Danger when extracting virus from the chest

Dear Forum,

If I extract an .exe file infected with a virus from the chest, exclude the directory and zip the file up, does this pose any threat to my computer?

Is there any risk the virus could infect my computer?

I want to zip it up and send it to some anti-virus companies and experts so other people won’t be infected with it.

Thanks!

Avastfan1

Provided you don’t restore or extract it to its original location, it poses minimal risk.

If you don’t execute it (even then presumably avast would alert again), then it is inert as there is no associated registry entry to run that file in that new location.

You still have to exercise care.

Thanks for your reply.

How can I change the name of the file to prevent it from being run?

I tried with right click and rename to XXXXXX.333 but it just kept the filename as XXXXXXXXX.333.exe?

Would that reduce the risk even more?

Would renaming the file pose a risk of infecting my system? Does it execute the file in any way?

Thanks for your help!! :slight_smile:

You can also send the file to avast direct from the chest.
There should be an option when right clicking on it…
asyn

put it inside the rar it will be safe to accidentally execution, but there is always risk dealing with virus

Regards!!

There really is no need to change the file name if you do as I suggested.

Well for me if I change an file name to xxxxx.333 XP asks if I’m sure, see image. So I don’t know what you are doing.

No, the risk has nothing to do with the file name. Changing the file type to 333 will only confuse the hell out of who you send it too, so you would have to say what the true file type is.

No and No

Honestly given the questions you ask, I would say you should leave well alone.
Samples inside zip files can be seen by many email clients even if you password protect the zip file and many email clients block .exe files inside zip or rar files, just because they are .exe files.

Hi DavidR,

I think you are correct. I shall now leave it well alone. I did extract it to C:\Suspect, and tried to rename it. However, Avast immediately detected ‘wyskq6lt.exe’ as ‘Win32:Malware-gen’. So I moved it to the chest again and ensured ‘send to Avast’ was also ticked.

DavidR, I have PMed you. if you could kindly respond, it would be much appreciated.

Thanks,

Avastfan1

You first have to exclude the suspect folder in the File System Shield, Expert Settings, Exclusions, or when you move it out of the chest avast will alert when it is created in the suspect folder.

By far the easiest method if sending it to avast is to use the Chest, Submit to virus lab (that way no need to extract or email to avast). The only point in doing that would be if you considered it a false positive, if only avast detected it at VirusTotal, which given its name (and the multitude of google hits that consider it suspect) I doubt it is an FP.

Hi DavidR,

Thanks again for your support. I agree that it is not a FP.

Could you download Prevx 3.0 and run it without disturbing Avast or MBAM? I would be keen to see if I can run Prevx3.0 as a ‘command-line’ style scanner. Purely to scan my computer.

THANKS!!

I don’t use Prevx, so I can’t really say.

If it is only on-demand then it shouldn’t be a problem.

Thanks DavidR.

Does any other Avast Forum member have any experience with PrevX 3.0?