Avast WEBforum

Other => Viruses and worms => Topic started by: polonus on June 19, 2005, 08:55:46 PM

Title: What to do if a file is infected? (No questions in this topic please)
Post by: polonus on June 19, 2005, 08:55:46 PM


Your AV program has alerted you that a file may be infected.
What to do next.

This is a good advice to people who have been warned by their AV program that an infected file has been found?

Open up a text editor like notepad and type detailed answers to the next questions according to the 10 steps proposed.

1. How was it detected? What was scanning, you yourself or the back-ground scanner?
Did the message come from the avast Network Shield or Webshield or were you alerted via an avast Webreputation alert ? When did the message occur on a download, unzipping, opening a file, mail or mail-attachment, etc.?
A capture of the message screen as image can be helpful or what the message says and
where the suspicious file was detected.
2. What was the source of the file, where did the file come from?.: e.g. address, URL, source.
3. When was it downloaded or received?
4. What is the exact file name with extension.
5. What was the exact wording of the message that the AV program  came up with? This is important for later. Right click the asvast ball and left-click show last pop-up message!
6. Now go back and do nothing yet. Scan the particular file once again with your AV product.
A. The message is in the same wording: maybe positive alert
B.  If the message is not in the same wording or the scan does not find  up anything this could be a  false positive.
7. Check with an on line scanner or update to Virustotal for a second opinion. VT resides at http://www.virustotal.com/index.html (http://www.virustotal.com/index.html/)
You can do an URL scan or file-scan. Also give the MD5 hash that is given further down the scan result page under additional information. This can help to identify the malware file.
Other scan results can be found for a suspicious URL or link at: http://vscan.urlvoid.com/file/
for filescans alternative scanners are: VirSCAN   http://virscan.org/
                                        Metascan   http://www.metascan-online.com/
or you can ask on the forums to have the URL or link in question scanned with
various scanners. A FP is more likely if the file is only flagged by avast and GData.
8. Go get informed ask a Virus Encyclopedia or Virus Central. Remember Google is your best friend, also put a question on a forum.
9. Make an informed decision on the basis of what you have found.
10. Inform others about what you have learned, if the file came from a reliable source, author, programmer etc. send a friendly e-mail with your findings. Also send a mail to virus AT avast dot com. If you send a suspicious file there for detection password zip this as an attachment and put the password in the mail. This will help us all and in case of a non-detect avast will add it to avast detection or in the case of a false positive remove that with a next virus update.

If you follow above steps and make notes we can help you better.
Updated message 23-11-2011

Stay malware free,

polonus (avast √úberevangelist)
Title: Re: What to do if a file is infected? (No questions in this topic please)
Post by: polonus on January 31, 2012, 12:54:57 AM
For the browser users concerned,

In case a user feels that he has fallen victim to an image search distributing malware, the best polciy to follow is to quit the browser application, using Ctrl-Alt-Delete. Do not try to click your way out!

Title: Re: What to do if a file is infected? (No questions in this topic please)
Post by: Pondus on February 04, 2016, 07:08:17 PM
Report a suspected false positive (select file or website)

Report a malicious sample (select file or website)

Reporting malware samples to the Avast Threat Lab   

Submitting files from the Virus Chest to Avast Virus Lab

Uploading files to the Avast FTP server

What Do I Do If an Engine Detects My Safe File as a Threat?

software developers

Support: Avast file whitelisting

Support: Avast Clean Guidelines