Opera 27 Flash flag Mimics Flash Player Update Malware

  • I've been using a software (Alternative Flash Player Auto-Updater) for over a year to avoid the annoying Adobe demands for updates. No more stop everything and take care of Adobe. But since I updated to Opera 27, I was getting a system message alerting me that my Adobe Flash was not up-to-date. I didn't see any way to turn it off. I knew my Flash was up-to-date because it was the version on the official adobe website.

    So I did a little checking and discovered that there is a known malware that appears to be a system message that takes you to a site that looks like Adobe but isn't and...you know the rest... it dumps crap on your computer.

    I spent the entire morning with Malware Bytes, Hitman, and AdwareCleaner to remove malware. Updated Alternative Flash Player Update to latest version and everything seemed fine.

    Later that day. looking for a way to go back to the old Opera menu bar (which should be restored btw) I came across the experimental flags for Opera 27. Lo and behold there is a Adobe Flash Updater that is enabled in Opera 27. It uses Windows System to notify Opera Users that their Adobe Flash is out of date. It looks and operates exactly like the malware version.

    I disabled the flag.

    Now I don't know if I had malware at all.

  • i surprised your not been having issues with TLS websites on XP SP2,
    Make a clone of your HDD {{and remove the activator or/and change your product key that supports SP3(assuming its not a genuine install)}} and download SP3 and install it and enable POS mode updates(not had any issues with system that Require XP due to old printers and such), if you Really need to still use XP

    google XP POS mode to get the reg file so you can turn updates back on in XP

    really you need to get onto windows 7 (most systems only need 2GB of ram to run it and make sure video card is a intel 945 or higher)

  • I can appreciate the possible confusion about Flash update warning messages. But according to what you've written, your Flash was known to be up to date - so there's a fair likelihood you were receiving a drive-by malware attempt from some website or its ad-space to try to get you to respond and download a fake Flash program containing malware. The initial fake message is not usually a malware infection itself, but instead the doorway to it if you click and install it. Your description is backwards: the malware's message tries to look exactly like a legitimate system notification, but has nothing to do with actual Flash version status; a system Flash update notification is an actual legitimate update warning message. The system message doesn't look like the malware, the malware tries to look like the system message - the difference is significant.

    Since you ran the appropriate 3 anti-malware programs often employed to initially test for infection, their results should tell you whether you were actually infected. Keep in mind that any site's code can throw up any kind of message to your browser, but that doesn't mean its true, and that doesn't mean the message itself necessarily constitutes an infection. If you have any remaining concerns about possible infection, run a full system scan with your antivirus program.

    There's no way Opera or any other software product can prevent malicious people from copying their legitimate messages (whatever they look like) and trying to convince a user the fakes are genuine. In the case of Flash update warning messages while browsing, the safest rule of thumb should always be to close them immediately (via Alt+F4) without clicking anywhere within the message window to avoid any chance for click-triggered infections. Then go to the Adobe Flash site and check for genuine updates there. Never download a Flash update from a pop-up warning message.

    There also, of course, remains a possibility that the Flash version employed by your Opera installation is not the version you believe it to be, depending on how you last updated Flash and whether the latest version plug-in was properly inserted into Opera. In that case, the message might have been legitimate. Only by directly examining the plug-in version information via Opera or visiting the Adobe Flash test site using Opera can you be sure of Opera's plug-in version. If you've done either of these successfully, then this is not a possible cause of a legitimate message.

  • i thought flash was now apart of Opera 27 (same as chrome) it updates when opera updates (as all my flash installed has same version (just uninstalled Flash for activeX as i have no need for it in IE or chat apps that have ad banners in flash!)

    but tend not to use Opera that much due to slow downs when typing and basically not very good spell checker (chrome gets corrections from the web if enabled)

  • No, Opera does not include Flash.

  • I also got this pop-up flag in the bottom right corner saying that there was a new Flash version ready for download. I have latest Opera 27 and Windows 7. I was sure I had the latest Flash player intalled so I didn't understad this message, because it looked "serious". I remember I also had the same "problem" after Avira antivirus intalled the latest version a few months ago. In the following days, there was popping up a flag with the message that there was a new Avira antivirus ready to download, even if I had the latest version.

    So, yesterday I run a full system scan with my Avira Free antivirus, and it found 2 detections on my computer and took care of them.

    After this system scan I now seems to got rid of this pop-up flag, I think.

  • Sorry, the Flash Player flag did pop up again. Now I don't know how to get rid of this malware or what ever it is?

  • I personally recommend you give malwarebytes a try, download the free version (from their own site, to be sure) and do a full scan. You may have to restart your computer and do another scan or two, just to be sure that it has found and removed every piece of malware it could.

  • You may be sure the latest NPAPI Flash version installed, but Opera should be pushing you to install the latest PPAPI Flash version which is the optimal one being used by Opera now.

    This could be the misunderstanding, I don't suspect it's malware.

    Can you post a screenshot of the update message?

  • Hello rafaelluik

    I have the latest version of ActiveX and NPAPI plug-in (v.16.0.0.296) But PPAPI plug-in is NOT installed on my computer.
    What is the difference of NPAPI and PPAPI plug-ins, and do I need both?

    Sorry I ask, but I'm not a computer guru, just a average Joe.

  • You don't need both. You only need PPAPI flash. NPAPI is the old Netscape style of plugin and its going away. Chrome and Chroma based browsers, which include Opera, will drop support for NPAPI very soon. So get the PPAPI version.

  • You can download the PPAPI version for Windows from Adobe, but it will not be the latest version. For some reason, they provide C:\Windows\system32\Macromed\Flash\pepflashplayer64_16_0_0_280.dll

  • Now I have installed the latest Flash Player PPAPI (16.0.0.305). I will see if the popup flag have disappeared in the coming days and I'll be back with the results.

    Thanks for helping. 🙂

  • @jarmush What lando242 said.
    But if you have Mozilla Firefox, another Mozilla-based browser or Steam installed for example you may want to keep the NPAPI version for the moment because they still use it for now.

  • how can i block auto update of opera 27.0.1689.66 . please help me.

    [Mod edit: email address removed for user's own safety]

  • Uhh no. Don't hijack other peoples threads. The answer can already be found elsewhere on the forums. In fact its easily found with a google search too. Finally, if you can't be bothered to check your own thread for the answer to your question I can't be bothered to give it to you nor will I render my email to what is no doubt a spammers honey pot.

  • how can i block auto update of opera 27.0.1689.66

    Try this: https://forums.opera.com/post/36857

    And, as said, please do not hijack topics.

  • Yess, the Flash player popup flag have now disappeared, after installing correct Flash player (PPAPI).

    Case solved. 🙂

  • I'm so glad I found this thread! I've scanned my laptop so many times for malware, finding nothing. It's a relief to have this popup explained.

    I do have the most up to date version of Flash installed on my computer, but in the Opera settings, it says NPAPI. How do I get the PPAPI version when the Adobe Flash Player website says I already have the most up to date version? And the Flash version I have works just fine in the Opera browser, I just get the popup once a day. Should I download Flash and install it again using the Opera browser this time? And if so, how will that affect the way Flash works in other browsers? Opera is not the default on this computer. DH uses this computer as well and prefers Firefox, so just for ease of use, that is the default browser.

    Or should I just go to the experiments setting in the Opera browser and disable the Flash update notification?

  • Just do a goggle search for the PAPPI download.

Log in to reply
 

Looks like your connection to Opera forums was lost, please wait while we try to reconnect.