Author Topic: [Resolved]i think i found a trojan  (Read 4412 times)

0 Members and 1 Guest are viewing this topic.

Offline BJ_GeOrgE

  • Avast Evangelist
  • Sr. Member
  • ***
  • Posts: 350
  • prevention is better than cure
[Resolved]i think i found a trojan
« on: December 15, 2010, 02:33:27 PM »
i scanned my pc with mylwarebytes and i it found 4 trojans that avast didnt find(it was from a attached file a friend sent me,obvisouly he needs some av too )..how can i send the files to avast to examine them and then add them to the next update definition(if they are indeed trojans)?
« Last Edit: December 15, 2010, 03:39:51 PM by BJ_GeOrgE »
OS:Windows 7 Professional 64-bit SP1
Antivirus: Avast Free v8.0.1497/Firewall: Windows Firewall/On Demand: Malwarebytes Free Edition/Other tools: CCleaner

Offline BJ_GeOrgE

  • Avast Evangelist
  • Sr. Member
  • ***
  • Posts: 350
  • prevention is better than cure
Re: i think i found a trojan
« Reply #1 on: December 15, 2010, 02:36:17 PM »
ok i think i found a solutionn..i put the file in avast's virus chest and then submitted it with all the info i have..if this is the way to submit files for examination let me know so i can type "SOLVED" in the title
OS:Windows 7 Professional 64-bit SP1
Antivirus: Avast Free v8.0.1497/Firewall: Windows Firewall/On Demand: Malwarebytes Free Edition/Other tools: CCleaner

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 85775
  • No support PMs thanks
Re: i think i found a trojan
« Reply #2 on: December 15, 2010, 02:56:24 PM »
What would have helped is to post the MBAM log contents, as no one can comment without information.

There is also virustotal for confirmation:
Check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here the URL in the Address bar of the VT results page.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.8.2487 (build 21.8.6586.697) UI 1.0.666/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37106
Re: i think i found a trojan
« Reply #3 on: December 15, 2010, 02:58:23 PM »
yes you can do that

video tutorial
http://public.avast.com/supp/submit/submit.htm

and as David say, also check the files at www.virustotal.com

Offline BJ_GeOrgE

  • Avast Evangelist
  • Sr. Member
  • ***
  • Posts: 350
  • prevention is better than cure
Re: i think i found a trojan
« Reply #4 on: December 15, 2010, 03:31:38 PM »
What would have helped is to post the MBAM log contents, as no one can comment without information.

There is also virustotal for confirmation:
Check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here the URL in the Address bar of the VT results page.

david i know that its a malware for sure because its name was "surprise.exe" and when you click it it installs something named "security" or something like that and then it "scans" your pc and finds all kinds of malwares..and then it suggests you to buy the full version to clean them up..i knew from the beginning that it wasnt a safe file but i was curious what would happen if i execute it and what avast would do..
this topic was created to help me upload it to avast and add it to the next update definition.

thanks for your time and assistance guys,
george mavrogiannis
OS:Windows 7 Professional 64-bit SP1
Antivirus: Avast Free v8.0.1497/Firewall: Windows Firewall/On Demand: Malwarebytes Free Edition/Other tools: CCleaner

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 85775
  • No support PMs thanks
Re: i think i found a trojan
« Reply #5 on: December 15, 2010, 03:40:49 PM »
You're welcome, no way would I click surprise.exe, from your explanation it sounds like a rogue/fake security alert process. These are so fast changing it is hard to keep up with them.

Though MBAM, which used to be called rogue remover years ago, does still seem to be the most effective/specialist at detecting these rogue programs.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.8.2487 (build 21.8.6586.697) UI 1.0.666/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline YoKenny

  • Serious Graphoman
  • **
  • Posts: 8784
Re: i think i found a trojan
« Reply #6 on: December 15, 2010, 03:44:56 PM »
Though MBAM, which used to be called rogue remover years ago, does still seem to be the most effective/specialist at detecting these rogue programs.

MBAM's one time licence fee is a good value for its resident protection from rogues.
E5200 2.5GHZ, 4GB RAM, 320GB HD, Windows 7 Home Premium 64bit, avast! V9.0 Free, IE10
P4 2.8GHZ, 1.5GB RAM, 40GB HD, XP Pro SP3 32bit, avast! V9.0 Free, Google Chrome
with hpHosts, MVPS HOSTS files, SpeedFan, WinPatrol PLUS

Offline CraigB

  • Avast Überevangelist
  • Serious Graphoman
  • *****
  • Posts: 11141
  • No support PM's thanks
Re: i think i found a trojan
« Reply #7 on: December 15, 2010, 03:54:46 PM »
Though MBAM, which used to be called rogue remover years ago, does still seem to be the most effective/specialist at detecting these rogue programs.

