Author Topic: trouble sending a suspect file to the avast team.  (Read 3939 times)

0 Members and 1 Guest are viewing this topic.

emy80

  • Guest
trouble sending a suspect file to the avast team.
« on: March 25, 2006, 12:53:46 PM »
Hello! I have a suspect file in my pc but avast can't detect anything. I'd like to send it to the avast team but I can't find the e-mail. And I can't  zipp it with a password using winrar. ;_; Even if I create a new rar archive and put it inside setting a password then the password is not working and I'm able to extract it without the password promting. Can you help me please?

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88759
  • No support PMs thanks
Re: trouble sending a suspect file to the avast team.
« Reply #1 on: March 25, 2006, 03:38:13 PM »
Why do you think it is suspect ?
What avast! version and VPS file (virus database) number, e.g. 0436-4 (see about avast!) ?
Did avast detect it as a virus, etc.
Where was it found example (C:\windows\system32\infected-file-name.xxx)?

Have you added it to the chest ?
if so that is a protected area and nothing other than avast can work inside it. You can sent it directly from the chest to avast. Right click on the file and select 'email to Alwil Software. '
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.1.6099 (build 24.1.8821.762) UI 1.0.796/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

emy80

  • Guest
Re: trouble sending a suspect file to the avast team.
« Reply #2 on: March 25, 2006, 03:59:13 PM »
Why do you think it is suspect ?
What avast! version and VPS file (virus database) number, e.g. 0436-4 (see about avast!) ?
Did avast detect it as a virus, etc.
Where was it found example (C:\windows\system32\infected-file-name.xxx)?

Have you added it to the chest ?
if so that is a protected area and nothing other than avast can work inside it. You can sent it directly from the chest to avast. Right click on the file and select 'email to Alwil Software. '

I already posted in this forum asking for some help sometime ago.
This is the post:
http://forum.avast.com/index.php?topic=19842.msg166671#msg166671
After some time doing on-line scans and safe mode scans without getting anything I thought about checking my firewall (Zone Alarm Free) logs and see if there was something suspicious there. Well.......here is my story:
I have an account on livejournal.com Some time ago I downloaded a little application to count how many comments I made and got on my blog. This little software asked for my username and password and I gave it thinking it was safe. I even let it pass the firewall giving the allow instruction for it. ;_; After that I let  it sit for ten days on my pC without noticing anything stange.
Then I discovered that that strange user-agent appeared 5 seconds after Zone Alarm registered that software passing the firewall and connecting on the net. The only thing is that that very same day I installed the NET Framework of windows. I asked on another forum if a spyware can stay idle in a software until something like those libraries are installed on the pc. And it seem it's possible. I formatted my pc and now I'm using another one. But since this one will be formatted soon I decided to download again this software, zip it and send it to the avast team. I was sure I had a virus on the other machine. All the applications started opening by themselves, all the windows were being moved around on my desktop (for example the Avast windows first eppeared on the center of the creen and after closing it and opening it again it was moved all to the left) and the icons on my task bar started disappearing and showing up again after a serie of reboots. I was very frustrated since no antivirus software nor Spybot, MS Antispyware and Ewido detected anything. That's why i wanted to send it. If there is a malicious thing in that software that can be unleashed only after installing the NET framework I'd like to know it. Thanks!

[edit] I have the latest version of Avast and the latest version of the virus definition. I've installed that software without the NET Framework and done a safe boot scan. Nothing so far. Tomorrow i'll try installing the NET Framework and I'll see what will happen.

[edit2] this thing is a spyware!!!! Or at least it can be detected as a user-agent. I created a new account on livejournal and use that thing twice. Guess what? That user-agent showed up again. But this time I'm sure I used it. The thing that irks me is that back then it started itself without me knowing. Since I'd like to explain to the Avast team what happened I'd like to send an e-mail with the zip file and an explanation. Thanks!!!
« Last Edit: March 25, 2006, 04:09:05 PM by emy80 »

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88759
  • No support PMs thanks
Re: trouble sending a suspect file to the avast team.
« Reply #3 on: March 25, 2006, 05:13:42 PM »
It would probably been better to have added this post to your orignal thread as it is related and it would also have had the effect of bumping it so those who contributed previously would see it hasn't been resolved.

Open the avast chest and the User Files section, File, Add and navigate to the file you want to add. once inside the chest, right click the file and select 'email to Alwil Software. ' The default mode to send email is IMAP leave it like that don't change to SMTP. In the additional comments you can mention you think it is an undetected virus, etc.

Also useful as a diagnostic tool - Download HiJackThis.zip - HJT Information HiJackThis Tutorial 1 or HiJackThis Tutorial 2
For an on-line analysis - HiJackThis Log file - On-line Analysis OR HiJackThis Log file - On-line Analysis 2
Ignore any 023 reference to avast processes, this is a hiccup in the HJT 1.99.1 (especially missing file entry for avast), if you need any help with any of the analysis let us know.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.1.6099 (build 24.1.8821.762) UI 1.0.796/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

CharleyO

  • Guest
Re: trouble sending a suspect file to the avast team.
« Reply #4 on: March 25, 2006, 05:17:33 PM »
***

And, in all of the above, the name of this "user-agent" is never given.
Quote
Some time ago I downloaded a little application to count how many comments I made and got on my blog. This little software asked for my username and password and I gave it thinking it was safe.
What is the name of this "little application?"    ???


***

emy80

  • Guest
Re: trouble sending a suspect file to the avast team.
« Reply #5 on: March 25, 2006, 05:19:24 PM »
I'm really sorry! I'll do as you told me. And I discovered another file that was infected (at least doing a jotti scan) and that Avast didn't detected. It says it was infected with the malware Heur.W32.Generic and it showed up only in the arcavir scanner. I'm going to submit that too. Thanks again for your big help! :)

emy80

  • Guest
Re: trouble sending a suspect file to the avast team.
« Reply #6 on: March 25, 2006, 05:21:09 PM »
***

And, in all of the above, the name of this "user-agent" is never given.
Quote
Some time ago I downloaded a little application to count how many comments I made and got on my blog. This little software asked for my username and password and I gave it thinking it was safe.
What is the name of this "little application?"    ???


***


sorry! It's called lj comment stats wizard. the user-agent string is Mozilla/3.0 (compatible; Indy Library)
I'll just submit it to be sure. Thanks a lot!