After a scheduled scan Prevx detected opera.dll as malware. I dont use opera often but it has been on my system for some time. I reported it as a false positive and sent the scan log to Prevx as required, after checking the file online with Virus Total, the result 1/42 (Prevx detecting) I then right clicked the the file in the warning window and also marked it as a false positive. Rescanning my PC, resulted in system status protected screen. My question. The initial scan log showed the malware infection (ACTIVE) c:\program files (x86)\opera\opera.dll [PX5: B70F15CB70EEDD3AB5D0BA507A99B200B3A1463E] Malware Group: Medium Risk Malware Dropper The subsequent scan resulted in a clean system yet this was in place of the previous scan result [NF] (ACTIVE) c:\program files (x86)\opera\opera.dll [PX5: B70F15CB70EEDD3AB5D0BA507A99B200B3A1463E] Note the different PX5 Is this the same file? If I report a file as a FP is my system automatically marked as clean? I may be wrong, it could well be malware. After the first scan I get this message at the end of the scan log Previously Detected Files: c:\users\kay\appdata\local\temp\7zipsfx.000\opera.dll [PX5: B70F15CB70EEDD3AB5D0BA507A99B200B3A1463E] Malware Group: Medium Risk Malware Dropper [DP] c:\users\kay\appdata\local\temp\{ac6d9941-2102-48b4-bdc5-50c1244051d1}\{ac6d9941-2102-48b4-bdc5-50c1244051d1}.theme [PX5: ED50331F005DDEF7467004725C42C700BDD53E93] End of Prevx Scan Log - http://www.prevx.com Yet the second scan makes no mention of the previous infection Previously Detected Files: [DP] c:\users\kay\appdata\local\temp\{ac6d9941-2102-48b4-bdc5-50c1244051d1}\{ac6d9941-2102-48b4-bdc5-50c1244051d1}.theme [PX5: ED50331F005DDEF7467004725C42C700BDD53E93] End of Prevx Scan Log - http://www.prevx.com Is this correct? Shouldn't their be at least a mentioning of an infection or me marking it as a FP? I haven't heard back from Prevx support so I don't believe that they have processed this yet. Just confused...
I have just experienced the same thing, and again don't use Opera very often. I have not reported it as a false positive yet, because the software says that if I do, then this "prevents it from being detected in the future". That seems a little silly. It should give you the option to quaranteen until Prevx have investigated. I look forward to Prevx's reply too.
Would be nice if there would be an option in Prevx to disable AV signatures and just use heuristics. That would be great, this way you can wake up next day and see some 'High Risk Backdoor' out of the blue.
Happened to me this morning on two different computers, one W7 and one Vista, Prevx .220. Same Opera version 11.01 but several days old, both with valid digital signatures. Reported both as FPs with detection overrides.
Please follow the instructions in this thread https://www.wilderssecurity.com/showthread.php?t=245129 to report possible FP's and not in the forums! I will close this thread now if PrevxHelp wants to reopen he can! TIA, TH EDIT: I sent in a scan log to get the FP Fixed!
