If a suspicious file is sent AVAST to be analyzed, and you receive no reply from Avast, if that file is infected or not, how would you know what to do etc: Restore or Delete the file. I feel that you should recieve a notification of some kind.
I know when the vps is updated you can run a scan in the chest.
I sent a file on the 20th of Feb, and now here it is the 4 of March. (EDIT I am only using this for a time reference)
I have also sent in a ticket through the : support Centre" ( EDIT i sent it today)
What to do:
I would start by checking it against virustotal for a start before sending it to avast.
If there are a number of detections on VT then it is no longer suspect, but probably undetected malware so it should be reported as such. That gives you a VT results link you can give in the submission also.
You can as you say periodically scan the file in the chest after vps updates.
If you send the file by email then they could auto respond (as that just acknowledges receipt), but isn’t what you want.
Over a year ago it was reported that there were over 4000 email submissions per day, these have to be dealt with and if they are all password protected zip attachments stops any sort of automated processing. Add to that there has to be some sort of priority allocated to the sample after preliminary analysis, so it isn’t quite as easy as you might think.
If you use the recommended method, add it to the chest (you still have to deal with the file in the original location) and submit the sample from the chest, this I believe allows a degree of automated processing and sorting into some sort of priority. Of course that doesn’t resolve the problem of not getting a response even if you give an email address in the submission form, I don’t know if that can be linked to the sample analysis and processing.
My only concern is that yes i have sent the file from the chest, posted the Malwarebytes results, sent a link for Virus total results 10/40, also a link to my original thread.
So if it proved to be malware, any one who does not use malwarebytes or any of the listed ones in my attachment also see link could be infected. http://www.virustotal.com/analisis/03cbe6df7f5605a3659ffe27a1184a8d9066436a17d7bac9cceb122de74f69ae-1266685972
There is nothing in google about it except what i have posted.
Bottom line is still do not know if i have a malware problem or the other programs are alerting me to a false positve. Unless Alwil detects it as malware at a latter date, i will be none the wiser, as i feel vast majority of people would want to know. One way or Another.
If the two in MBAM are related then this could have been something like a fake AV used to hide a process to display fake security alerts, which I presume you haven’t been having. Though it is hard to say that for sure. One of the reasons to send it to VT is that companies participating in the VT scanning should receive samples from VT of samples not detected, so it should eventually get to avast from two different sources, you and VT.
If you have tried a google search on the xjilsp.sys file in the drivers folder and found nothing, this is more suspicious for a file in the drivers folder.
If you have a copy of this file in the avast chest, run MBAM again and this time allow it to remove the selected items and you should then run both avast and MBAM again.
They have been quarantined by malwarebytes.
A copy of the file is still in Avast chest.
Run Avast, malwarebytes, superantispyware and windows defender all clean.
I also ran all four programs originally when Malwarebytes flagged that i had 2 rootkits.
I just redid a google search and there is only 4 items there all belonging to what has been posted here in this forum regarding (xjilsp.sys) see link http://www.google.com.au/#q=xjilsp.sys&hl=en&filter=0&fp=89397e1bb60579ff
Just did a scan in the chest using latest vsp update 100305-1 still showing no virus.
Will just have to wait and hopefully i will receive a reply from Alwil, in the near future.
It has been i month since i sent the suspicious file to Avast, i am still do not know if it is in fected or not.
I also sent a ticket through avast support centre on the 26th Feb, no replys as of yet.
I have restored the file back to the computer, malware bytes still detects it.
On virus total i now get 9/41 showing infection, compared to 10/41.earlier
Symantec now does not detect it.
If there is any element of doubt, why restore it, that is the whole point of the MBAM quarantine.
Given the VT results of 20/3/2010 avast still doesn’t consider it infected.
Now we come to the real meat of the issue, have you reported it to MBAM as a possible false positive because ultimately it is they that have to confirm or correct it ?
i restored it as in event viewer i receive an error couldn’t load Vialde driver. I think it is to do with Generic PCI IDE Bus Driver, from Microsoft. This was caused by quarantining the system32\drivers\xjilsp.sys.
Restore driver no error.
I disagree with the statement the meat of the issue is sending the file to malwarebytes.
As i sent the offending file of to Avast and have received no response from Avast. I fail to see why you can add a suspicious file and send it to be analysed and receive no feed back.
So i guess we will have to agree to disagree on that point.
So i will just take my chances and see what happens, if i did not use malwarebytes on demand i would be none the wiser.
The meat of the issue is this MBAM detects it and avast doesn’t so how can avast resolve what may be an FP by MBAM. Since you have sent it to avast some time ago and yet it isn’t on the virus definitions, is either because avast doesn’t consider it infected or they haven’t dealt with it or it is a low risk, etc.
So to my way of thinking it needs to be investigated by MBAM also or it may never be resolved. MBAM is no different from other security applications in regard to occasional FP, they are however like avast quick to resolve any acknowledged FP.
That was my post I sent a suspicious file to Avast i have got no reply even from their support centre, so even if it is clean, how do i know that if avast don’t let you know.
