Avast caught

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by jarcher, Dec 3, 2004.

  1. jarcher

    jarcher I can't handle a title

    Avast caught a virus when I installed FINDnFIX

    well we know avast works. . .
    odd. . .thats an old one I see. . .
     

    Attached Files:

  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    I'm not sure that it is really a virus. Try something for me. Go to the C:\FINDnFIX\FNFmix directory and locate the fi.exe file. Then rename the file to jarcher_fi.exe. Then do another scan with Avast.
    You may have to disable Avast prior to doing the rename and then renable it after you rename the file.

    If the renamed file no longer shows as a virus, it would indicate that Avast is triggering on the filename itself rather than a detection of the actual virus.
     
  3. jarcher

    jarcher I can't handle a title

    still a virus. . .and it cannot be repaired

    what I am wondering is . .well
    I was cleaning out a computer about a month ago, and there was an A**load of hacks
    all of them containing a virus. Would my said application be classified as a "hack"?


    and also. .the self extractor didn't work because it was corrupt
    would that also help any?
     
    Last edited: Dec 3, 2004
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    I would not classify FINDnFix as a hack. Re-download FINDnFIX from here: http://downloads.subratam.org/FINDnFIX.exe

    Delete the directory the old one created in your C drive root directory. Now run the program just downloaded. Does Avast find the virus again in?

    I just scanned with McAfee on mine. No virus is detected. I then tried kaspersky's single online file checker. It all comes up clean checking the fi.exe file.

    Here is the online single file scanner: http://www.kaspersky.com/scanforvirus

    I do not have Avast installed on this particular PC to check it.
     
  5. jarcher

    jarcher I can't handle a title

    I uninstalled it and reinstalled it with the new link
    avast,again, poped up
    I scanned the .zip
    kaspersky I was clean
    but kaspersky would not recognize that file
    others will scan and have a log
    this keeps popping up on that file

    well my manage attachments button is not working



    Online Virus Scanner

    Please insert a file name for scanning and try again.
     
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    I don't understand! Did Kaspersky scan it or not? You said it was clean but then said it would not recognize the file. It works fine for me.
     
  7. jarcher

    jarcher I can't handle a title

    when I scan the folder or the zip it scans and gives me a log
    but when I scan just the file it tells me to


    "Please insert a file name for scanning and try again."(tags aren't working either)

    try again, it says. . .so the file itself it does not scan
    it really is no big deal, I don't need the program
    it's just mess'n with my head. . .want me to zip ya mine?
     
  8. Novice

    Novice MajorGeek

    I have the same problem with five of the image files on my computer. Avast picked these as having viruses, but only when set to the highest security mode, but will ignore them as having viruses in the standard scan mode. I have used several of the online virus scanners, and I'm shown to be virus free. I ran across this last weekend, when I decided to scan in the highest security mode to see what if anything would be picked up.
     
  9. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Interesting observation! What were the image files?
     
  10. Novice

    Novice MajorGeek

    They were Copystar .csi files of floppy disks. The five disk set is of an older AllenBradley programming suite.
     
  11. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    That's strange. I wonder what is triggering the alert. The names of the file, the extension type, or the actual contents.
     
  12. jarcher

    jarcher I can't handle a title

    not to get back on topic. . . .lol

     
  13. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Yes!
     
  14. Kodo

    Kodo SNATCHSQUATCH

    There was an avast update recently, check the file again after Avast updates.
     
  15. jarcher

    jarcher I can't handle a title


    It's allready up to date. . .

    I zipped the file and got this prompt
    and it still zipped
    so here is both. .(I think)
    I scanned the zip and avast didn't find anything

    I don't get it. .
     

    Attached Files:

  16. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    The ZIP file is empty.
     
  17. jarcher

    jarcher I can't handle a title

    that would do it. . . .


    the setup I got from the link you(chas) gave me
    I zipped it. .its larger than allowed (971kb )
    is ther another way?
    but when I explore it there is nothing there
    when I open it in winace, it is. .
    thats all I can think of

    the fi.exe will not copy and cannot be move, because of. . ?
    that prompt keeps coming up. . .
     
  18. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Disable Avast before you try to ZIP the file. That is all we need to see but I really don't think anything is wrong with it. Especially if you downloaded from the link I gave you. I have used it many times and have had others use it. The fi.exe is just a simple DOS program to look at file information.
     
  19. jarcher

    jarcher I can't handle a title

    think I got it. . . yea I got it zipped successfully. .
    but it is still too large. . . .


    just saw that. . . . .I waited too long to edit
    replied a second time and there you where. . .
     
  20. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    The fi.exe file is only 105k uncompressed but will still be 105K after putting in a zip because the executable is compressed already. This it is still to large to be attached.
     
  21. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

  22. jarcher

    jarcher I can't handle a title

    will do. . but I split the file up. .
    hope it works

    extract in order
    fi.c00
    fi.c01

    then. . . .
     

    Attached Files:

  23. jarcher

    jarcher I can't handle a title

    then extract

    fiextract.zip

    then run the self extractor. . .(technically it should work)
     

    Attached Files:

  24. jarcher

    jarcher I can't handle a title


    page not found. .
    but I searched the site to look for "MD5 compare tool" and found
    Iside 1.3(I can only assume that is what you wanted)
    ran the setup and It says I need to update my .NET Framework
    and the windows update is a bastard. . .


    ok got it
    oh. . duh. . .here. .
     

    Attached Files:

  25. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

  26. jarcher

    jarcher I can't handle a title


    what of avast?

    why is that the only one that says that?
     
  27. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Sounds like a false positive for some reason.

    Here's something to try. Locate any other EXE file on your system and make a copy of it somewhere else (like in c:\temp). Now rename that EXE to fi.exe. Run Avast. Does it detect the file as a virus?
     
  28. jarcher

    jarcher I can't handle a title

    nope. .
    even looked for a dos app
    renamed the infected file to just jarcher.exe scaned it
    and still a virus

    and I cannot find it. .still looking
     
  29. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    What DOS app did you rename? And you mean it now shows as infected too?
    Or do you mean you renamed C:\FINDnFIX\FNFmix\fi.exe to jarcher.exe and it is now shown as a virus?

    What can't you find?
     
  30. jarcher

    jarcher I can't handle a title

    cmd.exe changed to fi.exe with no infection
    I even moved the original fi.exe file out of the folder and put in the so renamed cmd.exe and scanned it (with no infection)
    whilst the infection still follows the original fi.exe

    Yes, I renamed fi.exe to jarcher.exe and still is said to be infected

    I was looking for info on " HLLW-Apocalipse-10626/1225 "

    Which I found HLLW-Apocalipse-10626/1225 in the Panda Virus Encyclopedia

    avast! Online Scanner found it to be infected
    that is the only one

    Server response(thats a neat little tool)
    Results of a file scan
    This is the report of the scanning done over "fi.exe" file that VirusTotal processed on 12/08/2004 at 01:57:17.
     

    Attached Files:


MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds