• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

This forum thread needs a solution.
Kudos0

Opera Autoupdate detected as Heur.AdvML.B

Norton Security was recently ( a week or two ago) automatically installed on my computer without my permission when I was away from the keyboard by a program called "Norton Security Scan" that I've had for a long time.

For about three days now, several times a day files of the following pattern (long number varies)
C:\Windows\Temp\opera autoupdate\opera_installer_20168174929173.dll
and
C:\Windows\Temp\opera_installer_20168171540162.dll
are being blocked and quarantined, having been categorized by Norton as Heur.AdvML.B

There are also some in a different folder - such as c:windows\syswow64\config\systemprofile\downloads\opera autoupdate\opera_installer_201681736254774.dll

It is the ones in the main Temp folder that are getting Quarantined, and these are for Opera Beta, so I suspect the ones in the opera autoupdate subfolders may be for Opera Stable.  These are getting blocked rather than Quarantined.

I did a Live Chat but I felt uneasy about giving remote access to my computer to someone whose name suggested there was a high chance that he was in a third world country (India).  He suggested I also use Norton Power Eraser but that didn't find anything to do with Opera.

Both Opera Stable and Opera Next are saying that they are up to date, so it is questionable whether Norton Security is actually succeeding in blocking updates, though the opera_autoupdate.log in the C:\Windows\Temp\opera autoupdate\ folder says
[3092:3948:0817/173636:333935:WARNING:ipc_channel_win.cc(371)] Unable to create pipe "\\.\pipe\chrome.oauc_task_pipee59e7323ed1cebd78082538c8b9cbe70" in client mode: The system cannot find the file specified. (0x2)

The one in the c:windows\syswow64\config\systemprofile\downloads\opera autoupdate\ says 
[3744:6912:0817/172409:29640876:ERROR:ipc_channel_win.cc(213)] pipe error: 109

The one in the main C:\Windows\Temp\ folder says:
[3092:3948:0817/173636:333935:WARNING:ipc_channel_win.cc(371)] Unable to create pipe "\\.\pipe\chrome.oauc_task_pipee59e7323ed1cebd78082538c8b9cbe70" in client mode: The system cannot find the file specified. (0x2)

Control Panel\Programs\Programs and Features only shows two versions of Opera on my system:
Opera beta 40.0.2308.11
Opera Stable 39.0.2256.48

Replies

Kudos0

Re: Opera Autoupdate detected as Heur.AdvML.B

Hello PeterinScotland

What operating system are  you running? Are you using a Mac? If so, I will have your thread moved to the Mac Forum.

Thanks.

Success always occurs in private and failure in full view. Windows 10 Pro 64 bit Norton Core Security Plus 22.18.0.213 Core Firmware 282 I E 11 Chrome latest version.
Kudos0

Re: Opera Autoupdate detected as Heur.AdvML.B

Ummm.... no I'm not!  Do Macs run Windows?

I have Windows 7 Home Premium on a 64 bit system.

Kudos1 Stats

Re: Opera Autoupdate detected as Heur.AdvML.B

Hi PeterinScotland,

1. I successfully reproduced your issue: the install of Opera Beta just failed.

(Opera Beta & NIS 22.7.0.76)

Info:

 Workarounds:

  • 1) Consider 'sticking' to Opera Stable. Disable your Norton Security client temporarily; remove the beta build of Opera. 2) you remove both and reinstall the Stable one later. Using ONE Opera and avoid other beta product would be my suggestion.
  • To "Report a Suspected Erroneous Detection (False Positive)": please visit https://submit.symantec.com/false_positive/

Possible solution: switch Opera (aka, 360) software and try other better browser such as Vivaldi. For more instructions, you can re-read this troubleshooting post.

Off-topic content

 

PUP Hunter PRO: Just TRYING to save the world (U) from cyber threats, A single blog post, at a time, and ONCE & FOR ALL. (A fan of Nadia_Kovacs)
Kudos0

Re: Opera Autoupdate detected as Heur.AdvML.B

Norton Security was recently ( a week or two ago) automatically installed on my computer without my permission when I was away from the keyboard by a program called "Norton Security Scan" that I've had for a long time.

