Opera Virus
Opera Virus
OperaUSB 9.27 contains the Trojan.QQPass-737 virus. I have sent a message to the developer but no reply so far. OperaPortable does not have any virus problems but loads and exits very slowly. Too slowly for me.
You're both using ClamAV I presume?
At VirusTotal.com, only 3 of 32 virus scanners found anything wrong with operausb.exe, and 2 of them were generic warnings rather than finding a known variant.
At virusscan.jotti.org only 1 of 21 scanners found anything, and it was ClamAV. Because ONLY ClamAV found anything, the following message came up:
POSSIBLY INFECTED/MALWARE (Note: this file was only classified as malware by scanners known to generate more false positives than the average scanner. Do not consider these results definately accurate. Also, because of this, results of this scan will not be recorded in the database.)
ClamAV has a higher than normal incident of false positives.
In addition, the Bit9 report for operausb.exe is ''No threat detected.''
In other words, no, OperaUSB doesn't contain malware or a virus; it's just triggering a very small amount of false positives.
Queue
At VirusTotal.com, only 3 of 32 virus scanners found anything wrong with operausb.exe, and 2 of them were generic warnings rather than finding a known variant.
At virusscan.jotti.org only 1 of 21 scanners found anything, and it was ClamAV. Because ONLY ClamAV found anything, the following message came up:
POSSIBLY INFECTED/MALWARE (Note: this file was only classified as malware by scanners known to generate more false positives than the average scanner. Do not consider these results definately accurate. Also, because of this, results of this scan will not be recorded in the database.)
ClamAV has a higher than normal incident of false positives.
In addition, the Bit9 report for operausb.exe is ''No threat detected.''
In other words, no, OperaUSB doesn't contain malware or a virus; it's just triggering a very small amount of false positives.
Queue
Erm, I wasn't blowing ClamAV users off; just trying to be very clear that it was a false positive.
Keep in mind that false positives are very dangerous; a user will become conditioned to ignoring virus or malware warnings if they get false positives all the time, rendering the anti-virus they're using useless.
The options available are to contact the anti-virus maker(s) and tell them about the false positive, or contact the software maker(s) so they can contact the anti-virus maker(s). Well, or change anti-virus solutions, or discontinue the use of an anti-virus, but those options are a tad extreme for one false positive.
Queue
Keep in mind that false positives are very dangerous; a user will become conditioned to ignoring virus or malware warnings if they get false positives all the time, rendering the anti-virus they're using useless.
The options available are to contact the anti-virus maker(s) and tell them about the false positive, or contact the software maker(s) so they can contact the anti-virus maker(s). Well, or change anti-virus solutions, or discontinue the use of an anti-virus, but those options are a tad extreme for one false positive.
Queue
Code: Select all
@ECHO OFF
IF EXIST o9u.dat GOTO REPLACE
IF NOT EXIST o9u.dat GOTO CREATE
:REPLACE
ECHO Loading the last position file
set /p opera9lastposition=< o9u.dat
ECHO The last position was "%opera9lastposition%"
cd > o9u_temp.txt
set /p opera9actualposition=< o9u_temp.txt
del o9u_temp.txt
ECHO The actual position is "%opera9actualposition%"
IF "%opera9lastposition%"=="%opera9actualposition%" GOTO NOTHING
@echo "-s%opera9lastposition%" "-r%opera9actualposition%">rules.dat
gsar -s:: -r:::: -o rules.dat
set /p rules=<rules.dat
set prefix=gsar %rules% -iol
echo Rules upgraded
rem // begins the party
%prefix% mail\index.ini
%prefix% profile\opera6.ini
%prefix% operadef6.ini
%prefix% spellcheck.ini
%prefix% profile\widgets\widgets.dat
%prefix% profile\override.ini
:CREATE
ECHO Creating the location file
cd > o9u.dat
GOTO END
:NOTHING
ECHO The same position, nothing to do
GOTO END
:END
start Op.com %1
The virus shows within the operausb launcher which the developer has complete control over. False positive or not all he has to do is move some code around and the signature will disappear. Why wouldn't he want to do that?
