Author Topic: malware submiting from chest  (Read 8116 times)

0 Members and 1 Guest are viewing this topic.

Offline treker96mk2

  • Jr. Member
  • **
  • Posts: 45
malware submiting from chest
« on: June 02, 2009, 03:24:12 AM »
it says it well send doing next update but i see no mention in the log and no email.
the first is a trojan pws been in the chest for about a day since i hit the send botton yes my email was included in the email field.
the second is a pdf exploit i added to chest hit send and filled out the email field then i started a manual database update still no message.
how can i tell if they have been sent successfully?

Offline !Donovan

  • Web Analyst
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2220
    • The WAR Against Malware
Re: malware submiting from chest
« Reply #1 on: June 02, 2009, 03:49:17 AM »
Getting your reply MAY take up to two weeks...
Familiarize Yourself! | Educate Yourself! | Beautify Yourself! | Scan Yourself!
"People who say it cannot be done should not interrupt those who are doing it."

Offline treker96mk2

  • Jr. Member
  • **
  • Posts: 45
Re: malware submiting from chest
« Reply #2 on: June 02, 2009, 04:53:33 AM »
it would be nice if they had an automated email that tells you it was received.

Offline .: L' arc :.

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1780
  • Thinking with Portals
Re: malware submiting from chest
« Reply #3 on: June 02, 2009, 10:39:53 AM »
-= I remember someone told me that if no dialog box appears, it will be sent to ALWIL via next update but I have no knowledge of how to confirm if file was successfully sent..

-= I think it would be nice if avast has a dedicated server for allowing users to upload infected files in ZIP or RAR format.. ??? Just a wish.. ;D

Windows 7 (64-bit) Home Premium SP1
avast! 9 RC1

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 83011
  • No support PMs thanks
Re: malware submiting from chest
« Reply #4 on: June 02, 2009, 04:16:02 PM »
Right lets clarify:
Send it from the User Files section of the chest (select the file, right click, email to Alwil Software), you should get a pop-up form to complete giving brief details about the submission, see image1. It will be uploaded (not actually emailed) to avast when the next avast auto (or manual) update is done, see image2.

it would be nice if they had an automated email that tells you it was received.
So it doesn't get sent by email but is uploaded directly to Alwil, your email is unknown so you won't get a reply.

Even if you emailed it directly to Alwil, you don't normally get a reply unless they need more information.

-= I remember someone told me that if no dialog box appears, it will be sent to ALWIL via next update but I have no knowledge of how to confirm if file was successfully sent..

Wrong, I believe you are mis-quoting something I said, if the pop-up form (dialog box you mention) doesn't appear, then you can't complete it and you 'can't' submit it as that is where the Submit button is.

-= I think it would be nice if avast has a dedicated server for allowing users to upload infected files in ZIP or RAR format.. ??? Just a wish.. ;D[/font]

They already have any email you send zipped and password protected going to virus (at) avast (dot) com is filtered. There is also an ftp function but that isn't designed for that, but for large files that couldn't be emailed, etc. and then only when you receive instructions to do so.

The new submission process from the chest is I believe in some way automatically processed (mini analysis), like a sort of triage process to try and assign some sort of priority of action.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 1909 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.2.2401 (build 20.2.5130.570) UI-1.0.505/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro

Offline treker96mk2

  • Jr. Member
  • **
  • Posts: 45
Re: malware submiting from chest
« Reply #5 on: June 02, 2009, 08:50:38 PM »
i entered my email in the optional email field.
and i did not see the upload info doing update but it probably went by to fast to catch.

so i will assume it got there but it would be nice to at least have a log entry stating that the upload accord.
thanks for the help.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 83011
  • No support PMs thanks
Re: malware submiting from chest
« Reply #6 on: June 02, 2009, 10:06:10 PM »
Check the C:\Program Files\Alwil Software\Avast4\Setup\setup.log using notepad, that should hold info on submissions as part of the update process.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 1909 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.2.2401 (build 20.2.5130.570) UI-1.0.505/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro

Offline .: L' arc :.

