Avast WEBforum

Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: BJ_GeOrgE on December 15, 2010, 02:33:27 PM

Title: [Resolved]i think i found a trojan
Post by: BJ_GeOrgE on December 15, 2010, 02:33:27 PM
i scanned my pc with mylwarebytes and i it found 4 trojans that avast didnt find(it was from a attached file a friend sent me,obvisouly he needs some av too )..how can i send the files to avast to examine them and then add them to the next update definition(if they are indeed trojans)?
Title: Re: i think i found a trojan
Post by: BJ_GeOrgE on December 15, 2010, 02:36:17 PM
ok i think i found a solutionn..i put the file in avast's virus chest and then submitted it with all the info i have..if this is the way to submit files for examination let me know so i can type "SOLVED" in the title
Title: Re: i think i found a trojan
Post by: DavidR on December 15, 2010, 02:56:24 PM
What would have helped is to post the MBAM log contents, as no one can comment without information.

There is also virustotal for confirmation:
Check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner (http://www.virustotal.com/) and report the findings here the URL in the Address bar of the VT results page.
Title: Re: i think i found a trojan
Post by: Pondus on December 15, 2010, 02:58:23 PM
yes you can do that

video tutorial
http://public.avast.com/supp/submit/submit.htm

and as David say, also check the files at www.virustotal.com
Title: Re: i think i found a trojan
Post by: BJ_GeOrgE on December 15, 2010, 03:31:38 PM
What would have helped is to post the MBAM log contents, as no one can comment without information.

There is also virustotal for confirmation:
Check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner (http://www.virustotal.com/) and report the findings here the URL in the Address bar of the VT results page.

david i know that its a malware for sure because its name was "surprise.exe" and when you click it it installs something named "security" or something like that and then it "scans" your pc and finds all kinds of malwares..and then it suggests you to buy the full version to clean them up..i knew from the beginning that it wasnt a safe file but i was curious what would happen if i execute it and what avast would do..
this topic was created to help me upload it to avast and add it to the next update definition.

thanks for your time and assistance guys,
george mavrogiannis
Title: Re: i think i found a trojan
Post by: DavidR on December 15, 2010, 03:40:49 PM
You're welcome, no way would I click surprise.exe, from your explanation it sounds like a rogue/fake security alert process. These are so fast changing it is hard to keep up with them.

Though MBAM, which used to be called rogue remover years ago, does still seem to be the most effective/specialist at detecting these rogue programs.
Title: Re: i think i found a trojan
Post by: YoKenny on December 15, 2010, 03:44:56 PM
Though MBAM, which used to be called rogue remover years ago, does still seem to be the most effective/specialist at detecting these rogue programs.

MBAM's one time licence fee is a good value for its resident protection from rogues.
Title: Re: i think i found a trojan
Post by: CraigB on December 15, 2010, 03:54:46 PM
Though MBAM, which used to be called rogue remover years ago, does still seem to be the most effective/specialist at detecting these rogue programs.

MBAM's one time licence fee is a good value for its resident protection from rogues.
Agreed +10
Title: Re: i think i found a trojan
Post by: BJ_GeOrgE on December 15, 2010, 04:28:44 PM
What would have helped is to post the MBAM log contents, as no one can comment without information.

There is also virustotal for confirmation:
Check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner (http://www.virustotal.com/) and report the findings here the URL in the Address bar of the VT results page.


these are the results from the virus total..i wanted to see how many could find it so i did it  ;D

Antivirus    Version    Last Update    Result
AhnLab-V3   2010.12.15.02   2010.12.15   -
AntiVir           7.11.0.42   2010.12.15   TR/Crypt.ZPACK.Gen2
Antiy-AVL   2.0.3.7           2010.12.15   -
Avast           4.8.1351.0   2010.12.15   -
Avast5           5.0.677.0   2010.12.15   -
AVG           9.0.0.851   2010.12.15   -
BitDefender   7.2           2010.12.15   Gen:Variant.FakeAlert.47
CAT-QuickHeal   11.00           2010.12.15   -
ClamAV           0.96.4.0   2010.12.15   -
Command           5.2.11.5   2010.12.15   -
Comodo           7070           2010.12.15   -
DrWeb           5.0.2.03300   2010.12.15   Trojan.Fakealert.19447
Emsisoft   5.1.0.1           2010.12.15   -
eTrust-Vet   36.1.8042   2010.12.15   -
F-Prot           4.6.2.117   2010.12.14   -
F-Secure   9.0.16160.0   2010.12.15   -
Fortinet   4.2.254.0   2010.12.15   -
GData           21           2010.12.15   Gen:Variant.FakeAlert.47
Ikarus           T3.1.1.90.0   2010.12.15   -
Jiangmin   13.0.900   2010.12.15   -
K7AntiVirus   9.72.3246   2010.12.14   -
Kaspersky   7.0.0.125   2010.12.15   -
McAfee           5.400.0.1158   2010.12.15   -
McAfee-GW-Edition2010.1C   2010.12.15   -
Microsoft   1.6402           2010.12.15   Rogue:Win32/Winwebsec
NOD32           5705           2010.12.15   a variant of Win32/Kryptik.IXI
Norman           6.06.12           2010.12.15   -
nProtect   2010-12-15.02   2010.12.15   -
Panda           10.0.2.7   2010.12.15   -
PCTools           7.0.3.5           2010.12.15   -
Prevx           3.0           2010.12.15   High Risk Cloaked Malware
Rising           22.78.01.04   2010.12.15   -
Sophos           4.60.0           2010.12.15   -
SUPERAntiSpyware4.40.0.1006   2010.12.15   -
Symantec   20101.3.0.103   2010.12.15   -
TheHacker   6.7.0.1.101   2010.12.15   -
TrendMicro   9.120.0.1004   2010.12.15   -
TrendMicro-HouseCall9.120.0.100 2010.12.15   -
VBA32           3.12.14.2   2010.12.14   -
ViRobot           2010.12.15.4202   2010.12.15   -
VirusBuster   13.6.95.0   2010.12.15   -
Title: Re: [Resolved]i think i found a trojan
Post by: DavidR on December 15, 2010, 04:53:25 PM
Yes those FakeAlert hits are an indication of the rogue/fake security application I mentioned earlier on. Most of those detections are also generic as it is very hard to pin them down by signature alone when there are constant new variants.

They are usually accompanied by something to hide them which may be why one of those hits talks of cloaked malware.
Title: Re: [Resolved]i think i found a trojan
Post by: BJ_GeOrgE on December 15, 2010, 05:54:35 PM
Yes those FakeAlert hits are an indication of the rogue/fake security application I mentioned earlier on. Most of those detections are also generic as it is very hard to pin them down by signature alone when there are constant new variants.

They are usually accompanied by something to hide them which may be why one of those hits talks of cloaked malware.

 ;)