HAI, a few days ago, my PC was infected by a worm when i accidentally open an “infected” file sent by a friend of mine via MSN. I upload the “file” into www.virustotal.com for analyses, and it return a high positives. How can i get rid of that? or maybe how can i send the “file” for virus analyst in Avast. Thanks for the Help~
Here is the analyses:

File image22.zip received on 10.31.2007 20:56:02 (CET)
Antivirus Version Last Update Result
AhnLab-V3 2007.11.1.0 2007.10.31 -
AntiVir 7.6.0.30 2007.10.31 TR/Crypt.ULPM.Gen
Authentium 4.93.8 2007.10.31 Possibly a new variant of W32/Threat-HLLSI-based!Maximus
Avast 4.7.1074.0 2007.10.31 -
AVG 7.5.0.503 2007.10.31 BackDoor.Ircbot.BYF
BitDefender 7.2 2007.10.31 Trojan.Peed.Gen
CAT-QuickHeal 9.00 2007.10.31 Backdoor.IRCBot.anl
ClamAV 0.91.2 2007.10.31 Trojan.Downloader-14917
DrWeb 4.44.0.09170 2007.10.31 BackDoor.IRC.Tiny
eSafe 7.0.15.0 2007.10.28 suspicious Trojan/Worm
eTrust-Vet 31.2.5256 2007.10.31 Win32/Slenfbot!generic
Ewido 4.0 2007.10.31 -
FileAdvisor 1 2007.10.31 -
Fortinet 3.11.0.0 2007.10.19 -
F-Prot 4.3.2.48 2007.10.31 W32/Threat-HLLSI-based!Maximus
F-Secure 6.70.13030.0 2007.10.31 Backdoor.Win32.IRCBot.anl
Ikarus T3.1.1.12 2007.10.31 Trojan.Peed
Kaspersky 7.0.0.125 2007.10.31 Backdoor.Win32.IRCBot.anl
McAfee 5152 2007.10.30 W32/Generic.b.worm
Microsoft 1.2908 2007.10.31 -
NOD32v2 2630 2007.10.31 Win32/IRCBot.AAE
Norman 5.80.02 2007.10.31 W32/Malware.BEHC
Panda 9.0.0.4 2007.10.31 W32/IRCbot.BHU.worm
Prevx1 V2 2007.10.31 MSNLive-Image:Worm-a
Rising 19.47.21.00 2007.10.31 Backdoor.Win32.IRCbot.vim
Sophos 4.23.0 2007.10.31 Mal/HckPk-A
Sunbelt 2.2.907.0 2007.10.31 Trojan.Peed.Gen
Symantec 10 2007.10.31 W32.Scrimge!gen
TheHacker 6.2.9.110 2007.10.27 -
VBA32 3.12.2.4 2007.10.31 -
VirusBuster 4.3.26:9 2007.10.31 -
Webwasher-Gateway 6.6.1 2007.10.31 Trojan.Crypt.ULPM.Gen
Additional information
File size: 10904 bytes
MD5: 72ffdafad64d4c0943fa8b39e5a13132
SHA1: e1bab00ba47deb08e94dbdb1ec14a90cc005a393
Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PX5=C1B316AE005350DE2A760060F42CF400B9002D61

What is the infected file name, where was it found e.g. (C:\windows\system32\infected-file-name.xxx) ?

Send the sample to virus@avast.com zipped and password protected with password in email body and undetected malware in the subject.

Or you can also add the file to the User Files (File, Add) section of the avast chest where it can do no harm and send it from there (select the file, right click, email to Alwil Software). No need to zip and PW protect when the sample is sent from chest. A copy of the file/s will remain in the original location, so any further action you take can remove that.

If you haven’t already got this software (freeware), download, install, update and run it, preferably in safe mode.

1. If using winXP SUPERantispyware On-Demand only in free version. Or AVG anti-spyware (formerly Ewido) Resident scanner during trial On-Demand after trial ends. Or Spyware Terminator Resident scanner.

