Author Topic: How to deal (..) [CHECK DAVID LAST QUESTION]  (Read 26226 times)

0 Members and 1 Guest are viewing this topic.

Pierolle

  • Guest
Re: How to deal with a virus? [CHECK DAVID]
« Reply #15 on: October 07, 2008, 10:46:57 PM »
Oh darn.. Now make it all over again! >.>

Anyway, big thanks for the help. So, I'll upload the URL tomorrow I believe, after that, please tell me
I'm ready to delete the file? I'm so tired of it! :p

[And I have the extracted file in the Virus chest now, but I'll just do the same thing over again,
right?]
« Last Edit: October 07, 2008, 10:48:53 PM by Pierolle »

Pierolle

  • Guest
Re: How to deal with a virus? [CHECK DAVID]
« Reply #16 on: October 10, 2008, 08:35:31 PM »
..David....? :'(   

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67241
Re: How to deal with a virus? [CHECK DAVID]
« Reply #17 on: October 10, 2008, 09:20:17 PM »
I'm ready to delete the file? I'm so tired of it! :p
There is no rush to delete files that are into Chest... but if it passes some days and it's still being detected as infected, and your computer is working, well, you can delete the file into Chest.
The best things in life are free.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 86518
  • No support PMs thanks
Re: How to deal with a virus? [CHECK DAVID]
« Reply #18 on: October 10, 2008, 09:36:25 PM »
<snip>
Anyway, big thanks for the help. So, I'll upload the URL tomorrow I believe, after that, please tell me
I'm ready to delete the file? I'm so tired of it! :p

[And I have the extracted file in the Virus chest now, but I'll just do the same thing over again,
right?]

You're welcome, just repeat the exercise extract the file to the suspect folder and upload to VT again. This is why I suggested leaving it there until the process is complete and we aren't there yet.

The more info we have on the VT detections the easier it is to say for sure or with any degree of confidence if it is an FP and if so them we send the file to avast for further analysis to correct the virus signatures.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 22.2.6003 (build 22.2.7013.717) UI 1.0.697/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Pierolle

  • Guest
Re: How to deal with a virus? [CHECK DAVID]
« Reply #19 on: October 18, 2008, 02:43:20 AM »
Sorry David that I haven't posted in a while. But I've been kinda busy in real life, working. Anyway,
here's the link. Finally! :)

http://www.virustotal.com/sv/analisis/b730eed1339c0e89377dbd815eb298c6

Now what? ^^

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67241
Re: How to deal with a virus? [CHECK DAVID]
« Reply #20 on: October 18, 2008, 02:48:04 AM »
G-Data detection is the same as avast (as it uses avast engine).
Seems a false positive... but it will be good if avast team take a look and correct the detection. Until there, it will be safe to keep it into Chest.
The best things in life are free.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 86518
  • No support PMs thanks
Re: How to deal with a virus? [CHECK DAVID]
« Reply #21 on: October 18, 2008, 02:01:04 PM »
Sorry David that I haven't posted in a while. But I've been kinda busy in real life, working. Anyway,
here's the link. Finally! :)
<snip>
Now what? ^^

Well I too would say there is a strong possibility of it being an FP. With 4 results (3 counting gdata and avast as 1) either generic or suspicious (heuristic) which are more prone to FP.

The only exception being (see below) and that to appears not to be a specific signature detection, so I would say submit the file to avast for further analysis.

Quote
ClamAV    -    -    PUA.Packed.Armadillo

Send the sample to virus@avast.com zipped and password protected with the password in email body, a link to this topic might help and possible false positive in the subject.