MBAM's one time licence fee is a good value for its resident protection from rogues.
Agreed +10

Offline BJ_GeOrgE

  • Avast Evangelist
  • Sr. Member
  • ***
  • Posts: 350
  • prevention is better than cure
Re: i think i found a trojan
« Reply #8 on: December 15, 2010, 04:28:44 PM »
What would have helped is to post the MBAM log contents, as no one can comment without information.

There is also virustotal for confirmation:
Check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here the URL in the Address bar of the VT results page.


these are the results from the virus total..i wanted to see how many could find it so i did it  ;D

Antivirus    Version    Last Update    Result
AhnLab-V3   2010.12.15.02   2010.12.15   -
AntiVir           7.11.0.42   2010.12.15   TR/Crypt.ZPACK.Gen2
Antiy-AVL   2.0.3.7           2010.12.15   -
Avast           4.8.1351.0   2010.12.15   -
Avast5           5.0.677.0   2010.12.15   -
AVG           9.0.0.851   2010.12.15   -
BitDefender   7.2           2010.12.15   Gen:Variant.FakeAlert.47
CAT-QuickHeal   11.00           2010.12.15   -
ClamAV           0.96.4.0   2010.12.15   -
Command           5.2.11.5   2010.12.15   -
Comodo           7070           2010.12.15   -
DrWeb           5.0.2.03300   2010.12.15   Trojan.Fakealert.19447
Emsisoft   5.1.0.1           2010.12.15   -
eTrust-Vet   36.1.8042   2010.12.15   -
F-Prot           4.6.2.117   2010.12.14   -
F-Secure   9.0.16160.0   2010.12.15   -
Fortinet   4.2.254.0   2010.12.15   -
GData           21           2010.12.15   Gen:Variant.FakeAlert.47
Ikarus           T3.1.1.90.0   2010.12.15   -
Jiangmin   13.0.900   2010.12.15   -
K7AntiVirus   9.72.3246   2010.12.14   -
Kaspersky   7.0.0.125   2010.12.15   -
McAfee           5.400.0.1158   2010.12.15   -
McAfee-GW-Edition2010.1C   2010.12.15   -
Microsoft   1.6402           2010.12.15   Rogue:Win32/Winwebsec
NOD32           5705           2010.12.15   a variant of Win32/Kryptik.IXI
Norman           6.06.12           2010.12.15   -
nProtect   2010-12-15.02   2010.12.15   -
Panda           10.0.2.7   2010.12.15   -
PCTools           7.0.3.5           2010.12.15   -
Prevx           3.0           2010.12.15   High Risk Cloaked Malware
Rising           22.78.01.04   2010.12.15   -
Sophos           4.60.0           2010.12.15   -
SUPERAntiSpyware4.40.0.1006   2010.12.15   -
Symantec   20101.3.0.103   2010.12.15   -
TheHacker   6.7.0.1.101   2010.12.15   -
TrendMicro   9.120.0.1004   2010.12.15   -
TrendMicro-HouseCall9.120.0.100 2010.12.15   -
VBA32           3.12.14.2   2010.12.14   -
ViRobot           2010.12.15.4202   2010.12.15   -
VirusBuster   13.6.95.0   2010.12.15   -
OS:Windows 7 Professional 64-bit SP1
Antivirus: Avast Free v8.0.1497/Firewall: Windows Firewall/On Demand: Malwarebytes Free Edition/Other tools: CCleaner

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 85775
  • No support PMs thanks
Re: [Resolved]i think i found a trojan
« Reply #9 on: December 15, 2010, 04:53:25 PM »
Yes those FakeAlert hits are an indication of the rogue/fake security application I mentioned earlier on. Most of those detections are also generic as it is very hard to pin them down by signature alone when there are constant new variants.

They are usually accompanied by something to hide them which may be why one of those hits talks of cloaked malware.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.8.2487 (build 21.8.6586.697) UI 1.0.666/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline BJ_GeOrgE

  • Avast Evangelist
  • Sr. Member
  • ***
  • Posts: 350
  • prevention is better than cure
Re: [Resolved]i think i found a trojan
« Reply #10 on: December 15, 2010, 05:54:35 PM »
Yes those FakeAlert hits are an indication of the rogue/fake security application I mentioned earlier on. Most of those detections are also generic as it is very hard to pin them down by signature alone when there are constant new variants.

They are usually accompanied by something to hide them which may be why one of those hits talks of cloaked malware.

 ;)
OS:Windows 7 Professional 64-bit SP1
Antivirus: Avast Free v8.0.1497/Firewall: Windows Firewall/On Demand: Malwarebytes Free Edition/Other tools: CCleaner