Jump to content
Equaton

How To Get Info On Quarantined Files

Recommended Posts

Hello,

I wanted to know if there is a way to gather some info on files that immunet quarantined. For example today I got a "BITA150.tmp", but I don't know if it is a virus, a malware, keylogger, ecc...

Thank you.

Share this post


Link to post
Share on other sites
Guest orlando

Hello,

I wanted to know if there is a way to gather some info on files that immunet quarantined. For example today I got a "BITA150.tmp", but I don't know if it is a virus, a malware, keylogger, ecc...

Thank you.

 

You're wrong, because if you click on a malware in your history, right there on various details (on the right), including the specific name of the malware, it would be "name detected" and when you delete the virus from quarantine this type of information you can not have more, determined for the deleted file.

 

Regards,

Orlando

Share this post


Link to post
Share on other sites

Sorry, I think I did not explained my issue well.

I can find the info of the file that was quarantined (Event type, file path, date, ecc...), but some days ago immunet found a malicius file, it quarantined successfully, but there is no "detection name" in the info window (I haven't deleted it yet). So I was curious to know what kind of menace was that file (keylogger, tracking-cookie, Trojan, ecc...), and if there is an additional tool like an immunet menace-database.

Maybe a left-blank "detention name" info mean only a very low level threat?

Thank you.

Share this post


Link to post
Share on other sites
Guest orlando

Sorry, I think I did not explained my issue well.

I can find the info of the file that was quarantined (Event type, file path, date, ecc...), but some days ago immunet found a malicius file, it quarantined successfully, but there is no "detection name" in the info window (I haven't deleted it yet). So I was curious to know what kind of menace was that file (keylogger, tracking-cookie, Trojan, ecc...), and if there is an additional tool like an immunet menace-database.

Maybe a left-blank "detention name" info mean only a very low level threat?

Thank you.

 

For now Immunet does not offer specific information on malware (like many companies offer one of the best in this field is norton). However, I inform Millard for a more precise and detailed reply, yet there isn't a thermometer to know the danger of threats.

 

You can post the file here for analysis (just curious) if the file isn't too large.

 

Regards,

Orlando

Share this post


Link to post
Share on other sites

Thank you very much for your reply Orlando! :D

But, how can I post the file in the forum without risk for my pc? I have to recover it from quarantine, post it here and then quarantine it again, or is there another, safer, process to do that? Sorry for the stupid question.

Share this post


Link to post
Share on other sites
Guest orlando

Thank you very much for your reply Orlando! :D

But, how can I post the file in the forum without risk for my pc? I have to recover it from quarantine, post it here and then quarantine it again, or is there another, safer, process to do that? Sorry for the stupid question.

 

You see where Immunet find the file and restore them (Immunet ripristierà the folder where you found it), then post the file here (but do not run, if you do not run it there will be no problem, I also suggest zipping) and then delete the source file, so you only safe to put a zipped file here in the Fourm. I will summarize everything:

 

1 - Restore the file (where Immunet found him);

2 - Zipp it and deletes the source file (I suppose it's .exe file);

3 - Post here, if it is not too large, the file.

 

Regards,

Orlando

Share this post


Link to post
Share on other sites

I can't upload the file because it's 1200kb, and the forum permits me to upload only 500k. It's a .tmp by the way.

I noticed today that I get a new .tmp file quarantined every time I try to update Chrome browser. Is it only a false positive maybe?

Thank you for your help! :D

Share this post


Link to post
Share on other sites
Guest orlando

I can't upload the file because it's 1200kb, and the forum permits me to upload only 500k. It's a .tmp by the way.

I noticed today that I get a new .tmp file quarantined every time I try to update Chrome browser. Is it only a false positive maybe?

Thank you for your help! :D

 

You may have a false positive, look at this discussion that I found on chrome updater: http://forum.immunet.com/index.php?/topic/59-possible-google-chrome-false-positive/

 

I will contact a private message, incorporate them into my personal email where I will discuss his file, I avoid posting my email in public.

 

Regards,

Orlando

Share this post


Link to post
Share on other sites
Guest orlando

I analyzed your file and it is clean, associated with Google Chrome and Google signed with copyright. It 'a false positive and bring it to the competent persons as safe.

 

Thanks and

Regards,

Orlando

Share this post


Link to post
Share on other sites

Sorry, I think I did not explained my issue well.

I can find the info of the file that was quarantined (Event type, file path, date, ecc...), but some days ago immunet found a malicius file, it quarantined successfully, but there is no "detection name" in the info window (I haven't deleted it yet). So I was curious to know what kind of menace was that file (keylogger, tracking-cookie, Trojan, ecc...), and if there is an additional tool like an immunet menace-database.

Maybe a left-blank "detention name" info mean only a very low level threat?

Thank you.

 

OK, you've stumbled upon a bug with our database code I think. The item should have a threat name. I can help. Can you please send me a support snapshot:

 

http://support.immunet.com/tiki-read_article.php?articleId=10

 

Also, if you roll the file out of quarantine, zip it and password it I will be happy to look at it for you as well.

 

My email address is alfred@immunet.com

 

al

Share this post


Link to post
Share on other sites

OK, you've stumbled upon a bug with our database code I think. The item should have a threat name. I can help. Can you please send me a support snapshot:

 

http://support.immunet.com/tiki-read_article.php?articleId=10

 

Also, if you roll the file out of quarantine, zip it and password it I will be happy to look at it for you as well.

 

My email address is alfred@immunet.com

 

al

 

 

OK, I clearly should have read the whole thread - thanks for handling that Orlando - I would still appreciate the support snapshot though. Best,

al

Share this post


Link to post
Share on other sites
Guest orlando

OK, you've stumbled upon a bug with our database code I think. The item should have a threat name. I can help. Can you please send me a support snapshot:

 

http://support.immunet.com/tiki-read_article.php?articleId=10

 

Also, if you roll the file out of quarantine, zip it and password it I will be happy to look at it for you as well.

 

My email address is alfred@immunet.com

 

al

 

However, it is a false positive. I tried this morning to send the file, but without success. I try again to send the false positive in your personal email (Alfred).

 

Regards,

Orlando

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×