I just cleared a friend’s computer of a Variant of System Tool.
Avast didn’t detect it, but I was able to remove it with MBAM. Is there a way to send it to you without reinfecting the computer?
Hello,
yes, you send send it to virus@avast.com, pack the file using i.e. 7-zip with password “infected” (without quotes).
Thank you,
Milos
Is there a way to send it to you without reinfecting the computer?yes....can you post the scan log here first..
you need to restore the .exe to it`s original location, do not run it or you will be infected again…
then you browse to the location and zip it and send it like Milos said, when done you remove it with MBAM again…
Malwarebytes’ Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5854
Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.19019
23/02/2011 17:13:23
mbam-log-2011-02-23 (17-13-23).txt
Scan type: Quick scan
Objects scanned: 156195
Time elapsed: 5 minute(s), 29 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\gPlEgKd05603 (Trojan.FakeAlert) → Value: gPlEgKd05603 → Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\programdata\gplegkd05603\gplegkd05603.exe (Trojan.FakeAlert) → Quarantined and deleted successfully.
c:\Users\Admin\downloads\setup_pokertime.exe (PUP.Casino.Gen) → Not selected for removal.
Just a little bump. Not trying to be a bother, just want to help.
Did you send the sample as asked for by one of the avast virus labs team ?
Presumably this is the trojan.fakealert detected by MBAM ?
If not you should send that one too.
Avast never picked it up. MBAM found it. I’ll send it when I get access.
Thanks.