« previous next »
Pages: [1]   Go Down

Author Topic: [Win32:Neptunia-AFA [Trj]  (Read 5614 times)

0 Members and 1 Guest are viewing this topic.

rwilson427

  • Guest
[Win32:Neptunia-AFA [Trj]
« on: September 20, 2008, 05:29:35 PM »
 ??? Hi! I downloaded a file and the Avast Pro "on Demand" detector reported the presence of Win32:Neptunia-AFA [trj]. I immediately deleted the file. It was strange, because two of my co-horts, one with NOD32, and the other with Kaspersky, detected nothing, when scanning the same file. The trojan is listed in the Avast virus chest, but there's no information attached. Can I treat the trojan as a false positive?
Logged

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89025
  • No support PMs thanks
Re: [Win32:Neptunia-AFA [Trj]
« Reply #1 on: September 20, 2008, 06:57:15 PM »
What is the infected file name, where was it found e.g. (C:\windows\system32\infected-file-name.xxx) ? 
Check the avast! Log Viewer (right click the avast 'a' icon), Warning section, this contains information on all avast detections.

Deletion isn't really a good first option (you have none left), 'first do no harm' don't delete, send virus to the chest and investigate.

You can't treat anything as an FP without greater analysis.
You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here. You can't do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.

Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect. Now exclude that folder in the Standard Shield, Customize, Advanced, Add, type (or copy and paste) C:\Suspect\* That will stop the standard shield scanning any file you put in that folder. You should now be able to export any file in the chest to this folder and upload it to VirusTotal without avast alerting.

If it is indeed a false positive, see http://forum.avast.com/index.php?topic=34950.msg293451#msg293451, how to report it to avast! and what to do to exclude them until the problem is corrected.

Logged
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.3.6108 (build 24.3.8975.762) UI 1.0.801/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

avast08

  • Guest
Re: [Win32:Neptunia-AFA [Trj]
« Reply #2 on: September 21, 2008, 05:05:57 PM »
[Win32:Neptunia-AFA [trj]
infect files .exe
Logged

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33895
  • malware fighter
Re: [Win32:Neptunia-AFA [Trj]
« Reply #3 on: September 21, 2008, 05:52:54 PM »
Hi rwilson427, try Malware Bytes to clean it

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1 http://malwarebytes.gt500.org/mbam-setup.exe
alternate download link 2 http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html

    * Make sure you are connected to the Internet.
    * Double-click on Download_mbam-setup.exe to install the application.
    * When the installation begins, follow the prompts and do not make any changes to default settings.
    * When installation has finished, make sure you leave both of these checked:
          o Update Malwarebytes' Anti-Malware
          o Launch Malwarebytes' Anti-Malware
    * Then click Finish.
    * MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
    * If you encounter any problems while downloading the updates, manually download them from here http://www.malwarebytes.org/mbam/database/mbam-rules.exe and just double-click on mbam-rules.exe to install.
    * On the Scanner tab:
          o Make sure the "Perform Quick Acan" option is selected.
          o Then click on the Scan button.
    * The next screen will ask you to select the drives to scan. Leave all the drives selected and click on the Start Scan button.
    * The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
    * When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
    * Click OK to close the message box and continue with the removal process.
    * Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
    * Make sure that everything is checked, and click Remove Selected.
    * When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
    * The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
    * Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!
Pages: [1]   Go Up
« previous next »