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1780
  • Thinking with Portals
Re: malware submiting from chest
« Reply #7 on: June 03, 2009, 05:02:46 AM »
-= I checked the logs but my file [zip.zip] wasn't on the log.. Though I clicked Email to ALWIL [no dialog box]..
Windows 7 (64-bit) Home Premium SP1
avast! 9 RC1

Offline treker96mk2

  • Jr. Member
  • **
  • Posts: 45
Re: malware submiting from chest
« Reply #8 on: June 03, 2009, 05:13:04 AM »
is this it?
14:06:39 nrm/pkg  Submit: files 0, bytes 0, time 0 ms
14:06:39 nrm/pkg  Submit success: files 0, bytes 0, time 0 ms

Offline .: L' arc :.

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1780
  • Thinking with Portals
Re: malware submiting from chest
« Reply #9 on: June 03, 2009, 05:36:24 AM »
-= Sorry about the previous post.. Found mine too.. Thanks.. ;)
Windows 7 (64-bit) Home Premium SP1
avast! 9 RC1

Offline calcu007

  • Avast Evangelist
  • Poster
  • ***
  • Posts: 482
  • I'm lamma!
Re: malware submiting from chest
« Reply #10 on: June 03, 2009, 05:47:50 AM »
i entered my email in the optional email field.
and i did not see the upload info doing update but it probably went by to fast to catch.

so i will assume it got there but it would be nice to at least have a log entry stating that the upload accord.
thanks for the help.

if you want to send the file immediately then make a manual update and you will see the dialog sending the file
Asus Intel i7 8GB RAM , Win 8.1 64 bit, Avast IS

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 83011
  • No support PMs thanks
Re: malware submiting from chest
« Reply #11 on: June 03, 2009, 03:19:59 PM »
is this it?
14:06:39 nrm/pkg  Submit: files 0, bytes 0, time 0 ms
14:06:39 nrm/pkg  Submit success: files 0, bytes 0, time 0 ms

Yes that is the part of the log that shows it, you would have to look back in the log to a time after your submission as this part doesn't show any files to submit (files 0)...

WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 1909 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.2.2401 (build 20.2.5130.570) UI-1.0.505/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro

Offline treker96mk2

  • Jr. Member
  • **
  • Posts: 45
Re: malware submiting from chest
« Reply #12 on: June 03, 2009, 07:26:08 PM »
none of those have a number other then 0.
searched the entire log.

Offline treker96mk2

  • Jr. Member
  • **
  • Posts: 45
Re: malware submiting from chest
« Reply #13 on: June 03, 2009, 07:46:03 PM »
i just submitted the pdf file again and it had the sending dialog
but the setup.log has not been modified since june 2.?

