Author Topic: malware submiting from chest (Read 10417 times)

treker96mk2 · « **on:** June 02, 2009, 03:24:12 AM »

it says it well send doing next update but i see no mention in the log and no email.
the first is a trojan pws been in the chest for about a day since i hit the send botton yes my email was included in the email field.
the second is a pdf exploit i added to chest hit send and filled out the email field then i started a manual database update still no message.
how can i tell if they have been sent successfully?

!Donovan · « **Reply #1 on:** June 02, 2009, 03:49:17 AM »

Getting your reply MAY take up to two weeks...

treker96mk2 · « **Reply #2 on:** June 02, 2009, 04:53:33 AM »

it would be nice if they had an automated email that tells you it was received.

.: L' arc :. · « **Reply #3 on:** June 02, 2009, 10:39:53 AM »

-= I remember someone told me that if no dialog box appears, it will be sent to ALWIL via next update but I have no knowledge of how to confirm if file was successfully sent..

-= I think it would be nice if avast has a dedicated server for allowing users to upload infected files in ZIP or RAR format..

Just a wish..

DavidR · « **Reply #4 on:** June 02, 2009, 04:16:02 PM »

Right lets clarify:
Send it from the User Files section of the chest (select the file, right click, email to Alwil Software), you should get a pop-up form to complete giving brief details about the submission, see image1. It will be uploaded (not actually emailed) to avast when the next avast auto (or manual) update is done, see image2.

Quote from: treker96mk2 on June 02, 2009, 04:53:33 AM

it would be nice if they had an automated email that tells you it was received.

So it doesn't get sent by email but is uploaded directly to Alwil, your email is unknown so you won't get a reply.

Even if you emailed it directly to Alwil, you don't normally get a reply unless they need more information.

Quote from: -= Fenrir =- on June 02, 2009, 10:39:53 AM

-= I remember someone told me that if no dialog box appears, it will be sent to ALWIL via next update but I have no knowledge of how to confirm if file was successfully sent..

Wrong, I believe you are mis-quoting something I said, if the pop-up form (dialog box you mention) doesn't appear, then you can't complete it and you 'can't' submit it as that is where the Submit button is.

Quote from: -= Fenrir =- on June 02, 2009, 10:39:53 AM

-= I think it would be nice if avast has a dedicated server for allowing users to upload infected files in ZIP or RAR format.. Just a wish.. [/font]

They already have any email you send zipped and password protected going to virus (at) avast (dot) com is filtered. There is also an ftp function but that isn't designed for that, but for large files that couldn't be emailed, etc. and then only when you receive instructions to do so.

The new submission process from the chest is I believe in some way automatically processed (mini analysis), like a sort of triage process to try and assign some sort of priority of action.

treker96mk2 · « **Reply #5 on:** June 02, 2009, 08:50:38 PM »

i entered my email in the optional email field.
and i did not see the upload info doing update but it probably went by to fast to catch.

so i will assume it got there but it would be nice to at least have a log entry stating that the upload accord.
thanks for the help.

DavidR · « **Reply #6 on:** June 02, 2009, 10:06:10 PM »

Check the C:\Program Files\Alwil Software\Avast4\Setup\setup.log using notepad, that should hold info on submissions as part of the update process.

.: L' arc :. · « **Reply #7 on:** June 03, 2009, 05:02:46 AM »

-= I checked the logs but my file [zip.zip] wasn't on the log.. Though I clicked Email to ALWIL [no dialog box]..

treker96mk2 · « **Reply #8 on:** June 03, 2009, 05:13:04 AM »

is this it?
14:06:39 nrm/pkg Submit: files 0, bytes 0, time 0 ms
14:06:39 nrm/pkg Submit success: files 0, bytes 0, time 0 ms

.: L' arc :. · « **Reply #9 on:** June 03, 2009, 05:36:24 AM »

-= Sorry about the previous post.. Found mine too.. Thanks..

calcu007 · « **Reply #10 on:** June 03, 2009, 05:47:50 AM »

Quote from: treker96mk2 on June 02, 2009, 08:50:38 PM

i entered my email in the optional email field.
and i did not see the upload info doing update but it probably went by to fast to catch.

so i will assume it got there but it would be nice to at least have a log entry stating that the upload accord.
thanks for the help.

if you want to send the file immediately then make a manual update and you will see the dialog sending the file

DavidR · « **Reply #11 on:** June 03, 2009, 03:19:59 PM »

Quote from: treker96mk2 on June 03, 2009, 05:13:04 AM

is this it?
14:06:39 nrm/pkg Submit: files 0, bytes 0, time 0 ms
14:06:39 nrm/pkg Submit success: files 0, bytes 0, time 0 ms

Yes that is the part of the log that shows it, you would have to look back in the log to a time after your submission as this part doesn't show any files to submit (files 0)...

treker96mk2 · « **Reply #12 on:** June 03, 2009, 07:26:08 PM »

none of those have a number other then 0.
searched the entire log.

treker96mk2 · « **Reply #13 on:** June 03, 2009, 07:46:03 PM »

i just submitted the pdf file again and it had the sending dialog
but the setup.log has not been modified since june 2.?

