Author Topic: variant not detected (Read 3435 times)

kyuuketsuki_kurai · « **on:** February 23, 2011, 07:29:26 PM »

I just cleared a friend's computer of a Variant of System Tool.
Avast didn't detect it, but I was able to remove it with MBAM. Is there a way to send it to you without reinfecting the computer?

Milos · « **Reply #1 on:** February 23, 2011, 07:31:46 PM »

Hello,
yes, you send send it to virus@avast.com, pack the file using i.e. 7-zip with password "infected" (without quotes).

Thank you,
Milos

Pondus · « **Reply #2 on:** February 23, 2011, 07:34:05 PM »

Quote

Is there a way to send it to you without reinfecting the computer?

yes....can you post the scan log here first..

you need to restore the .exe to it`s original location, do not run it or you will be infected again....
then you browse to the location and zip it and send it like Milos said, when done you remove it with MBAM again.....

kyuuketsuki_kurai · « **Reply #3 on:** February 23, 2011, 07:49:49 PM »

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5854

Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.19019

23/02/2011 17:13:23
mbam-log-2011-02-23 (17-13-23).txt

Scan type: Quick scan
Objects scanned: 156195
Time elapsed: 5 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\gPlEgKd05603 (Trojan.FakeAlert) -> Value: gPlEgKd05603 -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\programdata\gplegkd05603\gplegkd05603.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Admin\downloads\setup_pokertime.exe (PUP.Casino.Gen) -> Not selected for removal.

kyuuketsuki_kurai · « **Reply #4 on:** March 01, 2011, 06:48:10 PM »

Just a little bump. Not trying to be a bother, just want to help.

DavidR · « **Reply #5 on:** March 01, 2011, 07:24:21 PM »

Did you send the sample as asked for by one of the avast virus labs team ?

Presumably this is the trojan.fakealert detected by MBAM ?
If not you should send that one too.

kyuuketsuki_kurai · « **Reply #6 on:** March 01, 2011, 07:36:25 PM »

Avast never picked it up. MBAM found it. I'll send it when I get access.

DavidR · « **Reply #7 on:** March 01, 2011, 08:03:31 PM »

Thanks.

Author Topic: variant not detected (Read 3435 times)

kyuuketsuki_kurai

variant not detected

Milos

Re: variant not detected

Pondus

Re: variant not detected

kyuuketsuki_kurai

Re: variant not detected

kyuuketsuki_kurai

Re: variant not detected

DavidR

Re: variant not detected

kyuuketsuki_kurai

Re: variant not detected

DavidR

Re: variant not detected