I just received the message ‘Suspicious files have been detected using a heuristic method. This may be a sign of malware infection. Please allow the files to be submitted to our virus lab for analysis’.
File name: c:\documents and settings\user\application data\Mozilla\Firefox\Profiles\ujad1jel.default\sessionstore-1.js
The file size is 0 bytes. I tried to upload the file to Jotti’s Malware and Virustotal. However, this is impossible given the file size.
The only actions available are ‘ignore’ or ‘delete’. (Not quarantine???). Only with ignore or delete can I send it to Avast for analysis.
well it is detected as Suspicious…
meaning you ignore and send it to avast, then the file remain on your computer but will be checked by avast lab
if they find it to be malware, then they will add detection for it and the file will be detected again, this time with a malware name…
so it is not smart to delete it before you know what it is but maybe just an error since the file size is 0kb
Strange as sessionstore.js files are excluded in the FSS.
So what scan actually detected this ?
Sounds like the avast anti-rootkit scan 8 minutes after boot, does that roughly equate to when it happened ?
If so it is even more strange for a .js to be considered suspect by the anti-rootkit scan.
Check the C:\Documents and Settings\All Users\Application Data\AVAST Software\Avast\log\aswAr.log using notepad that should show what was detected.
It must have been the heuristic scan DavidR, as the message said Suspicious files have been detected using a heuristic method…'.
My computer had been on for much longer than eight minutes after booting. However, I still checked the aswAr.log file. Unfortunately, it showed the results for Wednesday (today) - so it must have already wiped the one from yesterday.
For the record it showed:
Hidden files found: 0
Hidden registry items found: 0
Hidden processes found: 0
Hidden services found: 0
Hidden boot sectors found: 0
I also notice that the Avast user from Polonus’ link also tried to upload a 0 byte file to Virustotal. That gives me heart, as my file also was 0 bytes.
Would be grateful for advice how I should proceed.
Well there are different scans that use heuristics and it is fairly important to get the right scan/shield so that we can take action on it.
The aswAr.log is overwritten after every anti-rootkit scan or the file would become very large.
All you can do is check the other logs for shields or scans in the C:\Documents and Settings\All Users\Application Data\AVAST Software\Avast\report folder.
To start with you should uncheck the Hide extensions for known file types, this is without doubt the worst default setting in windows explorer, it causes nothing but confusion.
Windows Explorer, Tools, Folder Options, Hidden files and folders, uncheck Hide extensions for known file types, etc. see image.
You should then be able to see the .txt (most shield reports are this type) or .log
You aren’t looking in the report folder that I suggested.