Or you can also add the file to the User Files (File, Add) section of the avast chest (if it isn't already there) where it can do no harm and send it from there (select the file, right click, email to Alwil Software). No need to zip and PW protect when the sample is sent from chest. A copy of the file/s will remain in the original location, so any further action you take can remove that.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 22.2.6003 (build 22.2.7013.717) UI 1.0.697/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Pierolle

  • Guest
Re: How to deal with a virus? [CHECK DAVID]
« Reply #22 on: October 18, 2008, 09:07:24 PM »
It says I cannot send it since it's too big. :(

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 86518
  • No support PMs thanks
Re: How to deal with a virus? [CHECK DAVID]
« Reply #23 on: October 18, 2008, 09:23:19 PM »
Increase the size , avast Program Settings, Chest, Max size file to send, etc. so that it is large enough to cope the actual file size.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 22.2.6003 (build 22.2.7013.717) UI 1.0.697/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Pierolle

  • Guest
Re: How to deal with a virus? [CHECK DAVID]
« Reply #24 on: October 19, 2008, 05:51:37 PM »
OMFG! I'M ******* GETTING MAD HERE AT THIS DAMN OUTLOOK! -.-'
Please, I can't get it to work. Give me another way to get this file sent. And what about the text, is this good enough;

Hello.

DavidR on Avast! Support Forums told me to send you this file since it could be a false positive. I'd be glad if you could check it. [Forum Thread Name; How to deal with a virus? [CHECK DAVID]].
Thanks.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 86518
  • No support PMs thanks
Re: How to deal with a virus? [CHECK DAVID]
« Reply #25 on: October 19, 2008, 06:36:40 PM »
Well you could try zipping and password protecting the sample and sending it from outlook conventionally e.g. attach the zip to the email, as in my post, Reply #21 above.

As for the text, the more important things are the password in email body, a link (from the address window of the topic, the same way you captured the URL for the VT results) to this topic and the link to the VirusTotal results might help. Place possible false positive in the email subject.

You don't need to go into much detail as the link to this topic would provide the detail.


Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 22.2.6003 (build 22.2.7013.717) UI 1.0.697/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Pierolle

  • Guest
Re: How to deal with a virus? [CHECK DAVID]
« Reply #26 on: October 20, 2008, 01:26:15 PM »
But it's outlook who isn't working. I don't know why, I've tried and tried but isn't it possible sending it by Hotmail or something else?
And how do I ZIP & Pass protect the file? :)

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 86518
  • No support PMs thanks
Re: How to deal with a virus? [CHECK DAVID]
« Reply #27 on: October 20, 2008, 04:01:55 PM »
I don't know why outlook isn't working but the chest may add an extra complication, which is why I suggested trying outside.

You don't say 'why' it isn't working ?

Since you mention Hotmail, I can only assume that you send and download email to your Hotmail account using Outlook ?

Hotmail isn't a normal SMTP or POP3 account but web mail, which is normally accessed by your browser, although MS allows Outlook (and OE) to be able to send and receive Hotmail, but it doesn't use SMTP or POP3 protocols, but uses WEBDEV or something like that to convert hotmail. Because it doesn't use the SMTP/POP3 protocols avast can't access this account.

You need to have a zip program, 7zip, winzip or RAR, I would say 7zip is the easiest to work with when it comes to setting a password as it is clear on the screen.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 22.2.6003 (build 22.2.7013.717) UI 1.0.697/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Pierolle

  • Guest
Re: How to deal with a virus? [CHECK DAVID]
« Reply #28 on: October 20, 2008, 07:16:49 PM »
Outlooks says I need to choose some kind of server (?) and choose name, register here and there, connect here, oh, couldn't connect outlook need to be running. I don't know, I'm just getting mad with it. Anyway, maybe you got some experience from starting outlook for the first time?

Maybe you want a screenshot?
« Last Edit: October 20, 2008, 07:18:52 PM by Pierolle »

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 86518
  • No support PMs thanks
Re: How to deal with a virus? [CHECK DAVID]
« Reply #29 on: October 20, 2008, 08:09:26 PM »
I don't use Outlook so can't really be any practical help.

How do you normally receive and send email ?
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 22.2.6003 (build 22.2.7013.717) UI 1.0.697/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security