You could also try one of the On-line Virus Scanners and other useful Links Security-Ops.eu.tt

To the Alwil team,

Please improve your response time for mass-spreading ITW malware like this one. I have installed avast! for quite a few of my less computer-savvy friends, many of whom use WLM extensively in their online lives, and I would like to rest easy knowing that I have not done them a disservice.

hai, DavidR, is there any other alternative for me to send the infected file to Avast? I do not know how to zip the “file” with password protected. I try the latter, and I found out that it appear some error message, stating that ‘outlook request to the server failed’ (I am using microsoft outlook 2003)

To zip a file with password.

Click new archive, give it a name

click password, create a password, click ok

browse to the file in the top box,click on the file,click add

Thanks a lot. Now comes another probelm. I zipped the file with a password but the infected file can’t be sent via yahoo mail. How can i do next? Thanks

Just now, i try to use gmail instead. but i was told that gmail does not allow executable file for security reasons. any alternatives for me to send the “file” for analyse?? Thanks again for the helping. Btw, the infected file is an executable file.

You can zip and password the files… Inform a link to this thread and the password used.
You can send the files to Alwil FTP server as a second way. Upload them to ftp://ftp.avast.com/incoming (please, note that you won’t have READ access to the ftp server, just write - so you won’t even be able to see what you’ve just uploaded).

hai,Tech. Thanks for the help. Can i ask u how to upload the file to the ftp server. What program do i need to install. I only see the Index of ftp://ftp.avast.com when i click on it. Sorry, I am just a newbie…so i don’t quite familiar with those…

Generally, you could do it by Windows Explorer, pasting the link into the address bar of Windows Explorer and moving the file to that ‘folder’.
I prefer to use an ftp program like: http://www.smartftp.com/
There are tutorials here: http://www.smartftp.com/support/howto/

How about a double zipped archive? That is, put the first zip in another password protect zip.

There should be some way of making the zipped file “invisible” or this could become a problem for users to submit samples.

What did you call the zipped archive?

hai, oldman. I am using the winRAR which i got it when i bought my pc a few months ago, But it’s the tried version. Now it’s already out of date. The trial period already over now. Can the file still be zipped? Thanks

I don’t know if winrar works after the trial expires. I’m using winzip.

You can get winwip

http://www.download.com/3000-2250-10003164.html

http://filehippo.com/download_winzip/

Or 7zip which is free http://www.7-zip.org/.

I zipped it twice with password protected, but my yahoo mail still can detect the malware inside and preventing me from sending the mail. What can i do now? TQ.

Well, I don’t know what to tell you. The whole idea of using a password is so an av or other program can’t open it with out the pass word.

Are you creating the password before adding the files?

Answer, it can’t detect the malware file zipped and password protected, I believe it is only detecting a zip file and that is good enough for it to baulk. I would say it isn’t giving a specific malware name but some sort of suspicion because of password protected zip. You can try it your self, you can open the zip but you can’t extract the contents (required to scan) without the password.

Yes it would be possible to use a password cracking program but that take processing power and time and both of those options are simply not going to be applied to email.

So what is the exact message text or post a screenshot ?

Or you could upload it (just the file) to a file sharing site where I will send it to avast.

• Rapidshare file upload (free) - http://rapidshare.com useful if you haven’t got an email client, or in your case being blocked.
• 4shared.com - free file sharing and storage - http://www.4shared.com/

That’s what’s puzzling. I take it he tried sending the zipped file.

Thanks again and sorry for the trouble i have caused. I upload my file to www.4shared.com. I try to use the email feature, though i am not sure Avast will receive that mail. The Url for the file is http://www.4shared.com/file/28101959/58aa08c1/undetected_malware_3.html
Thanks a lot.^^

Please just upload the file, not in its double zipped password protected form and without the password I can’t open it to extract the file to send to avast.