Riscsi-831 and Saturday 14th-669

[dejay1982]

Hello Everyone

I recently switched over from Avira  to Avast home edition. While doing a thorough scan Avast found two viruses, Riscsi-831 and Saturday 14th-669. I put them in the virus chest then proceeded to look them up on the internet. From what I read people said to delete the Saturday virus so I did. I looked up the Riscsi-831 and the only one that I could read was three years ago in an Avast forum February 03, 2005, 08:08:18 PM. by aTOMik, it was supposedly a false positive but the topic was left undiscussed. I was wondering if this is still true. For real time protection I have Comodo firewall pro, Avast home edition, Spyware Terminator and Threat Fire. I use Bitdefender 10 free edition for on demand and occasionally run Ad-aware 2007 and Superantispyware.

[Lisandro]

Well, you seem to be well protected.
Maybe you could submit the Riscsi-831 file from Chest to Alwil for analysis.
Right click the file and send to them. Maybe you could post a link to this thread in the message body.
Welcome to avast family

[dejay1982]

Thanks for the welcome tech I always never had any problems with Avast it is a very good product. When I try to send the virus to Avast it says error in sending it says the file is to big. What should I do next, thanks for the help and the rapid response it is much appreciated.

[DavidR]

Check the Program Settings (right click the avast 'a' icon), Chest, 'Maximum size of file to be sent,' change that value so the file can be sent.

I have mine set to 2048, I wouldn't want to send much over 2MB on dial-up.

How big is the file ?

[dejay1982]

Avast says the file is 44968328. I don't know how big that is, is it to big to send. I will wait for your response thank you.

[dejay1982]

I am sorry the virus is actually Ricsi-831. Sorry for the goof up.

[Lisandro]

If you're not suspecting the file is a false positive, it won't help sending it to Alwil.
From Chest, you can extract the file to another folder (an USB drive for instance) and submit it to www.virustotal.com to check if it is really an infected file.

[DavidR]

Avast says the file is 44968328. I don't know how big that is, is it to big to send. I will wait for your response thank you.

That would work out at 43.9MB as the figure given is 44968328 bits divide by 1024 for KB 43,914KB. So it is quite large, over the 10MB limit for virustotal or Jotti.

Does the size appear correct, if you recall how it got on your system as it is unlikely to have been a drive by download ?

What is the infected file name, where was it found e.g. (C:\windows\system32\infected-file-name.xxx) ? 
Check the avast! Log Viewer (right click the avast 'a' icon), Warning section, this contains information on all avast detections.

The Location and file name might jog your memory as to what it was and if the size is about right.

[dejay1982]

The file is C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Report113624e1\WER458.tmp.hdmp. Last night I restored it scanned it with Bitdefender and Spyware Terminator and they came back with nothing. Today I went and scanned the file again and Avast indicates there is a virus and it didn't let me quarantine it unless I started Avast as administrator. I am not sure where the file came from I am pretty cautious on what I download. Thanks for the help.

[DavidR]

I have to admit I get suspicious with double file type/file extentions a google search for .tmp.hdmp returns many hits, I don't know if that will cast some light on to it, http://www.google.com/search?q=.tmp.hdmp.

[dejay1982]

Would it be safe to delete this file. Another thing to is Comodo firewall tried to update and it wouldn't I also started getting errors from Comodo. I downloaded the recent one from the site. I went to safe mode to uninstall Comodo with Glary utilites. Upon doing so I scanned for missing short cuts and the virus file came up in this scan. I followed the folder path it led back to the folder with the virus and it said it was modified at 1:45am. I had my computer off and was in bed at that time. I don't really know what to think now.

[DavidR]

Sorry but not knowing what the file is for I can't make that kind of judgement. If avast was able to send it to the chest before I don't know why it can't again. Perhaps going into the chest settings I mentioned and check the size limitations so it can be added. If it is malware it can do no harm there and if it happens to be essential then there would likely be a warning pop-up about a missing file, or it may be regenerated. That is probably the best course of action.

Sorry can't be any practical help with comodo, I don't use it.

[dejay1982]

I will leave it in the chest. If anything happens I will post again. I want to say thanks for all your help.

[DavidR]

No problem and a belated welcome to the forums.

[Lisandro]

I will leave it in the chest. If anything happens I will post again. I want to say thanks for all your help.

You're welcome. Feel free to come back any time you need help or just to change experiences