Avast WEBforum
Other => Viruses and worms => Topic started by: trobeech3 on October 22, 2011, 11:11:44 AM
-
Avast popped up saying a suspicious file has been detected & so I ran a scan and then looked at the RealTime Shield. When i clicked on Shield Log, it said the virus was found here:
C:\ Program Files (x86) \ TOSHIBA Games \ Chuzzle Deluxe \ Chuzzle Deluxe-WT.exe|>[Emul]
It said that the action was to delete it and then under result, it said "Error: The process cannot access the file because it is being used by another process (32)"
The threat said that it was Win32:BlogEnt [Susp]
What should i do to get rid of this?
-
C:\ Program Files (x86) \ TOSHIBA Games \ Chuzzle Deluxe \ Chuzzle Deluxe-WT.exe
upload suspicious file(s) to www.virustotal.com and test with 43 malware scanners
when you have the result, copy the url in the address bar and post it here for us to see
alternative
Jotti http://virusscan.jotti.org/en
VirSCAN http://virscan.org/
Metascan http://www.metascan-online.com/
-
http://www.virustotal.com/file-scan/report.html?id=db7aa8e3cd05cfd0524d990c7bf1c24cb3c27fe2cb0a74c604117b7b3d3701ab-1319283139
Is this the link you wanted?
-
The detections you found may not work in the same way on VT, hence no detections at all even from avast.
The [Emul] emulation and [Susp] suspicious, detection types are heuristic, behavioural based detections and I don't know if VT can do those tests or not, in any case toy should submit to avast for analysis as a possible false positive.
Send the sample to avast as a False Positive:
Open the chest and right click on the file and select 'Submit to virus lab...' complete the form and submit, the file will be uploaded during the next update. A link to this topic wouldn't hurt.
-
What will sending it to the virus lab do?
Just so you know, after I posted the link to virus total, I scanned with Avast again, but using the scan folder feature and scanned that exact folder. When the scan was done, it said a threat was detected and then it showed me the results and I was able to move it to the virus chest then. Did that help my problem? Because I ran the scan again on the folder and then it said no threat was found.
After I moved it to the virus chest, I was away from my computer for a while and when I came back, it had restarted. Then a window popped up saying Windows recovered from an unexpected shutdown. Did this have anything to do with the supposed virus?
Also, just so you know, I have experienced an internet explorer pop up every once and a while about some survey, and when i searched about the survey online, others said that that was adware. Did that have anything to do with this virus?
Sorry for all of the questions, I'm just a bit confused. ;)
And also, when I sent it to the virus lab, nothing happened. I right clicked on the file in the virus chest, clicked submit to virus lab, and nothing happened. No windows popped up or anything. Should anything happen?
-
Have it analysed and if found to be a false positive, the signature can be updated so it isn't detected. This then helps all avast users that might have this installed.
I don't believe this is directly connected to this detection.
Without more detailed info on the Explorer pop-up we can't really say (screenshot of the pop-up window). If you aren't using a pop-up/ad blocker in IE you should consider it.
-
okay, but when i click submit to virus lab, nothing happens. how do i have it analyzed?
and i havent had it happen to me for a while, but if it does, ill take a screenshot. thanks!
-
Does it not even open a window for you to complete any details ?
-
No, it doesn't.
-
Have (or did) you another Anti-Virus installed in this system, if so what was it and how did you get rid of it ?
What other security based software do you have installed (firewall, anti-spyware, etc.) ?
-
The only other thing I have is Malware Bytes. The whole time I've had this computer, I've had avast.
My windows firewall is on, if that's what you mean.
-
Well MBAM (even the Pro version) shouldn't get in the way as I don't have any issue with it.
The windows firewall (shouldn't be an issue, the XP one has Zero outbound checking and the Vista, win7 firewalls have outbound protection, but it is disabled by default.
You didn't answer the question about other AVs on this system ???
Try a repair of avast:
XP - Add Remove programs, select 'avast! Anti-Virus,' click the Change/Remove button and scroll down to Repair, click next and follow.
Vista, win7 - Control Panel, Programs & Features, uninstall a program, select 'avast! Anti-Virus,' click the Change/Remove button and scroll down to Repair, click next and follow.
You may need to reboot after the repair.
-
i dont have any other antivirus programs on my system, just avast & ive never had any others.
i'll try the repair, thanks.
-
i repaired avast and rebooted, but still, nothing will happen when i click send to virus lab.
-
i repaired avast and rebooted, but still, nothing will happen when i click send to virus lab.
It should be sent while the next VPS update.
-
what is a vps update?
-
what is a vps update?
A virus signature update.
-
i repaired avast and rebooted, but still, nothing will happen when i click send to virus lab.
OK, lets make sure that you are proceeding correctly first:
You open the chest, the file needs to be in the chest (you mentioned you couldn't delete it before) so did you actually send it to the chest instead of deleting it ?
If sent to the chest, you need to be right clicking on the file in the chest and select 'Submit to virus lab...' is that what you did ?
-
i repaired avast and rebooted, but still, nothing will happen when i click send to virus lab.
It should be sent while the next VPS update.
Before that happens the form has to be completed and that is the problem, clicking submit to virus labs doesn't generate the form.
-
Before that happens the form has to be completed and that is the problem, clicking submit to virus labs doesn't generate the form.
I see.
-
i repaired avast and rebooted, but still, nothing will happen when i click send to virus lab.
OK, lets make sure that you are proceeding correctly first:
You open the chest, the file needs to be in the chest (you mentioned you couldn't delete it before) so did you actually send it to the chest instead of deleting it ?
If sent to the chest, you need to be right clicking on the file in the chest and select 'Submit to virus lab...' is that what you did ?
Yes, exactly. I did not delete it. I wasn't able to move it to the chest until I scanned the exact folder that the virus was in. Then i was able to move it into the chest for some reason. I found the file, right clicked, and clicked submit to virus lab, and nothing else happens.
-
OK lets try the old fashioned way to send to avast for analysis:
Send the sample to virus (at) avast (dot) com zipped and password protected with the password in email body, a link to this topic might help and false positive in the subject.
-
Through my email? How do i make it zipped & password protected?
-
upload the file to www.mediafire.com and post the download link here, then i will do it for you
OBS: you can upload direct to avast lab here ;)
http://www.avast.com/contact-form.php?loadStyles