Author Topic: Where to search for detailed infection descriptions/explanations?  (Read 5271 times)

0 Members and 1 Guest are viewing this topic.

Offline Muad'Dib

  • Jr. Member
  • **
  • Posts: 74
    • The underwater sound of the Antarctic Ocean
Using avast! 4.8 home, I received the following result from doing a scan on an old Eudora mailbox file:

Infection: HTML:FileDldr-A [Expl]

Before I simply trash an entire file containing hundreds of emails, I'd like to find out exactly what this result means.  All I can find (from the virus definition database) is that this type of infection affects COM & EXE files.  No "Detailed information" is provided.  I've searched through the entire Support Center, KnowledgeBase, documentation and of course this forum for various portions of the above text, and have found nothing useful (even a search for just FileDldr finds zero results).

Is there a place that describes the sections of this result so I can decide how dangerous this infection is?  For example, I do not have HTML viewing turned on by default with Eudora, and since this file is from a few years ago, the chances of viewing individual messages in this file with HTML viewing turned on, are very slim.  And if there was a way I could find the individual message that has this infection, I'd be glad to delete it.  But I'd rather not delete (or even quarantine) and entire year's worth of emails because of a low-risk infection.  Also, the folder that contains various email attachments scanned clean, so the infection is not likely to be from those.

If you know what the above result means, I'm happy to learn from you.  But I'd really like to know where I can find out more detailed 'official' information directly, without each time having to ask people in the forum.  Nothing against the forum, but there are often conflicting answers here and it's hard to know which one is accurate.  Avast! came up with the definition for this infection, there should be a place that describes what it actually does and how it does it.

Thanks!
« Last Edit: February 20, 2010, 10:50:01 PM by Muad'Dib »

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67236
Re: Where to search for detailed infection descriptions/explanations?
« Reply #1 on: February 21, 2010, 01:25:46 AM »
Sorry, I can't help with cleaning/virus research as I'm not an expert on it.
But, I suggest you get the 5.0.418 version of avast ;)
The best things in life are free.

Offline Muad'Dib

  • Jr. Member
  • **
  • Posts: 74
    • The underwater sound of the Antarctic Ocean
Re: Where to search for detailed infection descriptions/explanations?
« Reply #2 on: February 21, 2010, 01:32:38 AM »
But, I suggest you get the 5.0.418 version of avast ;)
And this will solve my problem how?

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37190
Re: Where to search for detailed infection descriptions/explanations?
« Reply #3 on: February 21, 2010, 01:34:11 AM »
Quote
Is there a place that describes the sections of this result so I can decide how dangerous this infection is
Virus Encyclopedia http://www.viruslist.com/en/viruses/encyclopedia
Malware Protection Center http://www.microsoft.com/security/portal/
ThreatExpert http://www.threatexpert.com/

Offline Gopher John

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2098
Re: Where to search for detailed infection descriptions/explanations?
« Reply #4 on: February 21, 2010, 02:09:06 AM »
@Muad'Dib

Hopefully, it's a false positive.  If the file size doesn't too large, upload it to http://www.virustotal.com/ or http://virusscan.jotti.org/en and it will be scanned by multiple antivirus engines.

AMD A6-5350M APU with Radeon HD Graphics, 8.0GB RAM, Win7 Pro SP1 64bit, IE11
i7-3610QM 2.3GHZ, 8.0GB Ram,  Nvidia GeForce GT 630M 2GB, Win7 Pro SP1 64bit, IE 11
Common to both: Avast Premium Security 19.7.2388, WinPatrol Plus, SpywareBlaster 5.5, Opera 12.18, Firefox 68.0.2, MBam Free, CCleaner

Offline Muad'Dib

  • Jr. Member
  • **
  • Posts: 74
    • The underwater sound of the Antarctic Ocean
Re: Where to search for detailed infection descriptions/explanations?
« Reply #5 on: February 21, 2010, 02:20:31 AM »
Pondus,

Thanks for the links - that's exactly the type of info I'm looking for.  Unfortunately, searching within those sites is not finding anything (or in the case of the Microsoft site, finding too many hits - more than 500).

If I search for the entire string, I get no matches.  If I search for FileDldr or FileDldr-A I also get no matches.

If I search for HTML or Expl (which I understand is short for 'Exploit'), I get tons of hits (most of which aren't too specific).

It seems that if avast! is giving the threat a specific name, I should be able to search for that name and find out more info about that threat.

