I have a virus that Avast couldn't detect - Help

[REDACTED]

Hello,

A guy sent me a virus, however Avast couldn't detect that virus, but it was detected with 11 other anti viruses.

What I did is I opened the virus with right click and notepad++, I am really not sure if it is still possible that I could be infected.

Please help

[Asyn]

Test the file at VT (https://www.virustotal.com) and post the link to the result here.

[REDACTED]

Hello,

Thanks for the prompt reply.

I tested already that's how I knew it was detected by 11 anti virus, link is here:

https://www.virustotal.com/#/file/d13d92c64332bfa52843fe30bf6e45f6e0a4f55fcf15d3256a9f81f87aa2ba9b/detection

Thanks

[Asyn]

You can report a suspicious/malicious sample (File/Website) here: https://www.avast.com/report-malicious-file.php

[REDACTED]

Ok Thanks, however I am scared to open any of my emails now, so I am afraid that the hacker can detect my passwords, so what to do?

Do I still have to report it and wait until they find a solution and make an update? Please help Asap, I need to work and I can not open any of my emails now.

Thanks

[Asyn]

Attach your basic diagnostic logs. (MBAM and FRST)
Instructions: https://forum.avast.com/index.php?topic=194892

[REDACTED]

Thanks your help is appreciated.

[Michael (alan1998)]

Hi,

The scanned file is a RAR file. It is packed. Unless you've unpacked the file and run the VBS file, you're safe.

Can you upload that RAR file to www.mediafire.com (or another file sharing website) so I can take a look at the source code? Alternatively, I'll PM you my email address, just forward the email to it.

VBS files are usually 1 of 2 things. A prank file (contantly opening and closing your CD-ROM for example or something like a Forkbomb (recursively opening blank CMD's until you run out of RAM). Or it spreads a USB infection that doesn't (usually) do much harm.

[REDACTED]

Hi,

Yes I know it is packed, I unpacked it and I opened the VBS file with notepad++

But I knew it was a a virus after I opened the file, I sent you a private message, please check it.

Thanks for your help

[Pondus]

For suspicious mail check you can use this. See info here  >>  https://forum.avast.com/index.php?topic=198166.0



TrendMicro detection name of your file:  HEUR_RLOTRICK.B
File is using right to left (RTLO) extension spoofing

[REDACTED]

Please find logs attached.

Thanks

[REDACTED]

Log2 attached

[REDACTED]

Log3 attached

[Asyn]

OK, now you've to wait for one of the malware experts...

[Michael (alan1998)]

"C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"

Can you scan that file @ www.virustotal.com and post the results here?