defender's history.
-
leocg Moderator Volunteer last edited by
@VDNKh said in Windows Defender detecting Virus JS/Adrozek.A:
The alert pops up when some task in Opera re-creates the file named c0ac6bec106548d2_0 and it happens just leaving the browser open on the home page.
Most probably the file is being cached from a visited page or from an extension. That's why me and others don't see the alert. And that's why Microsoft needs to say why the file is being considered a threat.
-
-
A Former User last edited by
@leocg Thanks for the advice. But the last time I called MS, I told a tech person in the Philippines that I must have deleted a Microsoft system font. She said the only way to fix it was to re-install Windows 10! I fixed it after researching the matter and copying Segoe font into the Win font folder. Most are clueless. One in 100 have more knowledge than me.
-
tjall last edited by tjall
@burnout426 The weird thing is yesterday I got the same result trying to copy & paste that url to different text file - MSE started poping and deleting each file with the url.
But, today it doesn't - the file exists.
Wtf, are you sure you guys don't have the file still?
Please try to search "c0ac6bec106548d2_0"Seems like the Microsoft AV likes the file now... :S
-
burnout426 Volunteer last edited by
@mouse said in Windows Defender detecting Virus JS/Adrozek.A:
have "Force Download 1.08" at ashus.ashus.net.
I checked out the source of that one. It looks fine at least.
-
burnout426 Volunteer last edited by
@mouse said in Windows Defender detecting Virus JS/Adrozek.A:
HD Video Downloader
Link? I see a Chrome app for it, but not an extension.
-
tjall last edited by tjall
@Svarnoy60 said in Windows Defender detecting Virus JS/Adrozek.A:
Removed the SaveFrom.net video upload extension. The threats are gone.
Who has this extension?I had it, though I'm not sure it was it.
-
-
A Former User last edited by
@burnout426 - i think this is it: https://addoncrop.com/en/
But what is the suspect link now? Someone sounded like we know what it is.
-
-
A Former User last edited by
@tjall - I searched for "c0ac6bec106548d2_0" and didnt find it. But I've done nothing except let Defender do it's thing. No troubleshooting yet. And no Defender warning in 8 hours. So far.
-
burnout426 Volunteer last edited by
@mouse said in Windows Defender detecting Virus JS/Adrozek.A:
@burnout426 - i think this is it: https://addoncrop.com/en/
The Youtube Downloader one? I checked it out and it doesn't seem like that's the culprit. It does contain some obfuscated strings in its apps/scripts/background.js file though, so I wouldn't totally trust it without looking more into it and decoding the string escapes.
