Author Topic: How to restore default setting for detecting suspicious files?  (Read 6929 times)

0 Members and 1 Guest are viewing this topic.

Offline simran.k

  • Newbie
  • *
  • Posts: 9
Re: How to restore default setting for detecting suspicious files?
« Reply #15 on: November 19, 2010, 08:26:16 AM »
this is the hcl link:
http://www.hclstore.in/hcl_me_laptop_AE1V0685

also this is the file stored in malwarebytes' logs 'protection-log-2010-11-16'


19:59:32   harvinder vir singh   MESSAGE   Protection started successfully
19:59:38   harvinder vir singh   MESSAGE   IP Protection started successfully
19:59:38   harvinder vir singh   MESSAGE   IP Protection stopped
19:59:42   harvinder vir singh   MESSAGE   IP Protection started successfully
20:04:46   harvinder vir singh   DETECTION   C:\WINDOWS\system32\EXPLORE.EXE   Backdoor.Bot   ALLOW
20:04:49   harvinder vir singh   DETECTION   C:\WINDOWS\system32\EXPLORE.EXE   Backdoor.Bot   ALLOW
20:04:49   harvinder vir singh   DETECTION   C:\WINDOWS\system32\EXPLORE.EXE   Backdoor.Bot   ALLOW
21:31:04   harvinder vir singh   MESSAGE   Protection started successfully
21:31:14   harvinder vir singh   MESSAGE   IP Protection started successfully
« Last Edit: November 19, 2010, 08:39:52 AM by simran.k »

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 84782
  • No support PMs thanks
Re: How to restore default setting for detecting suspicious files?
« Reply #16 on: November 19, 2010, 03:27:07 PM »
HCL (hindustan computers limited) is the name of the computer/netbook manufacturer..i just purchased it recently..interestingly malwarebyte also flagged it when i did a full scan with it,so i ignored it then as well..i think this is the hcl file because of the icon..i use internet sparingly and that only for work and the netbook is new (bought like 15 days back)..i really cant see how it got infected so soon??? :/
i've submitted the  file to virus lab..should i zip it and put it up here also or is it sufficient?

It isn't that it could become infected so soon, but what it actually does and why it is a hidden process. These are questions that you will have to address to HCL telling them about the avast and MBAM alerts on their file.

The name is really a bad choice as in itself I would have been suspicious already before any alert as it is too close to regular system file names, a common tactic of malware creators. Add to that they placed it in the system32 folder also a common tactic of malware creators. Then add the google hits about the explore.exe being highly associates with malware.

So you need some plain answers from HCL as to exactly what it does and why it is needed and why some anti-virus/malware applications consider it at the very least suspicious if not infected.

No need to attach it, we don't want the forums become a possible malware distribution center and you never know we don't want the forums alerting on an uploaded file (you can't attack zip files anyway).

~~~~
You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here the URL in the Address bar of the VT results page. You can't do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.

Create a folder called Suspect in the C:\ drive. Now exclude that folder in the File System Shield, Expert Settings, Exclusions, Add, type (or copy and paste) C:\Suspect\*
That will stop the File System Shield scanning any file you put in that folder.
« Last Edit: November 19, 2010, 03:30:03 PM by DavidR »
Windows 10 Home 2004 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.3.2459 (build 21.3.6164.561) UI 1.0.609/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Charyb

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2318
Re: How to restore default setting for detecting suspicious files?
« Reply #17 on: November 19, 2010, 05:14:28 PM »
EDIT: Had something to add but was already in DavidR post. Sorry about this post.
« Last Edit: November 19, 2010, 05:28:31 PM by Charyb »

Offline simran.k

  • Newbie
  • *
  • Posts: 9
Re: How to restore default setting for detecting suspicious files?
« Reply #18 on: November 19, 2010, 05:25:54 PM »
@DavidR/Charyb..ok will do that..and paste the result here..thanks :)

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 84782
  • No support PMs thanks
Re: How to restore default setting for detecting suspicious files?
« Reply #19 on: November 19, 2010, 06:27:51 PM »
You're welcome.
Windows 10 Home 2004 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.3.2459 (build 21.3.6164.561) UI 1.0.609/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security