Avast WEBforum

Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: Avastfan1 on April 16, 2010, 01:27:48 PM

Title: Danger when extracting virus from the chest
Post by: Avastfan1 on April 16, 2010, 01:27:48 PM
Dear Forum,

If I extract an .exe file infected with a virus from the chest, exclude the directory and zip the file up, does this pose any threat to my computer?

Is there any risk the virus could infect my computer?

I want to zip it up and send it to some anti-virus companies and experts so other people won't be infected with it.

Thanks!

Avastfan1
Title: Re: Danger when extracting virus from the chest
Post by: DavidR on April 16, 2010, 01:38:46 PM
Provided you don't restore or extract it to its original location, it poses minimal risk.

If you don't execute it (even then presumably avast would alert again), then it is inert as there is no associated registry entry to run that file in that new location.

You still have to exercise care.
Title: Re: Danger when extracting virus from the chest
Post by: Avastfan1 on April 16, 2010, 01:41:05 PM
Thanks for your reply.

How can I change the name of the file to prevent it from being run?

I tried with right click and rename to XXXXXX.333 but it just kept the filename as XXXXXXXXX.333.exe?

Would that reduce the risk even more?

Would renaming the file pose a risk of infecting my system? Does it execute the file in any way?

Thanks for your help!! :-)
Title: Re: Danger when extracting virus from the chest
Post by: Asyn on April 16, 2010, 01:42:24 PM
You can also send the file to avast direct from the chest.
There should be an option when right clicking on it...
asyn
Title: Re: Danger when extracting virus from the chest
Post by: bong2x on April 16, 2010, 01:53:29 PM
 put it inside the rar it will be safe to accidentally execution, but there is always risk dealing with virus

Regards!!
Title: Re: Danger when extracting virus from the chest
Post by: DavidR on April 16, 2010, 02:50:37 PM
How can I change the name of the file to prevent it from being run?
There really is no need to change the file name if you do as I suggested.

I tried with right click and rename to XXXXXX.333 but it just kept the filename as XXXXXXXXX.333.exe?

Well for me if I change an file name to xxxxx.333 XP asks if I'm sure, see image. So I don't know what you are doing.

Would that reduce the risk even more?

No, the risk has nothing to do with the file name. Changing the file type to 333 will only confuse the hell out of who you send it too, so you would have to say what the true file type is.

Would renaming the file pose a risk of infecting my system? Does it execute the file in any way?

No and No

Honestly given the questions you ask, I would say you should leave well alone.
Samples inside zip files can be seen by many email clients even if you password protect the zip file and many email clients block .exe files inside zip or rar files, just because they are .exe files.
Title: Re: Danger when extracting virus from the chest
Post by: Avastfan1 on April 16, 2010, 03:18:10 PM
Hi DavidR,

I think you are correct. I shall now leave it well alone. I did extract it to C:\Suspect, and tried to rename it. However, Avast immediately detected 'wyskq6lt.exe' as 'Win32:Malware-gen'. So I moved it to the chest again and ensured 'send to Avast' was also ticked.

DavidR, I have PMed you. if you could kindly respond, it would be much appreciated.

Thanks,

Avastfan1
Title: Re: Danger when extracting virus from the chest
Post by: DavidR on April 16, 2010, 05:12:03 PM
You first have to exclude the suspect folder in the File System Shield, Expert Settings, Exclusions, or when you move it out of the chest avast will alert when it is created in the suspect folder.

By far the easiest method if sending it to avast is to use the Chest, Submit to virus lab (that way no need to extract or email to avast). The only point in doing that would be if you considered it a false positive, if only avast detected it at VirusTotal, which given its name (and the multitude of google hits that consider it suspect) I doubt it is an FP.
Title: Re: Danger when extracting virus from the chest
Post by: Avastfan1 on April 16, 2010, 05:20:10 PM
Hi DavidR,

Thanks again for your support. I agree that it is not a FP.

Could you download Prevx 3.0 and run it without disturbing Avast or MBAM? I would be keen to see if I can run Prevx3.0 as a 'command-line' style scanner. Purely to scan my computer.

THANKS!!
Title: Re: Danger when extracting virus from the chest
Post by: DavidR on April 16, 2010, 05:27:44 PM
I don't use Prevx, so I can't really say.

If it is only on-demand then it shouldn't be a problem.
Title: Re: Danger when extracting virus from the chest
Post by: Avastfan1 on April 16, 2010, 05:32:51 PM
Thanks DavidR.

Does any other Avast Forum member have any experience with PrevX 3.0?