Author Topic: What to do if a file is infected? (No questions in this topic please)  (Read 237507 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33885
  • malware fighter
THIS STICKY IS GENERAL INFORMATION FOR NEW VISITORS

PLEASE DO YOUR POSTINGS IN ANOTHER THREAD THANKS


Your AV program has alerted you that a file may be infected.
What to do next.

This is a good advice to people who have been warned by their AV program that an infected file has been found?

Open up a text editor like notepad and type detailed answers to the next questions according to the 10 steps proposed.

1. How was it detected? What was scanning, you yourself or the back-ground scanner?
Did the message come from the avast Network Shield or Webshield or were you alerted via an avast Webreputation alert ? When did the message occur on a download, unzipping, opening a file, mail or mail-attachment, etc.?
A capture of the message screen as image can be helpful or what the message says and
where the suspicious file was detected.
2. What was the source of the file, where did the file come from?.: e.g. address, URL, source.
3. When was it downloaded or received?
4. What is the exact file name with extension.
5. What was the exact wording of the message that the AV program  came up with? This is important for later. Right click the asvast ball and left-click show last pop-up message!
6. Now go back and do nothing yet. Scan the particular file once again with your AV product.
A. The message is in the same wording: maybe positive alert
B.  If the message is not in the same wording or the scan does not find  up anything this could be a  false positive.
7. Check with an on line scanner or update to Virustotal for a second opinion. VT resides at http://www.virustotal.com/index.html
You can do an URL scan or file-scan. Also give the MD5 hash that is given further down the scan result page under additional information. This can help to identify the malware file.
Other scan results can be found for a suspicious URL or link at: http://vscan.urlvoid.com/file/
for filescans alternative scanners are: VirSCAN   http://virscan.org/
                                        Metascan   http://www.metascan-online.com/
or you can ask on the forums to have the URL or link in question scanned with
various scanners. A FP is more likely if the file is only flagged by avast and GData.
8. Go get informed ask a Virus Encyclopedia or Virus Central. Remember Google is your best friend, also put a question on a forum.
9. Make an informed decision on the basis of what you have found.
10. Inform others about what you have learned, if the file came from a reliable source, author, programmer etc. send a friendly e-mail with your findings. Also send a mail to virus AT avast dot com. If you send a suspicious file there for detection password zip this as an attachment and put the password in the mail. This will help us all and in case of a non-detect avast will add it to avast detection or in the case of a false positive remove that with a next virus update.

If you follow above steps and make notes we can help you better.
Updated message 23-11-2011

Stay malware free,

polonus (avast Überevangelist)
« Last Edit: December 11, 2011, 11:31:44 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33885
  • malware fighter
Re: What to do if a file is infected? (No questions in this topic please)
« Reply #1 on: January 31, 2012, 12:54:57 AM »
For the browser users concerned,

In case a user feels that he has fallen victim to an image search distributing malware, the best polciy to follow is to quit the browser application, using Ctrl-Alt-Delete. Do not try to click your way out!

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37491
  • Not a avast user
Re: What to do if a file is infected? (No questions in this topic please)
« Reply #2 on: February 04, 2016, 07:08:17 PM »
Report a suspected false positive (select file or website)
https://www.avast.com/false-positive-file-form.php

Report a malicious sample (select file or website)
https://www.avast.com/report-malicious-file.php




Reporting malware samples to the Avast Threat Lab   
https://support.avast.com/en-eu/article/258/

Submitting files from the Virus Chest to Avast Virus Lab
https://support.avast.com/en-eu/article/21/

Uploading files to the Avast FTP server
https://support.avast.com/en-eu/article/160/


What Do I Do If an Engine Detects My Safe File as a Threat?
https://www.opswat.com/blog/what-do-i-do-if-engine-detects-my-safe-file-threat


software developers

Support: Avast file whitelisting
https://www.avast.com/faq.php?article=AVKB229#artTitle

Support: Avast Clean Guidelines
https://www.avast.com/faq.php?article=AVKB228#artTitle








« Last Edit: November 02, 2020, 11:55:36 AM by Pondus »