[SOLVED] unable to upload infected files to jotti and virustotal

Hi everybody,

I have no access (though administrator account) on three files avast detected as infected. Even Unlocker doesn’t help. With any other file it works fine but not these infected ones.
Only using a Linux system from CD can upload the infected files.

Does avast block the upload?
Any other possible reason?

Regards

If they’re detected as infected and you choose nothing to do with them, yes, they will be blocked (can’t run or be read).
Maybe you could send from Safe Mode with Networking.
Why didn’t you send the files to Chest? It’s safer.

r u shure they r infected? - put them 2 chest…!
if u r not shure, or they r system-files, post back here.

Hi,
thanks for your answer.

I did, but to upload them to jotti or virustotal I have to unpack them from the Chest and then … well, no access.

Strange… maybe just booting (to release the antivirus session).

let them in the chest! or do you think these r fps?

@Tech
Rebooting doesn’t help, since avast detects the file again when trying to upload. Blocked again.

@Asyn
I explained already, why I want to upload them. Like mentioned in these forums it makes sense to re-check the files before deleting or anything else. I was not sure whether they are fps, because I had no clue where viruses could come from at that moment. In jotti G-DATA also showed an infection.

just wait a little time - as u stated u r able to upload the files with linux cd - if these r 0days, it will take a while b4 all av-vendors have a clue they exist. if nothing happens the next 3-5 days they r probably fps.
asyn

If you have avast5 - Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect. Now exclude that folder in the File System Shield, Expert Settings, Exclusions, Add, type (or copy and paste) C:\Suspect* That will stop the File System Shield scanning any file you put in that folder.

Now you should be able to extract from the chest and upload to VT without avast either alerting or blocking.

@DavidR

Thank you for that idea. ;D

Meanwhile I found out, that using the renaming option of the alert pop-up doesn’t block the file, either.

So I have two option for future emergencies (hopefully never) :wink:

Thanks to everyone!

You’re welcome.

Renaming the file doesn’t change the detection as it is unrelated to the detection, content is king; all that happens as you found was it alerts but also on the new name.

Well, it seems to be as Tech said: “If they’re detected as infected and you choose nothing to do with them, yes, they will be blocked (can’t run or be read).”

I noticed, that not choosing to do nothing nor to send to Chest but to rename the file DOES NOT block it for uploading - at least with avast 4.8

But your option sounds smarter to me, since the file is in a safer place than just to rename it.