Offline treker96mk2

  • Jr. Member
  • **
  • Posts: 45
Re: malware submiting from chest
« Reply #14 on: June 03, 2009, 08:15:01 PM »
this is new an acces denied on manual update home edition.
here is the log.
03.06.2009 11:12:58 general: Started: 03.06.2009, 11:12:58
03.06.2009 11:12:58 general: Running setup_av_pro-537 (1335)
03.06.2009 11:12:58 system: Operating system: WindowsXP ver 5.1, build 2600, sp 3.0 [Service Pack 3]
03.06.2009 11:12:58 system: Memory: 72% load. Phys:292852/1047216K free, Page:1637736/2518356K free, Virt:2069088/2097024K free
03.06.2009 11:12:58 system: Computer WinName: HOME-PC
03.06.2009 11:12:58 system: Windows Net User: HOME-PC\ed-admin
03.06.2009 11:12:58 general: Cmdline: /downloadpkgs /noreboot /updatevps /silent /progress 
03.06.2009 11:12:58 general: DldSrc set to inet
03.06.2009 11:12:58 general: Operation set to INST_OP_UPDATE_GET_PACKAGES
03.06.2009 11:12:58 general: Old version: 537 (1335)
03.06.2009 11:12:58 registry: Error deleting registry: Software\Alwil Software\Avast\4.0\UpdateReady (0x00000005)
03.06.2009 11:12:58 system: Using temp: C:\DOCUME~1\ed-admin\LOCALS~1\Temp\_av_proI.tm~a02108 (43194M free)
03.06.2009 11:12:58 general: SGW32P::CheckIfInstalled set m_bAlreadyInstalled to 1
03.06.2009 11:12:58 internet: SYNCER: Agent=Syncer/4.80 (av_pro-1335;p)
03.06.2009 11:12:58 system: Computer DnsName: home-pc
03.06.2009 11:12:58 system: Computer Ip Addr: 192.168.0.2
03.06.2009 11:12:58 system: Installed in: C:\Program Files\Alwil Software\Avast4 (43194M free)
03.06.2009 11:12:58 internet: SYNCER: Type: use IE settings
03.06.2009 11:12:58 internet: SYNCER: Auth: another authentication, use WinInet
03.06.2009 11:12:58 package: Part prg_av_pro-537 is installed
03.06.2009 11:12:58 package: Part vps-9060200 is installed
03.06.2009 11:12:58 package: Part news-50 is installed
03.06.2009 11:12:58 package: Part setup_av_pro-537 is installed
03.06.2009 11:12:58 package: Part jrog-128 is installed
03.06.2009 11:12:58 general: Old version: 537 (1335)
03.06.2009 11:12:58 general: GUID: 6c8af49f-7615-4be2-be04-0e3811168543
03.06.2009 11:12:59 general: Server definition(s) loaded for 'main': 255 (maintenance:0)
03.06.2009 11:12:59 general: SelectCurrent: selected server 'Download908 AVAST Server' from 'main'
03.06.2009 11:12:59 internet: SYNCER: Type: use IE settings
03.06.2009 11:12:59 internet: SYNCER: Auth: another authentication, use WinInet
03.06.2009 11:12:59 general: Entered SetupProcessPro::Do( INST_OP_UPDATE_GET_PACKAGES )
03.06.2009 11:12:59 general: Entered SetupProcessWin32Avast::Do( INST_OP_UPDATE_GET_PACKAGES )
03.06.2009 11:12:59 general: Entered SetupProcessWin32::Do( INST_OP_UPDATE_GET_PACKAGES )
03.06.2009 11:12:59 general: Entered SetupProcess::Do( INST_OP_UPDATE_GET_PACKAGES )
03.06.2009 11:12:59 general: progress thread start
03.06.2009 11:12:59 internet: SYNCER: Agent=Syncer/4.80 (av_pro-1335;f)
03.06.2009 11:13:00 internet: Used server: http://download908.avast.com/iavs4x
03.06.2009 11:13:00 package: Download servers.def, servers.def.vpu failed with error 0x00000005.
03.06.2009 11:13:00 internet: Used server: http://download908.avast.com/iavs4x
03.06.2009 11:13:01 general: Server definition(s) loaded for 'main': 255 (maintenance:0)
03.06.2009 11:13:01 general: SelectCurrent: selected server 'Download661 AVAST Server' from 'main'
03.06.2009 11:13:01 internet: SYNCER: Type: use IE settings
03.06.2009 11:13:01 internet: SYNCER: Auth: another authentication, use WinInet
03.06.2009 11:13:01 internet: Used server: http://69.93.227.242/iavs4x
03.06.2009 11:13:01 internet: Used server: http://69.93.227.242/iavs4x
03.06.2009 11:13:01 file: GetFileWithRetry: prod-av_pro.vpu downloaded .
03.06.2009 11:13:01 file: GetNewerStampedFile:compatCopyFile failed: C:\DOCUME~1\ed-admin\LOCALS~1\Temp\_av_proI.tm~a02108\onefile, C:\Program Files\Alwil Software\Avast4\Setup\prod-av_pro.vpu, error: 0x00000005
03.06.2009 11:13:01 package: Tried to download prod-av_pro.vpu but failed with error 0x00000005
03.06.2009 11:13:01 package: LoadAllDefs failed 0x00000005
03.06.2009 11:13:01 general: Err:Access is denied.