As far as clamwin goes it is only one of several programs depending on the clamav database including clamav in linux where operausb runs under wine. All these programs find and disable the program rendering it useless. This is particularly a loss in linux where it is the only way to run Opera on 64bit kernels. So when you basically say the problem should be ignored that amounts to blowing off all those people. Clamwin is part of the portableapps stuff and winpenpack and someone using operausb is also more likely to know about clamwin that the everyday user. I have been using clamXXX in one environment or another for years and have had no memorable experience with false positives.
Here's a neat trick if the developer ever fixes operausb. Copy the entire operausb folder to the bin folder of aspell when it has been portablized by pidgenportable or winpenpack's notepad++ for instance, and spellcheck works.
As far as clamwin goes it is only one of several programs depending on the clamav database including clamav in linux where operausb runs under wine. All these programs find and disable the program rendering it useless. This is particularly a loss in linux where it is the only way to run Opera on 64bit kernels. So when you basically say the problem should be ignored that amounts to blowing off all those people. Clamwin is part of the portableapps stuff and winpenpack and someone using operausb is also more likely to know about clamwin that the everyday user. I have been using clamXXX in one environment or another for years and have had no memorable experience with false positives.
Here's a neat trick if the developer ever fixes operausb. Copy the entire operausb folder to the bin folder of aspell when it has been portablized by pidgenportable or winpenpack's notepad++ for instance, and spellcheck works.
I (at least) am not saying it should be ignored; I've just said (over and over) it's a false positive. I already specified the proper channels to get it resolved: contact the AV maker or the software maker.
Also, it's not the responsibility of a software maker to byte shift to dance around a false positive; the AV maker is responsible for dealing with false positives (though they need to be informed that there is an issue; expecting them to have run into the false positive you have is unreasonable). The problem needs to be fixed, not circumvented; fixing a false positive further refines the AV software.
What this is really doing is highlighting why I'd never use an active scanner and just use on-demand scanning. =/
Queue
Also, it's not the responsibility of a software maker to byte shift to dance around a false positive; the AV maker is responsible for dealing with false positives (though they need to be informed that there is an issue; expecting them to have run into the false positive you have is unreasonable). The problem needs to be fixed, not circumvented; fixing a false positive further refines the AV software.
What this is really doing is highlighting why I'd never use an active scanner and just use on-demand scanning. =/
Queue
I know it's a false positive and I have sent a notice to clamav at sourceforge. You want to go on about whose responsibilty things are and I am just saying (over and over) that someone who goes to the trouble of putting together a nice package like operausb and then puts it out for free must certainly be hoping people will use his work so he should make it usable instead of pointing fingers. A simple little byte shift never hurt anyone. You have the oceanliner of a project like clamav and the rowboat of operausb. Which one do you think is easier to turn? By the way, clamwin is not an active scanner, just on-demand.
Try this:
Use UPX Shell ( http://www.portablefreeware.com/?id=721 ) on operausb.exe
This will shrink the filesize from 145kb to 65kb (55.15% file compression).
It will save a little bit space on your USB, Opera will start faster and
ClamAV will not show "false positive".
Use UPX Shell ( http://www.portablefreeware.com/?id=721 ) on operausb.exe
This will shrink the filesize from 145kb to 65kb (55.15% file compression).
It will save a little bit space on your USB, Opera will start faster and
ClamAV will not show "false positive".
Or just use the code I posted above. Save it as a .bat file and you can delete operausb.exe.
This will shrink the filesize from 145kb to 953b (99.37% file compression).
It will save a little bit space on your USB, Opera will start faster (also faster that upxed) and
no AV will show "false positive".
This will shrink the filesize from 145kb to 953b (99.37% file compression).
It will save a little bit space on your USB, Opera will start faster (also faster that upxed) and
no AV will show "false positive".