Submitting file to avast through web form

[REDACTED]

I've tried twice to submit a file to avast through the web form at;

ht tp s://ww w.av ast.com/en-us/contact-us.php?subject=VIRUS-FILE

And I get a nice reply in my stated email from the automated service:

"Your email was deleted, if you need to contact us please use web form ..."

Any ideas, or should I just take an asprin and go to bed?

Mikael Fors
Sweden

[Pondus]

Try this   https://support.avast.com

Or send in a password protected zip file to virus@avast.com
Password:  infected


Have you checked the file at www.virustotal.com / www.metascan-online.com

[Para-Noid]

Try here (select avast virus lab) https://support.avast.com/
Or in a password protected zip file to virus@avast.com
Use "virus" as your password. This will give the virus lab an opportunity
to determine if it is or is not infectious.

You may also submit files to be checked at...
https://www.metascan-online.com/
http://virusscan.jotti.org/nl
http://www.virscan.org/
https://www.virustotal.com/en/#url

edit: word change

[REDACTED]

I managed to send the files and the registry to avast. Eventually.

MSIL.Krypt (B) or something.

I have only the executable and a dll. I don't know how I got infected, nor where it came from, only thing I know is it wasn't supposed to be in my computer, especially not under %WINDIR%\SysWow64 :-D

[REDACTED]

metascan reported that 7 of 43 found a threat, virustotal 15 of 56 in "pylarcairnboozy.exe".

metascan 2 of 43, virustotal 4 of 56 in "toadsorgypeek.dll"....

They must have fun creating the names of stuff 

[Pondus]

If you want to share, you may post link to scan result ...... there is lots of extra info we cant see unless you post the link   

[Pondus]

    They must have fun creating the names of stuff   

https://forum.avast.com/index.php?topic=149952.0

[REDACTED]

The virus naming convention am I aware of. It's the filenames i wonder how they come up with...

[Para-Noid]

Could you please post the link(s) to your scan results? 

[REDACTED]

These are the scan results for the two files combined in a zip archive (before the Avast sig was updated) made about the date of the original post

https://www.virustotal.com/sv/file/21508f4d8e6b7f7bc00025450ff60241d0732a5297d3c15983797b56d41b8334/analysis/

This is for toadsorgypeek.dll today:

https://www.virustotal.com/sv/file/763d3d43a15103233ee0f3426a6cd1e7b27a67c9f601badc16517f94fcc39012/analysis/

This is pylarcairnboozy.exe (internal fake name: stub.exe) rechecked today:

https://www.virustotal.com/sv/file/f4a4192593ffc0e08f08197b3a5eb55152dabc8024f507f93f26b0ebfb091c4a/analysis/1421232977/

The exe hides from task manager, but I had processexplorer running so it popped up there. Created a service called "IdaTriorFluor", with displayed name of service as "Chanc Thigh Swans", not visible from services.msc. Disabled through manual regedit of the start dword from 2 (Automatic) to 3 (Manual). (And renaming the .exe and .dll so it couldn't respawn itself after being killed....)

The service was visible through tasklist though (they probably never expect users to use those commands for some reason) and killable through taskkill.