Opera browser is trying to visit a harmful website everytime I open it

  • Thread starter Thread starter Wrichik Basu
  • Start date Start date
Click For Summary
SUMMARY

The issue of Opera browser attempting to access the harmful website tudap.ru on a Windows 7 32-bit desktop was resolved by identifying and removing the "All-in-All Downloader" extension. Despite running full system scans with Quick Heal and Malwarebytes, no malware was detected, indicating that the problem stemmed from a browser extension rather than a virus. The user confirmed that the pop-up only occurred in Opera, and after a process of elimination, the problematic extension was pinpointed and subsequently removed, resolving the issue.

PREREQUISITES
  • Understanding of browser extensions and their impact on browser behavior.
  • Familiarity with Quick Heal and Malwarebytes for system scanning.
  • Basic knowledge of how to manage and disable browser extensions in Opera.
  • Awareness of the potential risks associated with unknown websites.
NEXT STEPS
  • Research how to manage and troubleshoot browser extensions in Opera.
  • Learn about the security features of Quick Heal and how to configure its firewall settings.
  • Investigate the implications of accessing websites flagged by security software.
  • Explore community forums for Opera to gain insights on common issues and solutions.
USEFUL FOR

This discussion is beneficial for users experiencing similar issues with browser pop-ups, web developers troubleshooting browser extensions, and anyone interested in enhancing their understanding of browser security and management.

Wrichik Basu
Science Advisor
Insights Author
Gold Member
Messages
2,180
Reaction score
2,690
On our Windows 7 32-bit desktop, we have two browsers: Opera (default) and Chrome. Both are updated to the latest version.

Every time we open Opera, we get this message from Quick Heal:

1600360790297.png

This pop-up is not shown when Chrome is opened.

I cannot understand who is trying to access this website: tudap.ru. Is there some type of virus in the system? I conducted a full system scan with Quick Heal and also with the Malwarebytes tool, but nothing was found. This problem has started very recently; maybe only some weeks old.

Any idea how this can be solved? Is an extension causing this problem?
 
Computer science news on Phys.org
What is more disturbing is that Chrome did not find it?

It could well be a virus that is doing this popup. I did check and Quick Heal is a valid provider of internet security from India. So perhaps a Quick Heal chrome plugin isn't installed.

How about trying Firefox?

More on tudap here:

https://rankchart.org/site/tudap.ru/

Seems safe from Google's and Semantics perspective, hence not being flagged.
 
I would take a look at the home page URL that is set in Opera. It's probably not what you expect.
 
  • Like
Likes   Reactions: MikeeMiracle, sysprog and jedishrfu
It's possible that Opera has a browser extension installed that Chrome does not.
 
  • Like
Likes   Reactions: sysprog and jedishrfu
jedishrfu said:
What is more disturbing is that Chrome did not find it?
Yes.
jedishrfu said:
So perhaps a Quick Heal chrome plugin isn't installed.
There is no Quick Heal plugin. The software works on all browsers on the system. It acts like a firewall.
jedishrfu said:
How about trying Firefox?
The pop-up is coming only with Opera.
 
Borg said:
I would take a look at the home page URL that is set in Opera. It's probably not what you expect.
It is set to the Opera Start Page, and that is what we had set it to.
DaveC426913 said:
It's possible that Opera has a browser extension installed that Chrome does not.
True, Opera has two extensions that Chrome doesn't have. But they have been there for ages.

I checked the Quick Heal report page, and it seems the problem started from 26/8/2020. I don't remember installing any new software/extension during/before that time which can cause this problem.
 
I checked online and could find no reports related to the tudap website as a bad site to visit perse although it does come from the Russian Federation.
 
  • Like
Likes   Reactions: Wrichik Basu
jedishrfu said:
I checked online and could find no reports related to the tudap website as a bad site to visit perse although it does come from the Russian Federation.
The fact that it is not a harmful site lowers the worries. But one question remains: why is Opera trying to reach this site every time it is opened? I can configure Quick Heal firewall to allow access to this site, but I can't see any application installed on my PC that would normally want to reach this site.
 
  • #10
Found the cause of the problem: it was this extension: https://addons.opera.com/en/extensions/details/all-in-all-downloader/

It was installed for many years, so I never suspected it. Removed it, and now everything is fine.

Thanks everyone for the suggestions/advice/help.
 
  • Love
  • Like
Likes   Reactions: DaveC426913 and jedishrfu
  • #11
How did you discover it? process of elimination, or some scan of code?

EDIT: Okay I see a user comment on the link you provided flags it as spam.
 
  • #12
jedishrfu said:
How did you discover it? process of elimination, or some scan of code?
Yes, simple process of elimination. I disabled all the extensions, and restarted the PC. On opening Opera, the pop-up was no longer coming. So I started enabling the extensions one by one. As soon as I enabled this extension, the pop-up came up. I verified it by disabling and enabling it again. After i removed the extension, the problem is gone.
jedishrfu said:
EDIT: Okay I see a user comment on the link you provided flags it as spam.
I have put that comment.
 
  • Like
Likes   Reactions: sysprog and jedishrfu
  • #13
Ahh, I didn't catch that you were the poster of the comment. Good job to warn others.
 
  • Like
Likes   Reactions: sysprog and Wrichik Basu

Similar threads

Why is my old browser faster than newer versions?
  • · Replies 32 ·
2
Replies
32
Views
5K
Security problems with my home PC
  • · Replies 12 ·
Replies
12
Views
3K
How does Google Search Redirect Virus work? And how to get rid of it?
  • · Replies 23 ·
Replies
23
Views
51K
Anonimity: Time to take the internet back.
  • · Replies 3 ·
Replies
3
Views
4K
Spyare on PSP? I may have the first known case
  • · Replies 8 ·
Replies
8
Views
3K