everything began when I connected the external memory of the camera of my sister. a supposed worm, infect several components including the ‘explorer.exe’ of windows. At the moment one antivirus detects and is it:
the file is rename as: svchost.exe in temp folder (windows) in task manager the program that run is rename as: “xtqo.tmp”
it can be found in task manager in active running applications, processes, services, memory and uses many components, including explorer.exe. alsodownload a Backdoor/Win32:IRCbot.gen!K detected by Windows Defender
Thank you very much. I believe that it should manage to erase it manually, but I suppose that it must stay a little in the registry. I erased quite the temp files and realize a cleanliness. And nothing appears already of the worm. But as I said earlier, it must stay a little (traces) in the registry, and I will be working in that tomorrow.
One question, how I can send executables files (.exe files) through email? because as today is very dificult send exe files via email (google, yahoo, and many others), the only email provider that I know that allow this is gawab. However, This method need to be improved by Alwil Lab.
Don’t use email if you have difficulty, add to the avast chest and send from there, they aren’t emailed but uploaded.
Add the file to the User Files (File, Add) section of the avast chest where it can do no harm and send it from there. A copy of the file/s will remain in the original location, so you will need to take further action and can remove/rename that.
Send it from the User Files section of the chest (select the file, right click, email to Alwil Software). It will be uploaded (not actually emailed) to avast when the next avast auto (or manual) update is done.
Yes,this info is the same that Microsoft sent me after analysis completed. I send the suspicious file in december 26 and the analysis finished in december 31. In the same day I submitted to Microsoft & Alwil
@ DavidR
I know the process through avast chest DavidR, but one question, the server that use avast don’t need to be configured? or need? because is in blank, I think that the default setting is ready (unneeded changes)
No server configuration is required as the upload happens as a part of the avast update process, when the update bit is done. It checks to see if there are any files to upload and does it then, once they are uploaded it finalises the update process, job done, see image of an upload in progress.
There are many image capture tools out there, I use SnagIt, which makes the process very easy, but that is a paid option.
Without one then you are left with windows print screen and alt+print screen to just capture a window rather than the whole screen. Then you need an image editor to paste the screen capture and save it as a .gif or .jpg file. The main thing is only to post what is relevant not a complete screen as that is very big and for dial-up users a pain in the rear, so you may need to crop your images if you didn’t capture just the active window, etc.
As you can see long winded, so image capture software is much easier as they incorporated basic or advanced image editing into the process. Try a google search for image capture software.
