Antivirus warning message on 00000000

arkanoiz

arkanoiz last edited by

Hi, Kaspersky Antivirus 2013 (licensed) is warning me about an Opera file named

00000000

located in

C:\Documents and Settings\loren_000\AppData\Roaming\Opera Software\Opera Next\File System\005\t\00

The warning translated sounds like "Legal software possibly usable by ill-intentioned users to damage the computer or personal data".

What is it? Should I keep it or thrash it?

edit: I'm on Windows 8, Opera Next 20.0.1387.24

Deleted User

Deleted User last edited by

It's likely a false positive. I wouldn't be concerned about it.

j7nj7n

j7nj7n last edited by

I believe that "File System" contains temporary files written by some webpages for their "private" use. The browser gives access to this directory to websites. Mega.co.nz used to store downloaded files there. You could identify the contents of the detected suspicious file, and determine on which site you've seen it before.

arkanoiz

arkanoiz last edited by

Originally posted by j7nj7n:

I believe that "File System" contains temporary files written by some webpages for their "private" use. The browser gives access to this directory to websites. Mega.co.nz used to store downloaded files there. You could identify the contents of the detected suspicious file, and determine on which site you've seen it before.

There aren't any human readable files there. How can I recognize the sites?
I'm going to try a general cleanup and see. Thank you guys!

j7nj7n

j7nj7n last edited by

The files are likely to belong to a site facilitating large file transfers. Other sites usually use Cookies or Local Storage to store smaller data sets.

I'm not aware of any programs to browse the "File System" with unobfuscated file names. "00000000" is missing an extension. You should be able to open it in a hex editor to see what type of file it is. One level up under Paths (005\t\Paths) there might be some *.log files that could shed some light on the origin of this data.

My guess is that an executable, potentially malicious file was downloaded on your computer some time ago, and hasn't been deleted from this temporary "File System". Any files from MEGA will be kept there forever, or until the website who owns them removes them.

You can probably delete the entire File System directory without losing valuable data. It will be recreated once a website makes use of it again.

operahar

operahar last edited by

What the Heck is going on here? Kaspersky is reporting it as Malware, the one on my PC is 426k, is dated 9/15/2014, and starts with "This program cannot be run in DOS mode". The description I get from my Kaspersky Internet Security app is "Legitimate program that can be used by criminals to damage your computer or personal data." For crying out loud - it's an executable file without an extension! WHY doesn't a knowledgeable Forum Administrator or Opera Software-Developer type chime in with an explanation? Some have made guesses and offered unsupported suggestions, for which they should be thanked, but that's not an explanation! WHY does Opera bury a weirdly-named executable file without an extension deep in the "File System" directory, and then ignore a forum posting with "Antivirus warning" in the title - which also contains the filename?

I don't know that the file is as dangerous as Kaspersky would lead one to believe; I don't think it is. The warning pops up after a reboot, but is only up for 2-3 seconds, so I don't know how long it's been going on. If Kaspersky is the only one reporting it, then maybe Kaspersky is being overly zealous. Then again, Kaspersky is a premier anti-malware application, so maybe the others just aren't as good as Kaspersky. Still, legitimate concerns are being expressed by Opera users, and those concerns deserve being addressed - by a Forum Administrator or Opera Software-Developer type. Deleting the file is an attractive idea, but my experience with Software Developers is that they tend to include in the build-kit files that are necessary for the full functionality of the application - functionality that may not get used for days, weeks or months after someone does something stupid - like deleting a required file.

blackbird71

blackbird71 last edited by

What the Heck is going on here? ... For crying out loud - it's an executable file without an extension! WHY doesn't a knowledgeable Forum Administrator or Opera Software-Developer type chime in with an explanation? Some have made guesses and offered unsupported suggestions, for which they should be thanked, but that's not an explanation! ...

What is "going on here" is that this is an Opera "helps" forum where ordinary Opera users help other Opera users with problems. Sometimes Opera developers may scan forum indices for relevant topics or pass by and chime in, but 'developer' input is not the norm here. Moreover, the thread you resurrected with your post was 10 months dormant, with no further additions until yours.

That having been said, Kaspersky is reporting the file as "legitimate" by itself, but there's something about it that Kaspersky doesn't like - perhaps either the location where it was found or the program contained within the file for some unmentioned reason. Perhaps it's some kind of heuristic-detection thing with Kas... perhaps it's a false positive... perhaps it's a fragment of some malware attack... or perhaps it's a fragment of something shoved at or by Opera when it visited some site. Indeed, Kaspersky is normally a good anti-malware application, but it (like all other security software) has both blind spots and false-alarm potential. The warning it is providing about this file appears to be silent on any real details. At this point, I would suggest submitting the file, if possible, to something online like Viruscan http://www.virscan.org/ and see what they say about it.