I recently encountered a process which seems suspect: winrao.exe
I couldn’t stop it neither found what it could be. So I started my Windows 2000 in protected mode, the process wasn’t started, I searched and found the file in “C:\RECYCLER\winrao.exe”, where I also could erase the file after copying to another folder.
I checked the file with www.virustotal.com and got 26 out of 36 positive as trojan.
Now, does anyone know a way to inform the avast team about this threat?
Send the sample to virus@avast.com zipped and password protected with the password in email body, a link to this topic (and the VT results page if you have it) might help and undetected malware in the subject.
Or you can also add the file to the User Files (File, Add) section of the avast chest (if it isn’t already there) where it can do no harm and send it from there (select the file, right click, email to Alwil Software). No need to zip and PW protect when the sample is sent from chest. A copy of the file/s will remain in the original location, so any further action you take can remove that.
Sende die Datei als, mit dem Passwort infected versehendes, Zip Archiv an virus@avast.com, das sollte reichen. Im Zweifelsfalle kannst du auch noch den Link zum Virustotal Ergebniss mit in die Mail schreiben…
PS: I tried to add the file into “virus chest” (–> german: Virus Container) but the option was grayed out, I guess because I use the free Home Edition?