This sounds very odd. I have not heard of a program being able to install itself. This should not happen unless you are using a Windows admin account as your daily account. Then it would be 'possible'.  A standard Windows account would have asked for admin password before any install.

How many days of subscription are shown on the main Norton Security screen? Is it shown as trial?

If you are going to keep Norton, be sure you remove whatever security software you had before using the uninstall utility for that software.

Things happen. Export/Backup your Norton Password Manager data.
Kudos0

Re: Opera Autoupdate detected as Heur.AdvML.B

I have the same concerns as peterweb.  While Norton Security Scan is a free program, sometimes bundled with other free software you might download, Norton Security is a paid program.  It would not install itself and it would certainly not install at all unless you had purchased it or activated a trial version.

Kudos0

Re: Opera Autoupdate detected as Heur.AdvML.B

I don't know how it happened.  A child could have been in my room and hit a key when Norton was inviting me.  Or I could have hit a key without seeing what was on the screen in some way.  Who knows!  All I know is that I had been asked on several occasions in the past (and rejected), and I did not consciously consent this time.  

And yes, it is a trial with 17 days still remaining.  Thus if it's a 30 day trial the issue with Opera didn't occur till several days in.  Anyway since I don't want to be potentially exporting all my data to China I've (tentatively) switched to Vivaldi, as 20750065 suggested - imported all my stuff from Opera and it seems to be working well.  Nothing to do with the Norton alerts, just thought it might be a wise move.

Best wishes

Peter

Kudos1 Stats

Re: Opera Autoupdate detected as Heur.AdvML.B

The detection could go away very soon, please update your defs later.

Thanks,

Qichao

Kudos0

Re: Opera Autoupdate detected as Heur.AdvML.B

@20750065:

360 total security is a bad antivirus, this program installing unknown malware, adware, PUP, and toolbar. Last week I manual force removed it from my friend PC.

Kudos0

Re: Opera Autoupdate detected as Heur.AdvML.B

360 total security is a bad antivirus, this program installing unknown malware, adware, PUP, and toolbar. Last week I manual force removed it from my friend PC.

To be clear, 360 Total Security has nothing to do with Norton. That is the point that 20750065 was trying to make. Notice 'Avoid'.

Avoid Qihoo and/or 360 "Security": 3721 Toolbar (link is external)QIHOO & Kingsoft & PUPs (e.g., Driver Support, Ainishare) & aggressive CPI (link is external) members (e.g., locoy.com & Qjwmonkey)

Things happen. Export/Backup your Norton Password Manager data.
Kudos0

Re: Opera Autoupdate detected as Heur.AdvML.B

3721 Toolbar & Zhou's 360''TotalSecurity''

Zhous reign as the dark prince of the Chinese Internet dates back to his early success as the founder of the search and online marketing site www 3721 dot com, which became ubiquitous in China, sometimes (* too frequently) to the consternation of users who found the 3721 toolbar difficult to uninstall from their computers. He (Zhou) sold that (3721) business in 2004 to Yahoo China (...), then ran Yahoo China for 19 rocky months before splitting off to launch an eventual rival to his 3721 in Qihoo, creating yet another enemy in Yahoo China’s eventual owner, Jack Ma (Ma Yun, Alibaba founder) and Alibaba Group.

Then, troublemaker vs. troubleshooter - what's the "difference"? 

PS: 

Or why we frequently see things like fake Adobe Flash Player (bloated) installers that install your (360) product("PUA.Wews87")?

(Source: Thomas, one of Moderators at MBMA Forums) 

PPS: 

Potentially unwanted application (PUA). ... are programs that are not malicious but may be unsuitable for use in a business -- Sophos

PUP Hunter PRO: Just TRYING to save the world (U) from cyber threats, A single blog post, at a time, and ONCE & FOR ALL. (A fan of Nadia_Kovacs)

This thread is closed from further comment. Please visit the forum to start a new thread.