can someone help me with this,i got two files that are virus and i need to summit to avast
send to virus@avast.com in a password protected zip.file with subject " virus sample " and write the password in the mail so they can open the file
Upload the file(s) to www.virustotal.com and test it with 43 malware scanners, when you have the result copy the URL in the address bar and post it here
you can then add a link to this topic in the mail
i sent it
did avast get the file yet
the subject email name is virus sample
if you sendt it they got it, but you wont recive any answer to the mail
did you test the file(s) at VirusTotal ? if so can you post the result
for the psobb.exe
AhnLab-V3 2010.09.22.00 2010.09.22 -
AntiVir 8.2.4.60 2010.09.22 -
Antiy-AVL 2.0.3.7 2010.09.23 -
Authentium 5.2.0.5 2010.09.22 W32/Heuristic-210!Eldorado
Avast 4.8.1351.0 2010.09.22 -
Avast5 5.0.594.0 2010.09.22 -
AVG 9.0.0.851 2010.09.23 -
BitDefender 7.2 2010.09.23 -
CAT-QuickHeal 11.00 2010.09.23 -
ClamAV 0.96.2.0-git 2010.09.23 PUA.Packed.ASPack
Comodo 6170 2010.09.23 Heur.Packed.MultiPacked
DrWeb 5.0.2.03300 2010.09.23 Trojan.Packed.Based
eSafe 7.0.17.0 2010.09.21 Suspicious File
eTrust-Vet 36.1.7871 2010.09.22 -
F-Prot 4.6.2.117 2010.09.22 W32/Heuristic-210!Eldorado
F-Secure 9.0.15370.0 2010.09.23 -
Fortinet 4.1.143.0 2010.09.22 -
GData 21 2010.09.23 -
Ikarus T3.1.1.88.0 2010.09.23 -
Jiangmin 13.0.900 2010.09.21 -
K7AntiVirus 9.63.2582 2010.09.22 -
Kaspersky 7.0.0.125 2010.09.23 -
McAfee 5.400.0.1158 2010.09.23 -
McAfee-GW-Edition 2010.1C 2010.09.23 Heuristic.LooksLike.Win32.Suspicious.R
Microsoft 1.6201 2010.09.23 -
NOD32 5471 2010.09.22 -
Norman 6.06.06 2010.09.22 -
nProtect 2010-09-23.01 2010.09.23 -
Panda 10.0.2.7 2010.09.22 -
PCTools 7.0.3.5 2010.09.23 -
Prevx 3.0 2010.09.23 -
Rising 22.66.00.07 2010.09.21 -
Sophos 4.57.0 2010.09.23 -
Sunbelt 6914 2010.09.23 -
SUPERAntiSpyware 4.40.0.1006 2010.09.23 -
Symantec 20101.1.1.7 2010.09.23 -
TheHacker 6.7.0.0.029 2010.09.23 -
TrendMicro 9.120.0.1004 2010.09.23 -
TrendMicro-HouseCall 9.120.0.1004 2010.09.23 -
VBA32 3.12.14.1 2010.09.22 -
ViRobot 2010.9.23.4056 2010.09.23 -
VirusBuster 12.65.20.1 2010.09.22 Packed/ExeStealth
for the shPsoBB.exe
AhnLab-V3 2010.09.27.00 2010.09.26 Win-Trojan/Xema.variant
AntiVir 7.10.12.31 2010.09.26 -
Antiy-AVL 2.0.3.7 2010.09.26 -
Authentium 5.2.0.5 2010.09.26 W32/Heuristic-210!Eldorado
Avast 4.8.1351.0 2010.09.26 -
Avast5 5.0.594.0 2010.09.26 -
AVG 9.0.0.851 2010.09.26 Suspicion: unknown virus
BitDefender 7.2 2010.09.26 -
CAT-QuickHeal 11.00 2010.09.24 -
ClamAV 0.96.2.0-git 2010.09.26 -
Comodo 6204 2010.09.26 Heur.Pck.PE.Cryptor
Emsisoft 5.0.0.37 2010.09.26 -
eSafe 7.0.17.0 2010.09.26 Suspicious File
eTrust-Vet 36.1.7875 2010.09.25 -
F-Prot 4.6.2.117 2010.09.25 W32/Heuristic-210!Eldorado
F-Secure 9.0.15370.0 2010.09.26 -
Fortinet 4.1.143.0 2010.09.26 -
GData 21 2010.09.26 -
Ikarus T3.1.1.88.0 2010.09.26 -
Jiangmin 13.0.900 2010.09.26 -
K7AntiVirus 9.63.2608 2010.09.25 -
Kaspersky 7.0.0.125 2010.09.26 -
McAfee 5.400.0.1158 2010.09.26 -
McAfee-GW-Edition 2010.1C 2010.09.26 -
Microsoft 1.6201 2010.09.26 -
NOD32 5481 2010.09.26 -
Norman 6.06.06 2010.09.26 W32/Smalltroj.HNPV
nProtect 2010-09-26.01 2010.09.26 Trojan/W32.Agent.2144838
Panda 10.0.2.7 2010.09.26 Trj/CI.A
