Provided you don’t restore or extract it to its original location, it poses minimal risk.
If you don’t execute it (even then presumably avast would alert again), then it is inert as there is no associated registry entry to run that file in that new location.
There really is no need to change the file name if you do as I suggested.
Well for me if I change an file name to xxxxx.333 XP asks if I’m sure, see image. So I don’t know what you are doing.
No, the risk has nothing to do with the file name. Changing the file type to 333 will only confuse the hell out of who you send it too, so you would have to say what the true file type is.
No and No
Honestly given the questions you ask, I would say you should leave well alone.
Samples inside zip files can be seen by many email clients even if you password protect the zip file and many email clients block .exe files inside zip or rar files, just because they are .exe files.
I think you are correct. I shall now leave it well alone. I did extract it to C:\Suspect, and tried to rename it. However, Avast immediately detected ‘wyskq6lt.exe’ as ‘Win32:Malware-gen’. So I moved it to the chest again and ensured ‘send to Avast’ was also ticked.
DavidR, I have PMed you. if you could kindly respond, it would be much appreciated.
You first have to exclude the suspect folder in the File System Shield, Expert Settings, Exclusions, or when you move it out of the chest avast will alert when it is created in the suspect folder.
By far the easiest method if sending it to avast is to use the Chest, Submit to virus lab (that way no need to extract or email to avast). The only point in doing that would be if you considered it a false positive, if only avast detected it at VirusTotal, which given its name (and the multitude of google hits that consider it suspect) I doubt it is an FP.
Thanks again for your support. I agree that it is not a FP.
Could you download Prevx 3.0 and run it without disturbing Avast or MBAM? I would be keen to see if I can run Prevx3.0 as a ‘command-line’ style scanner. Purely to scan my computer.