Author Topic: malware submiting from chest  (Read 8117 times)

0 Members and 1 Guest are viewing this topic.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67275
Re: malware submiting from chest
« Reply #15 on: June 03, 2009, 08:30:29 PM »
03.06.2009 11:12:58 system: Windows Net User: HOME-PC\ed-admin
03.06.2009 11:13:01 package: LoadAllDefs failed 0x00000005
03.06.2009 11:13:01 general: Err:Access is denied.
You seem to be the admin and even though, the access error 5 is listed there... strange uh? I'm empty on guessing what is happening...
The best things in life are free.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 83014
  • No support PMs thanks
Re: malware submiting from chest
« Reply #16 on: June 03, 2009, 08:40:12 PM »
i just submitted the pdf file again and it had the sending dialog
but the setup.log has not been modified since june 2.?

Confusingly there is another setup.log file and I never know which is used for what (they look the same) check out the other one, C:\Program Files\Alwil Software\Avast4\DATA\log\Setup.log.

Are there any files in the C:\Program Files\Alwil Software\Avast4\DATA\spool\suspic folder ?
That is where they are stored before upload.
« Last Edit: June 03, 2009, 08:42:09 PM by DavidR »
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 1909 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.2.2401 (build 20.2.5130.570) UI-1.0.505/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro

Offline treker96mk2

  • Jr. Member
  • **
  • Posts: 45
Re: malware submiting from chest
« Reply #17 on: June 04, 2009, 06:31:13 AM »
other log still says 0
and the folder you mentioned is empty.

Offline treker96mk2

  • Jr. Member
  • **
  • Posts: 45
Re: malware submiting from chest
« Reply #18 on: June 04, 2009, 06:40:07 AM »
okay i have set the pdf exploit to send again and there is now a file in the folder you mentioned.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 83014
  • No support PMs thanks
Re: malware submiting from chest
« Reply #19 on: June 04, 2009, 03:07:48 PM »
When the folder is empty there are no files awaiting upload, either they haven't been submitted or they have been sent.

So now that is in the folder the submission is ready to be uploaded during either the next auto update or on a manual iAVS update. I suggest doing a manual update and watch its progress, first it will download any update, then it will upload the file from the suspic folder (you should see that part of the process and clear the folder) and finally it will complete the update process and display the update details.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 1909 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.2.2401 (build 20.2.5130.570) UI-1.0.505/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro

Offline treker96mk2

  • Jr. Member
  • **
  • Posts: 45
Re: malware submiting from chest
« Reply #20 on: June 04, 2009, 06:18:50 PM »
when i woke up and read you reply an update check had already accord the folder is empty and the pdf exploit is now detected.
the log still has 0.
can others please see if this is a bug or is it just me?

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 83014
  • No support PMs thanks
Re: malware submiting from chest
« Reply #21 on: June 04, 2009, 06:31:35 PM »
This is what the log should look like from a previous submission, see image extract.

Check both log files, and check back further, you can even search for the package submit: string.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 1909 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.2.2401 (build 20.2.5130.570) UI-1.0.505/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 83014
  • No support PMs thanks
Re: malware submiting from chest
« Reply #22 on: June 04, 2009, 06:41:51 PM »
Update:

OK I have resubmitted a file previously submitted, see image1 the file being uploaded and image2 and extract of the C:\Program Files\Alwil Software\Avast4\Setup\setup.log showing successful upload.

So it is working as expected on my system.
« Last Edit: June 04, 2009, 06:45:04 PM by DavidR »
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 1909 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.2.2401 (build 20.2.5130.570) UI-1.0.505/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro

Offline treker96mk2

  • Jr. Member
  • **
  • Posts: 45
Re: malware submiting from chest
« Reply #23 on: June 04, 2009, 10:40:22 PM »
the only suspic in both setup logs were .wav.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 83014
  • No support PMs thanks
Re: malware submiting from chest
« Reply #24 on: June 05, 2009, 12:16:25 AM »
The only files in there should be those with weird looking names contained in the {wriggly brackets}.suspic, as in my images as it doesn't retain its original file name as it is also encrypted I believe.

You aren't looking for suspicious files in the log but the specific line entries for the upload:
Quote
17:34:17 min/int  file C:\Program Files\Alwil Software\Avast4\DATA\spool\suspic\{44A437B5-6482-456B-B2E5-CB49EBE1F233}.suspic submitted (6F48D34BDA1E1D52173818F6061C23AE411408B91EA07AB7660112B7741BE093)
17:34:17 nrm/pkg  Submit: files 1, bytes 91502, time 35844 ms
17:34:17 nrm/pkg  Submit success: files 1, bytes 91502, time 35844 ms
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 1909 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.2.2401 (build 20.2.5130.570) UI-1.0.505/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro

Offline treker96mk2

  • Jr. Member
  • **
  • Posts: 45
Re: malware submiting from chest
« Reply #25 on: June 05, 2009, 09:11:02 PM »
okey i do not remember seeing that a search for suspic only showed entry's for .wav probably for the sounds avast uses.

29.05.2009   14:03:07.000   1243630987   file   Direct move of file: C:\Program Files\Alwil Software\Avast4\ENGLISH\suspic.wav
29.05.2009   14:03:07.000   1243630987   file   Installed file:C:\Program Files\Alwil Software\Avast4\ENGLISH\suspic.wav

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 83014
  • No support PMs thanks
Re: malware submiting from chest
« Reply #26 on: June 05, 2009, 09:22:39 PM »
That is just the audio file for notifying you of a suspicious email, etc.

You should be searching within the setup.log (for the Submit: files string) using notepad.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 1909 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.2.2401 (build 20.2.5130.570) UI-1.0.505/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro

Offline treker96mk2

  • Jr. Member
  • **
  • Posts: 45
Re: malware submiting from chest
« Reply #27 on: June 06, 2009, 12:15:13 AM »
data log setup.log
Submit:

29.05.2009   14:06:39.000   1243631199   package   Submit: files 0, bytes 0, time 0 ms
29.05.2009   14:06:39.000   1243631199   package   Submit success: files 0, bytes 0, time 0 ms

there are more but there the same zeros just different times.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 83014
  • No support PMs thanks
Re: malware submiting from chest
« Reply #28 on: June 06, 2009, 01:43:11 AM »
That is from 29/5/2009 8 days ago so doesn't correspond to your submissions as topic only started on the 2nd and first submissions after that. The log is in chronological order with new lines added at the bottom (appended) so any submit: files entry would be near the bottom of the file.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 1909 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.2.2401 (build 20.2.5130.570) UI-1.0.505/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro

Offline treker96mk2

  • Jr. Member
  • **
  • Posts: 45
Re: malware submiting from chest
« Reply #29 on: June 06, 2009, 04:57:06 PM »
all submit are like that just 0 for the entire log.