Author Topic: What to do if a file is infected? (No questions in this topic please)  (Read 139997 times)

0 Members and 2 Guests are viewing this topic.

Online polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 29974
  • malware fighter
THIS STICKY IS GENERAL INFORMATION FOR NEW VISITORS

PLEASE DO YOUR POSTINGS IN ANOTHER THREAD THANKS


Your AV program has alerted you that a file may be infected.
What to do next.

This is a good advice to people who have been warned by their AV program that an infected file has been found?

Open up a text editor like notepad and type detailed answers to the next questions according to the 10 steps proposed.

1. How was it detected? What was scanning, you yourself or the back-ground scanner?
Did the message come from the avast Network Shield or Webshield or were you alerted via an avast Webreputation alert ? When did the message occur on a download, unzipping, opening a file, mail or mail-attachment, etc.?
A capture of the message screen as image can be helpful or what the message says and
where the suspicious file was detected.
2. What was the source of the file, where did the file come from?.: e.g. address, URL, source.
3. When was it downloaded or received?
4. What is the exact file name with extension.
5. What was the exact wording of the message that the AV program  came up with? This is important for later. Right click the asvast ball and left-click show last pop-up message!
6. Now go back and do nothing yet. Scan the particular file once again with your AV product.
A. The message is in the same wording: maybe positive alert
B.  If the message is not in the same wording or the scan does not find  up anything this could be a  false positive.
7. Check with an on line scanner or update to Virustotal for a second opinion. VT resides at http://www.virustotal.com/index.html
You can do an URL scan or file-scan. Also give the MD5 hash that is given further down the scan result page under additional information. This can help to identify the malware file.
Other scan results can be found for a suspicious URL or link at: http://vscan.urlvoid.com/file/
for filescans alternative scanners are: VirSCAN   http://virscan.org/
                                        Metascan   http://www.metascan-online.com/
or you can ask on the forums to have the URL or link in question scanned with
various scanners. A FP is more likely if the file is only flagged by avast and GData.
8. Go get informed ask a Virus Encyclopedia or Virus Central. Remember Google is your best friend, also put a question on a forum.
9. Make an informed decision on the basis of what you have found.
10. Inform others about what you have learned, if the file came from a reliable source, author, programmer etc. send a friendly e-mail with your findings. Also send a mail to virus AT avast dot com. If you send a suspicious file there for detection password zip this as an attachment and put the password in the mail. This will help us all and in case of a non-detect avast will add it to avast detection or in the case of a false positive remove that with a next virus update.

If you follow above steps and make notes we can help you better.
Updated message 23-11-2011

Stay malware free,

polonus (avast Überevangelist)
« Last Edit: December 11, 2011, 11:31:44 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Online polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 29974
  • malware fighter
Re: What to do if a file is infected? (No questions in this topic please)
« Reply #1 on: January 31, 2012, 12:54:57 AM »
For the browser users concerned,

In case a user feels that he has fallen victim to an image search distributing malware, the best polciy to follow is to quit the browser application, using Ctrl-Alt-Delete. Do not try to click your way out!

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Pondus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33770
Re: What to do if a file is infected? (No questions in this topic please)
« Reply #2 on: October 17, 2015, 06:59:05 PM »
What Do I Do If an Engine Detects My Safe File as a Threat?
https://www.opswat.com/blog/what-do-i-do-if-engine-detects-my-safe-file-threat


Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline Pondus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33770
Re: What to do if a file is infected? (No questions in this topic please)
« Reply #3 on: February 04, 2016, 07:08:17 PM »
Report a suspected false positive (select file or website)
https://www.avast.com/false-positive-file-form.php

Report a malicious file or website
https://www.avast.com/report-malicious-file.php



Reporting malware samples to the Avast Threat Lab   
https://support.avast.com/en-eu/article/258/

Submitting files from the Virus Chest to Avast Virus Lab
https://support.avast.com/en-eu/article/21/

Uploading files to the Avast FTP server
https://support.avast.com/en-eu/article/160/



software developers

Support: Avast file whitelisting
https://www.avast.com/faq.php?article=AVKB229#artTitle

Support: Avast Clean Guidelines
https://www.avast.com/faq.php?article=AVKB228#artTitle



« Last Edit: December 05, 2017, 11:01:41 PM by Pondus »
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.