I received an attachment via my email. I checked it with Avast antivirus and it didn’t find any threat.
After running the file nothing happend but my computer went crazy.
I tried to find somewhere in Avast antivirus or the Avast site to submit this file to analysis by Avast team but I didn’t find anything.
Help me please, what should I do?
Thanks
just don’t attach stuff like that to a post here thanks ;D
submit the file to Avast >>> add it manually to the Chest. If you don’t know where it is, open Avast main UI and look at the left hand panel, it’s in the “maintenance” tab once extended.
Also submit this file to VirusTotal:
http://www.virustotal.com/
and when done report here, with the link to your results.
okay you sent it to an online storage web site but no one here is going to download that
can you please edit your post and delete that link?
VirusTotal - IrancellHacker.exe - 2/42
http://www.virustotal.com/file-scan/report.html?id=9c9a81319827e57e7d43b942ef682c954c063ec69944f20ca81d07671af94b69-1282840397
submited to avast / SAS / MBAM…
okay you sent it to an online storage web site but no one here is going to download thatalready done.... ;D
well okay, but now others might think that it’s no problem to post links to malware files on the forums, because someone like you will agree to download it. Imagine the result if it’s downloaded in a non-safe environment (no VM no sandbox etc…), which would be the case most of the time. And how do you think my advice sounds like now that you did just the contrary, thanks :
okay you sent it to an online storage web site but no one here is going to download thatI am always download them,have fun and try ;)
yes but that’s you : you’re probably running a virus research lab right would be interesting to post your work here : At least Pondus submitted it to VT, he did’t try to have…“fun”…with it
Guys we’re talking about stuff that can destroy entire systems, not toys to play with when you’re bored. Let’s just leave that to specialists. Seing the effects on a VM is nice, but most people doing that aren’t able to translate malware activity into usable data for anti-malware fight okay…As far as I’m concerned I have no problem to admit that I’m not a malware specialist and I won’t come bragging about “virus gaming” on a public forum. I’ll limit my action to reporting malware when and if found, and advising software solution when necessary. Otherwise I would have started my own AV company, and I can assure that I have no intent to do that. Guys, just be bit more…hmm…humble about it
Yes logos the malware sites should be hxxp or wxw and have a red caution since a lot of web users just click every thing give an underline
you're probably running a virus research lab right would be interesting to post your work hereyes i have my own small virus lab bt i didnt see any link to this malware ::)
And how do you think my advice sounds like now that you did just the contrary, thanksshame on me...... :-[ :-[ :-[
Unfortunately, there are more than enough people that are curious enough to download it without either the experience or pro-active measures to prevent serious harm to their systems.
That is why we shouldn’t have the forums become a malware distribution centre as you never know who is going to download the malware on the file-share site or what they may do with it.
The recommended action is to upload to virustotal or send the sample directly to virus (at) avast (dot) com as an undetected malware sample in the subject and the sample zipped and password protected, with the password in the body of the email.
Curiosity killed the cat and since this is a support forum we should be looking out for those too curious for their own good. Yes many of us will know how to look after ourselves, but we aren’t the ones at risk.
you got pm
I tried VirusTotal and it told me the name of virus as “W32/VBTrojan.17D!Maximus” but I couldn’t find the virus in their database!!!
And what should I do? I should download that two Antivirus suggested by the site and scan?
Or is there any other way to remove it?
If I have to download new antivirus I should uninstall Avast. I tried to find any on-line scanning engine in that two suggested antivirus but I didn’t find anything.
@ DavidR: thanks
@ the OP; do a boot scan with Avast, and if that didn’t get rid of the infection, try that:
http://www.malwarebytes.org/mbam-download.php
do a quick scan with it and follow the instructions.
edit: update malwarebyte before scanning.