PCTools 7.0.3.5 2010.09.26 Trojan.Generic
Prevx 3.0 2010.09.26 Medium Risk Virus
Rising 22.66.04.00 2010.09.25 -
Sophos 4.58.0 2010.09.26 Mal/Generic-A
Sunbelt 6931 2010.09.26 Trojan.Win32.Generic!BT
SUPERAntiSpyware 4.40.0.1006 2010.09.26 -
Symantec 20101.1.1.7 2010.09.26 Trojan Horse
TheHacker 6.7.0.0.034 2010.09.26 W32/Behav-Heuristic-073
TrendMicro 9.120.0.1004 2010.09.26 -
TrendMicro-HouseCall 9.120.0.1004 2010.09.26 -
ViRobot 2010.9.25.4060 2010.09.26 -
VirusBuster 12.65.27.3 2010.09.26 Packed/ExeStealth
http://www.virustotal.com/file-scan/report.html?id=9273fcb7726e27d6ce7d4d6561d92e6beaee8f525208480a91188b03be5bdab4-1285225953# for the 1st one
for the 2nd one http://www.virustotal.com/file-scan/report.html?id=2d50e814f7fba19ee6612aaa3ea3998736cb9ee7f47879ee08e4a7f5756920ea-1285536786
You generally don’t get a response unless they need more information. Once analysed it should be added to the virus signatures.
However, the first one seems to have been detected in the virustotal scans based on the packer used, which is a bit hard to form any opinion or actions to take. A lot depends on if it was unpacked and activated, otherwise simply removing the file would be enough.
The second is similar, heuristic/generic and packer detections, not much in the way of specifics to work with.
How were they detected (e.g. what software or action) ?
What was the location of these files, e.g. (C:\windows\system32\infected-file-name.xxx) ?
In the meantime you could try running these tools:
If you haven’t already got this software (freeware), download, install, update and run it and report the findings (it should product a log file).
-
- MalwareBytes Anti-Malware (MBAM), On-Demand only in free version http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe, right click on the link and select Save As or Save File (As depending on your browser), save it to a location where you can find it easily later. - 2. SUPERantispyware (SAS). On-Demand only in free version.
Don’t worry about reported tracking cookies they are a minor issue and not one of security, allow SAS to deal with them though. - See http://en.wikipedia.org/wiki/HTTP_cookie.
for shPsoBB.exe Comodo,Panda cloud anti virus,immunet protect found this as a theat
for psobb.exe Comodo,immunet protect found this as a theat
Thanks, have you run the other scans ?
Did the cloud detections not take any removal actions then ?
sas and malwarebtyes found nothing on the two files
but my moms panda is 2010 and my panda could anti virus (it was blocked a long time ago) found shPsoBB.exe as a virus
when i used to have Comodo on my pc it found that shPsoBB.exe and psoBB.exe as theat
shPsoBB.exe is not a fp its a virus
i still need help here
everyone there i need those files add to the database
They appear to be files from a game called Phantasy Star Online: Blue Burst. They also appeared to be packed/crypted.
The game must have been protected by a packer/cryptor/copy-protector from being illegally copied or cracked.
can add it in your database anyway
shPsoBB.exe is a Trojan i can prove it
Do you have PSO:BB on your computer?
i have a name of it. its call SCHTHACK Phantasy Star Online Blue Burst
fyi when i try to run SCHTHACK Phantasy Star Online Blue Burst panda found a virus
What malware name was panda giving it ?