Author Topic: I (my notebook) am infected by win32:Agent-JNH[Expl], why avast not block it?  (Read 2704 times)

0 Members and 1 Guest are viewing this topic.

Offline amscmu

  • Newbie
  • *
  • Posts: 12
How possibly it can infect my computer?
Moreover, avast said the file (infected) cannot be repaired.
How to disinfected the files?

here are the filed infected
IBMTOOL\APPS\updater\ibmupdate connector.msi
IBMTOOL\APPS\updater\ibmupdate connector.msi\Binary.newBinary3
windows\installer\22252.msi
windows\installer\22252.msi\Binary.newBinary3

It said "error42060 the file could not be repaired

Thank you

Ronachai :'(

Offline AssistantX

  • Jr. Member
  • **
  • Posts: 25
Info About the Avast Detection:

According to Avast's VPS History, this exploit was added to the virus database on July 22, 2007. This means it is fairly new to the database which is a reason for the current discovery/previous miss.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 85365
  • No support PMs thanks
You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner I feel virustotal is the better option as it uses the windows version of avast (more packers supported) and there are currently 30 different scanners.
Or Jotti - Multi engine on-line virus scanner if any other scanners here detect them it is less likely to be a false positive. Whichever scanner you use, you can't do this with the file in the chest, you will need to move it out.

If it is indeed a false positive:
1. add it to the exclusions lists (Standard Shield, Customize, Advanced, Add and Program Settings, Exclusions) and Restore it to its original location, periodically check it (scan it in the chest), there should still be a copy in the chest even though you restored it to the original location. When it is no longer detected then you can also remove it from the Standard Shield and Program Settings, exclusions.

2. Send the sample to virus@avast.com zipped and password protected with password in email body and false positive/undetected malware in the subject. Or you can also send it from the avast chest (select the file, right click, email to Alwil Software). No need to zip and PW protect when the sample is sent from chest.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.5.2470 (build 21.5.6354.675) UI 1.0.646/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline amscmu

  • Newbie
  • *
  • Posts: 12
Thanks
It is actually false positive as I checked the file with virustotal.com and none report positive except avast.
Ronachai  ;D

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 85365
  • No support PMs thanks
Submit the sample to avast as outlined in my earlier post.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.5.2470 (build 21.5.6354.675) UI 1.0.646/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline amscmu

  • Newbie
  • *
  • Posts: 12
I already submit to avast though I didn't set password (I don't know how to set password with zip file)  :P
Thanks
Ronachai

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 85365
  • No support PMs thanks
The chances are it could be intercepted by an email server's scanner on route so it may not get there, so you should submit it again. I would check out your zip programs help file about password protecting a zip file.

However, as I said in the original post there is an other way.
Quote
Or you can also send it from the avast chest (select the file, right click, email to Alwil Software). No need to zip and PW protect when the sample is sent from chest.

This way the avast program takes care of the sample protection.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.5.2470 (build 21.5.6354.675) UI 1.0.646/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security