treker96mk2 · « **Reply #14 on:** June 03, 2009, 08:15:01 PM »

this is new an acces denied on manual update home edition.
here is the log.
03.06.2009 11:12:58 general: Started: 03.06.2009, 11:12:58
03.06.2009 11:12:58 general: Running setup_av_pro-537 (1335)
03.06.2009 11:12:58 system: Operating system: WindowsXP ver 5.1, build 2600, sp 3.0 [Service Pack 3]
03.06.2009 11:12:58 system: Memory: 72% load. Phys:292852/1047216K free, Page:1637736/2518356K free, Virt:2069088/2097024K free
03.06.2009 11:12:58 system: Computer WinName: HOME-PC
03.06.2009 11:12:58 system: Windows Net User: HOME-PC\ed-admin
03.06.2009 11:12:58 general: Cmdline: /downloadpkgs /noreboot /updatevps /silent /progress
03.06.2009 11:12:58 general: DldSrc set to inet
03.06.2009 11:12:58 general: Operation set to INST_OP_UPDATE_GET_PACKAGES
03.06.2009 11:12:58 general: Old version: 537 (1335)
03.06.2009 11:12:58 registry: Error deleting registry: Software\Alwil Software\Avast\4.0\UpdateReady (0x00000005)
03.06.2009 11:12:58 system: Using temp: C:\DOCUME~1\ed-admin\LOCALS~1\Temp\_av_proI.tm~a02108 (43194M free)
03.06.2009 11:12:58 general: SGW32P::CheckIfInstalled set m_bAlreadyInstalled to 1
03.06.2009 11:12:58 internet: SYNCER: Agent=Syncer/4.80 (av_pro-1335;p)
03.06.2009 11:12:58 system: Computer DnsName: home-pc
03.06.2009 11:12:58 system: Computer Ip Addr: 192.168.0.2
03.06.2009 11:12:58 system: Installed in: C:\Program Files\Alwil Software\Avast4 (43194M free)
03.06.2009 11:12:58 internet: SYNCER: Type: use IE settings
03.06.2009 11:12:58 internet: SYNCER: Auth: another authentication, use WinInet
03.06.2009 11:12:58 package: Part prg_av_pro-537 is installed
03.06.2009 11:12:58 package: Part vps-9060200 is installed
03.06.2009 11:12:58 package: Part news-50 is installed
03.06.2009 11:12:58 package: Part setup_av_pro-537 is installed
03.06.2009 11:12:58 package: Part jrog-128 is installed
03.06.2009 11:12:58 general: Old version: 537 (1335)
03.06.2009 11:12:58 general: GUID: 6c8af49f-7615-4be2-be04-0e3811168543
03.06.2009 11:12:59 general: Server definition(s) loaded for 'main': 255 (maintenance:0)
03.06.2009 11:12:59 general: SelectCurrent: selected server 'Download908 AVAST Server' from 'main'
03.06.2009 11:12:59 internet: SYNCER: Type: use IE settings
03.06.2009 11:12:59 internet: SYNCER: Auth: another authentication, use WinInet
03.06.2009 11:12:59 general: Entered SetupProcessPro::Do( INST_OP_UPDATE_GET_PACKAGES )
03.06.2009 11:12:59 general: Entered SetupProcessWin32Avast::Do( INST_OP_UPDATE_GET_PACKAGES )
03.06.2009 11:12:59 general: Entered SetupProcessWin32::Do( INST_OP_UPDATE_GET_PACKAGES )
03.06.2009 11:12:59 general: Entered SetupProcess::Do( INST_OP_UPDATE_GET_PACKAGES )
03.06.2009 11:12:59 general: progress thread start
03.06.2009 11:12:59 internet: SYNCER: Agent=Syncer/4.80 (av_pro-1335;f)
03.06.2009 11:13:00 internet: Used server: http://download908.avast.com/iavs4x
03.06.2009 11:13:00 package: Download servers.def, servers.def.vpu failed with error 0x00000005.
03.06.2009 11:13:00 internet: Used server: http://download908.avast.com/iavs4x
03.06.2009 11:13:01 general: Server definition(s) loaded for 'main': 255 (maintenance:0)
03.06.2009 11:13:01 general: SelectCurrent: selected server 'Download661 AVAST Server' from 'main'
03.06.2009 11:13:01 internet: SYNCER: Type: use IE settings
03.06.2009 11:13:01 internet: SYNCER: Auth: another authentication, use WinInet
03.06.2009 11:13:01 internet: Used server: http://69.93.227.242/iavs4x
03.06.2009 11:13:01 internet: Used server: http://69.93.227.242/iavs4x
03.06.2009 11:13:01 file: GetFileWithRetry: prod-av_pro.vpu downloaded .
03.06.2009 11:13:01 file: GetNewerStampedFile:compatCopyFile failed: C:\DOCUME~1\ed-admin\LOCALS~1\Temp\_av_proI.tm~a02108\onefile, C:\Program Files\Alwil Software\Avast4\Setup\prod-av_pro.vpu, error: 0x00000005
03.06.2009 11:13:01 package: Tried to download prod-av_pro.vpu but failed with error 0x00000005
03.06.2009 11:13:01 package: LoadAllDefs failed 0x00000005
03.06.2009 11:13:01 general: Err:Access is denied.

Author Topic: malware submiting from chest (Read 10417 times)

treker96mk2

malware submiting from chest

!Donovan

Re: malware submiting from chest

treker96mk2

Re: malware submiting from chest

.: L' arc :.

Re: malware submiting from chest

DavidR

Re: malware submiting from chest

treker96mk2

Re: malware submiting from chest

DavidR

Re: malware submiting from chest

.: L' arc :.

Re: malware submiting from chest

treker96mk2

Re: malware submiting from chest

.: L' arc :.

Re: malware submiting from chest

calcu007

Re: malware submiting from chest

DavidR

Re: malware submiting from chest

treker96mk2

Re: malware submiting from chest

treker96mk2

Re: malware submiting from chest

treker96mk2

Re: malware submiting from chest