[Resolved]i think i found a trojan

Avast Free Antivirus / Premium Security
1

i scanned my pc with mylwarebytes and i it found 4 trojans that avast didnt find(it was from a attached file a friend sent me,obvisouly he needs some av too )…how can i send the files to avast to examine them and then add them to the next update definition(if they are indeed trojans)?

2

ok i think i found a solutionn…i put the file in avast’s virus chest and then submitted it with all the info i have…if this is the way to submit files for examination let me know so i can type “SOLVED” in the title

3

What would have helped is to post the MBAM log contents, as no one can comment without information.

There is also virustotal for confirmation:
Check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here the URL in the Address bar of the VT results page.

4

yes you can do that

video tutorial
http://public.avast.com/supp/submit/submit.htm

and as David say, also check the files at www.virustotal.com

5

david i know that its a malware for sure because its name was “surprise.exe” and when you click it it installs something named “security” or something like that and then it “scans” your pc and finds all kinds of malwares…and then it suggests you to buy the full version to clean them up…i knew from the beginning that it wasnt a safe file but i was curious what would happen if i execute it and what avast would do…
this topic was created to help me upload it to avast and add it to the next update definition.

thanks for your time and assistance guys,
george mavrogiannis

6

You’re welcome, no way would I click surprise.exe, from your explanation it sounds like a rogue/fake security alert process. These are so fast changing it is hard to keep up with them.

Though MBAM, which used to be called rogue remover years ago, does still seem to be the most effective/specialist at detecting these rogue programs.

7

MBAM’s one time licence fee is a good value for its resident protection from rogues.

8

Agreed +10

9

these are the results from the virus total…i wanted to see how many could find it so i did it ;D

Antivirus Version Last Update Result
AhnLab-V3 2010.12.15.02 2010.12.15 -
AntiVir 7.11.0.42 2010.12.15 TR/Crypt.ZPACK.Gen2
Antiy-AVL 2.0.3.7 2010.12.15 -
Avast 4.8.1351.0 2010.12.15 -
Avast5 5.0.677.0 2010.12.15 -
AVG 9.0.0.851 2010.12.15 -
BitDefender 7.2 2010.12.15 Gen:Variant.FakeAlert.47
CAT-QuickHeal 11.00 2010.12.15 -
ClamAV 0.96.4.0 2010.12.15 -
Command 5.2.11.5 2010.12.15 -
Comodo 7070 2010.12.15 -
DrWeb 5.0.2.03300 2010.12.15 Trojan.Fakealert.19447
Emsisoft 5.1.0.1 2010.12.15 -
eTrust-Vet 36.1.8042 2010.12.15 -
F-Prot 4.6.2.117 2010.12.14 -
F-Secure 9.0.16160.0 2010.12.15 -
Fortinet 4.2.254.0 2010.12.15 -
GData 21 2010.12.15 Gen:Variant.FakeAlert.47
Ikarus T3.1.1.90.0 2010.12.15 -
Jiangmin 13.0.900 2010.12.15 -
K7AntiVirus 9.72.3246 2010.12.14 -
Kaspersky 7.0.0.125 2010.12.15 -
McAfee 5.400.0.1158 2010.12.15 -
McAfee-GW-Edition2010.1C 2010.12.15 -
Microsoft 1.6402 2010.12.15 Rogue:Win32/Winwebsec
NOD32 5705 2010.12.15 a variant of Win32/Kryptik.IXI
Norman 6.06.12 2010.12.15 -
nProtect 2010-12-15.02 2010.12.15 -
Panda 10.0.2.7 2010.12.15 -
PCTools 7.0.3.5 2010.12.15 -
Prevx 3.0 2010.12.15 High Risk Cloaked Malware
Rising 22.78.01.04 2010.12.15 -
Sophos 4.60.0 2010.12.15 -
SUPERAntiSpyware4.40.0.1006 2010.12.15 -
Symantec 20101.3.0.103 2010.12.15 -
TheHacker 6.7.0.1.101 2010.12.15 -
TrendMicro 9.120.0.1004 2010.12.15 -
TrendMicro-HouseCall9.120.0.100 2010.12.15 -
VBA32 3.12.14.2 2010.12.14 -
ViRobot 2010.12.15.4202 2010.12.15 -
VirusBuster 13.6.95.0 2010.12.15 -

10

Yes those FakeAlert hits are an indication of the rogue/fake security application I mentioned earlier on. Most of those detections are also generic as it is very hard to pin them down by signature alone when there are constant new variants.

They are usually accompanied by something to hide them which may be why one of those hits talks of cloaked malware.

11

:wink: