trouble sending a suspect file to the avast team.

Hello! I have a suspect file in my pc but avast can’t detect anything. I’d like to send it to the avast team but I can’t find the e-mail. And I can’t zipp it with a password using winrar. ;_; Even if I create a new rar archive and put it inside setting a password then the password is not working and I’m able to extract it without the password promting. Can you help me please?

Why do you think it is suspect ?
What avast! version and VPS file (virus database) number, e.g. 0436-4 (see about avast!) ?
Did avast detect it as a virus, etc.
Where was it found example (C:\windows\system32\infected-file-name.xxx)?

Have you added it to the chest ?
if so that is a protected area and nothing other than avast can work inside it. You can sent it directly from the chest to avast. Right click on the file and select 'email to Alwil Software. ’

I already posted in this forum asking for some help sometime ago.
This is the post:
http://forum.avast.com/index.php?topic=19842.msg166671#msg166671
After some time doing on-line scans and safe mode scans without getting anything I thought about checking my firewall (Zone Alarm Free) logs and see if there was something suspicious there. Well…here is my story:
I have an account on livejournal.com Some time ago I downloaded a little application to count how many comments I made and got on my blog. This little software asked for my username and password and I gave it thinking it was safe. I even let it pass the firewall giving the allow instruction for it. ;_; After that I let it sit for ten days on my pC without noticing anything stange.
Then I discovered that that strange user-agent appeared 5 seconds after Zone Alarm registered that software passing the firewall and connecting on the net. The only thing is that that very same day I installed the NET Framework of windows. I asked on another forum if a spyware can stay idle in a software until something like those libraries are installed on the pc. And it seem it’s possible. I formatted my pc and now I’m using another one. But since this one will be formatted soon I decided to download again this software, zip it and send it to the avast team. I was sure I had a virus on the other machine. All the applications started opening by themselves, all the windows were being moved around on my desktop (for example the Avast windows first eppeared on the center of the creen and after closing it and opening it again it was moved all to the left) and the icons on my task bar started disappearing and showing up again after a serie of reboots. I was very frustrated since no antivirus software nor Spybot, MS Antispyware and Ewido detected anything. That’s why i wanted to send it. If there is a malicious thing in that software that can be unleashed only after installing the NET framework I’d like to know it. Thanks!

[edit] I have the latest version of Avast and the latest version of the virus definition. I’ve installed that software without the NET Framework and done a safe boot scan. Nothing so far. Tomorrow i’ll try installing the NET Framework and I’ll see what will happen.

[edit2] this thing is a spyware!!! Or at least it can be detected as a user-agent. I created a new account on livejournal and use that thing twice. Guess what? That user-agent showed up again. But this time I’m sure I used it. The thing that irks me is that back then it started itself without me knowing. Since I’d like to explain to the Avast team what happened I’d like to send an e-mail with the zip file and an explanation. Thanks!!!

It would probably been better to have added this post to your orignal thread as it is related and it would also have had the effect of bumping it so those who contributed previously would see it hasn’t been resolved.

Open the avast chest and the User Files section, File, Add and navigate to the file you want to add. once inside the chest, right click the file and select 'email to Alwil Software. ’ The default mode to send email is IMAP leave it like that don’t change to SMTP. In the additional comments you can mention you think it is an undetected virus, etc.

Also useful as a diagnostic tool - Download HiJackThis.zip - HJT Information HiJackThis Tutorial 1 or HiJackThis Tutorial 2
For an on-line analysis - HiJackThis Log file - On-line Analysis OR HiJackThis Log file - On-line Analysis 2
Ignore any 023 reference to avast processes, this is a hiccup in the HJT 1.99.1 (especially missing file entry for avast), if you need any help with any of the analysis let us know.


And, in all of the above, the name of this “user-agent” is never given.

Some time ago I downloaded a little application to count how many comments I made and got on my blog. This little software asked for my username and password and I gave it thinking it was safe.
What is the name of this "little application?" ???

I’m really sorry! I’ll do as you told me. And I discovered another file that was infected (at least doing a jotti scan) and that Avast didn’t detected. It says it was infected with the malware Heur.W32.Generic and it showed up only in the arcavir scanner. I’m going to submit that too. Thanks again for your big help! :slight_smile:

sorry! It’s called lj comment stats wizard. the user-agent string is Mozilla/3.0 (compatible; Indy Library)
I’ll just submit it to be sure. Thanks a lot!