Author Topic: Danger when extracting virus from the chest  (Read 4384 times)

0 Members and 1 Guest are viewing this topic.

Avastfan1

  • Guest
Danger when extracting virus from the chest
« on: April 16, 2010, 01:27:48 PM »
Dear Forum,

If I extract an .exe file infected with a virus from the chest, exclude the directory and zip the file up, does this pose any threat to my computer?

Is there any risk the virus could infect my computer?

I want to zip it up and send it to some anti-virus companies and experts so other people won't be infected with it.

Thanks!

Avastfan1

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 87305
  • No support PMs thanks
Re: Danger when extracting virus from the chest
« Reply #1 on: April 16, 2010, 01:38:46 PM »
Provided you don't restore or extract it to its original location, it poses minimal risk.

If you don't execute it (even then presumably avast would alert again), then it is inert as there is no associated registry entry to run that file in that new location.

You still have to exercise care.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 22.12.6044 (build 22.12.7758.768) UI 1.0.741/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Avastfan1

  • Guest
Re: Danger when extracting virus from the chest
« Reply #2 on: April 16, 2010, 01:41:05 PM »
Thanks for your reply.

How can I change the name of the file to prevent it from being run?

I tried with right click and rename to XXXXXX.333 but it just kept the filename as XXXXXXXXX.333.exe?

Would that reduce the risk even more?

Would renaming the file pose a risk of infecting my system? Does it execute the file in any way?

Thanks for your help!! :-)

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76076
  • Urlaub/Vacation
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Danger when extracting virus from the chest
« Reply #3 on: April 16, 2010, 01:42:24 PM »
You can also send the file to avast direct from the chest.
There should be an option when right clicking on it...
asyn
W8.1 [x64] - Avast PremSec 22.7.7366.BC [UI.713] - Firefox ESR 91.11 [NS/uBO/PB] - Thunderbird 91.11
Avast-Tools: Secure Browser 103.0 - Cleanup 22.2 - SecureLine 5.18 - DriverUpdater 22.2 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

bong2x

  • Guest
Re: Danger when extracting virus from the chest
« Reply #4 on: April 16, 2010, 01:53:29 PM »
 put it inside the rar it will be safe to accidentally execution, but there is always risk dealing with virus

Regards!!

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 87305
  • No support PMs thanks
Re: Danger when extracting virus from the chest
« Reply #5 on: April 16, 2010, 02:50:37 PM »
How can I change the name of the file to prevent it from being run?
There really is no need to change the file name if you do as I suggested.

I tried with right click and rename to XXXXXX.333 but it just kept the filename as XXXXXXXXX.333.exe?

Well for me if I change an file name to xxxxx.333 XP asks if I'm sure, see image. So I don't know what you are doing.

Would that reduce the risk even more?

No, the risk has nothing to do with the file name. Changing the file type to 333 will only confuse the hell out of who you send it too, so you would have to say what the true file type is.

Would renaming the file pose a risk of infecting my system? Does it execute the file in any way?

No and No

Honestly given the questions you ask, I would say you should leave well alone.
Samples inside zip files can be seen by many email clients even if you password protect the zip file and many email clients block .exe files inside zip or rar files, just because they are .exe files.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 22.12.6044 (build 22.12.7758.768) UI 1.0.741/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Avastfan1

  • Guest
Re: Danger when extracting virus from the chest
« Reply #6 on: April 16, 2010, 03:18:10 PM »
Hi DavidR,

I think you are correct. I shall now leave it well alone. I did extract it to C:\Suspect, and tried to rename it. However, Avast immediately detected 'wyskq6lt.exe' as 'Win32:Malware-gen'. So I moved it to the chest again and ensured 'send to Avast' was also ticked.

DavidR, I have PMed you. if you could kindly respond, it would be much appreciated.

Thanks,

Avastfan1

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 87305
  • No support PMs thanks
Re: Danger when extracting virus from the chest
« Reply #7 on: April 16, 2010, 05:12:03 PM »
You first have to exclude the suspect folder in the File System Shield, Expert Settings, Exclusions, or when you move it out of the chest avast will alert when it is created in the suspect folder.

By far the easiest method if sending it to avast is to use the Chest, Submit to virus lab (that way no need to extract or email to avast). The only point in doing that would be if you considered it a false positive, if only avast detected it at VirusTotal, which given its name (and the multitude of google hits that consider it suspect) I doubt it is an FP.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 22.12.6044 (build 22.12.7758.768) UI 1.0.741/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Avastfan1

  • Guest
Re: Danger when extracting virus from the chest
« Reply #8 on: April 16, 2010, 05:20:10 PM »
Hi DavidR,

Thanks again for your support. I agree that it is not a FP.

Could you download Prevx 3.0 and run it without disturbing Avast or MBAM? I would be keen to see if I can run Prevx3.0 as a 'command-line' style scanner. Purely to scan my computer.

THANKS!!

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 87305
  • No support PMs thanks
Re: Danger when extracting virus from the chest
« Reply #9 on: April 16, 2010, 05:27:44 PM »
I don't use Prevx, so I can't really say.

If it is only on-demand then it shouldn't be a problem.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 22.12.6044 (build 22.12.7758.768) UI 1.0.741/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Avastfan1

  • Guest
Re: Danger when extracting virus from the chest
« Reply #10 on: April 16, 2010, 05:32:51 PM »
Thanks DavidR.

Does any other Avast Forum member have any experience with PrevX 3.0?