To ensure you are virus-free you can do those steps:
1.clear your temp files:http://www.piriform.com/ccleaner
2.do a dr.web cure it scan:http://www.freedrweb.com/cureit/?lng=en
3.scan with mbam:http://www.malwarebytes.org/mbam.php
4.post a Hijack Hunter log in this topic:http://www.novirusthanks.org/products/hijack-hunter/
5.we will provide a cleaning script,you should run it with Threat Killer
Logos you just cause me:
Warning - while you were typing a new reply has been posted. You may wish to review your post.
Thanks red is nice
@ omidpand: if mbam doesn’t work either, stay tuned here, I just pm’ed a guy who might come to help you
Hi lets have a look see. Could you attach the three logs please
Hi there let me see what you have
http://www.geekstogo.com/misc/guide_icons/gmer.png
GMER Rootkit Scanner - Download - Homepage
[] Download GMER
[] Extract the contents of the zipped file to desktop.
[*] Double click GMER.exe.
http://img.photobucket.com/albums/v666/sUBs/gmer_zip.gif
[*] If it gives you a warning about rootkit activity and asks if you want to run a full scan…click on NO, then use the following settings for a more complete scan…
[*] In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED …
[] IAT/EAT
[] Drives/Partition other than Systemdrive (typically C:)
[*] Show All (don’t miss this one)
http://www.geekstogo.com/misc/guide_icons/GMER_thumb.jpg
Click the image to enlarge it
[*] Then click the Scan button & wait for it to finish.
[*] Once done click on the [Save…] button, and in the File name area, type in “ark.txt”
[*]Save the log where you can easily find it, such as your desktop.
CautionRootkit scans often produce false positives. Do NOT take any action on any “<— ROOKIT” entries
Please copy and paste the report into your Post.
THEN
Download OTL to your Desktop
[*]Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
[*]Select Scan all users
[*]Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%*.*
%systemroot%\Fonts*.com
%systemroot%\Fonts*.dll
%systemroot%\Fonts*.ini
%systemroot%\Fonts*.ini2
%systemroot%\Fonts*.exe
%systemroot%\system32\spool\prtprocs\w32x86*.*
%systemroot%\REPAIR*.bak1
%systemroot%\REPAIR*.ini
%systemroot%\system32*.jpg
%systemroot%*.jpg
%systemroot%*.png
%systemroot%*.scr
%systemroot%*._sy
%APPDATA%\Adobe\Update*.*
%ALLUSERSPROFILE%\Favorites*.*
%APPDATA%\Microsoft*.*
%PROGRAMFILES%*.*
%systemroot%\AppPatch\Custom*.*
%APPDATA%\Update*.*
%systemroot%*. /mp /s
/md5start
explorer.exe
winlogon.exe
/md5stop
CREATERESTOREPOINT
%systemroot%\System32\config*.sav
%PROGRAMFILES%\Common Files*.*
%systemroot%*.src
%PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5
%PROGRAMFILES%\Internet Explorer\iexplore.exe /md5
%systemroot%\install*.*
%systemroot%\system32\DLL*.*
%systemroot%\system32\HelpFiles*.*
%systemroot%\system32\rundll*.*
%systemroot%\winn32*.*
%systemroot%\Java*.*
%systemroot%\system32\test*.*
%systemroot%\system32\Rundll32*.*
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu*.lnk /x
%systemroot%\system32\config\systemprofile*.dat /x
%systemroot%*.config
%systemroot%\system32*.db
%PROGRAMFILES%\Internet Explorer*.dat
%APPDATA%\Microsoft\Internet Explorer\Quick Launch*.lnk /x
%USERPROFILE%\Desktop*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
[*]Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
[*]When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
[*]Post both logs
sounds like the OP is offline now…but thanks for popping in Essexboy, he’ll be back
The hijack log is attached
omidpand,
Essexboy is a Certified Malware Removal Expert. Please follow his instructions at this point as he will be helping you with your problems. See his post. Thank you.
@SafeSurf
Tnx
@Essexboy
I did what u said, and the 4 files are posted. the file OTL was huge so I had to divide it in 2 parts. I’m waiting 4 ur answer. Tnx