Does avast! use some non-standard method of naming threats?  I would think that searching for FileDldr or FileDldr-A would match something!

Am I missing something obvious here?



@Gopher John,

It's at least a 4mb file containing lots of personal emails, so I'm not eager to upload it anywhere (at least not without manually going through the messages first).  I agree it's not something I'm massively worried about.  It's just the idea that I'm getting a definition, but nowhere can I find out anything about the definition.

Also, why should I have to upload it anywhere?  Isn't avast! supposed to be doing the same sort of scan locally?

I guess when I have the time, I may just start splitting the file up into pieces (__ emails per file) and then scanning the subsets to see if I can narrow down which email is the offending one.

Thanks for offering to help a fellow rodent! :)



Offline polonus

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 33669
  • malware fighter
Re: Where to search for detailed infection descriptions/explanations?
« Reply #6 on: February 21, 2010, 02:36:43 AM »
Hi Muad'Dib,

This is a.k.a. Netsky variant, the attachment "E-Mail-Headerl" comes with a malcode unwanted program Exploit-MIME.gen.c. and this part was being deleted to cleanse your machine of this,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Gopher John

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2098
Re: Where to search for detailed infection descriptions/explanations?
« Reply #7 on: February 21, 2010, 02:49:50 AM »
Also, why should I have to upload it anywhere?  Isn't avast! supposed to be doing the same sort of scan locally?

The scan is the same, but the definitions and scan engine used by various antivirus programs are different.  If the other 40 or so antivirus programs used by VirusTotal find nothing, then aVast likely has found a false positive, not a virus.  I've seen posts for VirusTotal file scans where aVast and Gdata are the only two to find a virus in an uploaded file.  They do use the same virus signature definitions, so that's to be expected.

As far as privacy with the email database, I doubt that the file would be touched except automatically by the scanners after upload.
AMD A6-5350M APU with Radeon HD Graphics, 8.0GB RAM, Win7 Pro SP1 64bit, IE11
i7-3610QM 2.3GHZ, 8.0GB Ram,  Nvidia GeForce GT 630M 2GB, Win7 Pro SP1 64bit, IE 11
Common to both: Avast Premium Security 19.7.2388, WinPatrol Plus, SpywareBlaster 5.5, Opera 12.18, Firefox 68.0.2, MBam Free, CCleaner

Offline Muad'Dib

  • Jr. Member
  • **
  • Posts: 74
    • The underwater sound of the Antarctic Ocean
Re: Where to search for detailed infection descriptions/explanations?
« Reply #8 on: February 21, 2010, 04:30:26 AM »
Thanks to all for your help.  I ended up narrowing down the emails and it turned out to be simply two bounceback messages of no importance.  I uploaded both of them to the websites suggested by Gopher John, and about 1/2 of the virus engines detected some sort of infection (very interesting to see the variation,  I'll have to try this the next time I get a known virus and see who fails to detect it).

Since the emails were junk messages anyway, I didn't care whether the alerts were false positives or not, so I ended up deleting both messages.  Problem solved!

Thanks again all!

M'D

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37190
Re: Where to search for detailed infection descriptions/explanations?
« Reply #9 on: February 21, 2010, 11:03:17 AM »
glad you solved it......i see from your flag that you are in Antarctica......i have always believed that virus in Antarctica would freeze to death.... ;D

Offline Muad'Dib

  • Jr. Member
  • **
  • Posts: 74
    • The underwater sound of the Antarctic Ocean
Re: Where to search for detailed infection descriptions/explanations?
« Reply #10 on: February 21, 2010, 12:44:45 PM »
...i have always believed that virus in Antarctica would freeze to death.... ;D

Funny, I always thought the same about Norway!  :D

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37190
Re: Where to search for detailed infection descriptions/explanations?
« Reply #11 on: February 21, 2010, 12:49:51 PM »
what temp do you have?.....here is only -7c today, i guess that is like summer in Antarctica.....

Offline Muad'Dib

  • Jr. Member
  • **
  • Posts: 74
    • The underwater sound of the Antarctic Ocean
Re: Where to search for detailed infection descriptions/explanations?
« Reply #12 on: February 21, 2010, 08:46:16 PM »
The temperatures depend on the location, Antarctica is a big continent!  Sunday the daytime temps ranged from a warm 2c at several locations down to about -43c at Vostok (and even colder at night - viruses may not die when it's that cold, but I'll bet they stay in bed! ;D).

Here's a good link for weather conditions around the continent: 
http://www.wunderground.com/global/AA.html?MR=1