Jump to content

How To Get Info On Quarantined Files

Equaton

By Equaton,
in Malware Detections

Recommended Posts

Guest orlando

Guest orlando

Posted
Posted

Hello,

I wanted to know if there is a way to gather some info on files that immunet quarantined. For example today I got a "BITA150.tmp", but I don't know if it is a virus, a malware, keylogger, ecc...

Thank you.

 

You're wrong, because if you click on a malware in your history, right there on various details (on the right), including the specific name of the malware, it would be "name detected" and when you delete the virus from quarantine this type of information you can not have more, determined for the deleted file.

 

Regards,

Orlando

Link to comment
Share on other sites
Equaton Newbie

Equaton

Posted
  • Author
Posted

Sorry, I think I did not explained my issue well.

I can find the info of the file that was quarantined (Event type, file path, date, ecc...), but some days ago immunet found a malicius file, it quarantined successfully, but there is no "detection name" in the info window (I haven't deleted it yet). So I was curious to know what kind of menace was that file (keylogger, tracking-cookie, Trojan, ecc...), and if there is an additional tool like an immunet menace-database.

Maybe a left-blank "detention name" info mean only a very low level threat?

Thank you.

Link to comment
Share on other sites
Guest orlando

Guest orlando

Posted
Posted

Sorry, I think I did not explained my issue well.

I can find the info of the file that was quarantined (Event type, file path, date, ecc...), but some days ago immunet found a malicius file, it quarantined successfully, but there is no "detection name" in the info window (I haven't deleted it yet). So I was curious to know what kind of menace was that file (keylogger, tracking-cookie, Trojan, ecc...), and if there is an additional tool like an immunet menace-database.

Maybe a left-blank "detention name" info mean only a very low level threat?

Thank you.

 

For now Immunet does not offer specific information on malware (like many companies offer one of the best in this field is norton). However, I inform Millard for a more precise and detailed reply, yet there isn't a thermometer to know the danger of threats.

 

You can post the file here for analysis (just curious) if the file isn't too large.

 

Regards,

Orlando

Link to comment
Share on other sites
Equaton Newbie

Equaton

Posted
  • Author
Posted

Thank you very much for your reply Orlando! :D

But, how can I post the file in the forum without risk for my pc? I have to recover it from quarantine, post it here and then quarantine it again, or is there another, safer, process to do that? Sorry for the stupid question.

Link to comment
Share on other sites
Guest orlando

Guest orlando

Posted
Posted

Thank you very much for your reply Orlando! :D

But, how can I post the file in the forum without risk for my pc? I have to recover it from quarantine, post it here and then quarantine it again, or is there another, safer, process to do that? Sorry for the stupid question.

 

You see where Immunet find the file and restore them (Immunet ripristierà the folder where you found it), then post the file here (but do not run, if you do not run it there will be no problem, I also suggest zipping) and then delete the source file, so you only safe to put a zipped file here in the Fourm. I will summarize everything:

 

1 - Restore the file (where Immunet found him);

2 - Zipp it and deletes the source file (I suppose it's .exe file);

3 - Post here, if it is not too large, the file.

 

Regards,

Orlando

Link to comment
Share on other sites
Equaton Newbie

Equaton

Posted
  • Author
Posted

I can't upload the file because it's 1200kb, and the forum permits me to upload only 500k. It's a .tmp by the way.

I noticed today that I get a new .tmp file quarantined every time I try to update Chrome browser. Is it only a false positive maybe?

Thank you for your help! :D

Link to comment
Share on other sites
Guest orlando

Guest orlando

Posted
Posted

I can't upload the file because it's 1200kb, and the forum permits me to upload only 500k. It's a .tmp by the way.

I noticed today that I get a new .tmp file quarantined every time I try to update Chrome browser. Is it only a false positive maybe?

Thank you for your help! :D

 

You may have a false positive, look at this discussion that I found on chrome updater: http://forum.immunet.com/index.php?/topic/59-possible-google-chrome-false-positive/

 

I will contact a private message, incorporate them into my personal email where I will discuss his file, I avoid posting my email in public.

 

Regards,

Orlando

Link to comment
Share on other sites
Guest orlando

Guest orlando

Posted
Posted

I analyzed your file and it is clean, associated with Google Chrome and Google signed with copyright. It 'a false positive and bring it to the competent persons as safe.

 

Thanks and

Regards,

Orlando

Link to comment
Share on other sites
alfred Newbie

alfred

Posted
Posted

Sorry, I think I did not explained my issue well.

I can find the info of the file that was quarantined (Event type, file path, date, ecc...), but some days ago immunet found a malicius file, it quarantined successfully, but there is no "detection name" in the info window (I haven't deleted it yet). So I was curious to know what kind of menace was that file (keylogger, tracking-cookie, Trojan, ecc...), and if there is an additional tool like an immunet menace-database.

Maybe a left-blank "detention name" info mean only a very low level threat?

Thank you.

 

OK, you've stumbled upon a bug with our database code I think. The item should have a threat name. I can help. Can you please send me a support snapshot:

 

http://support.immunet.com/tiki-read_article.php?articleId=10

 

Also, if you roll the file out of quarantine, zip it and password it I will be happy to look at it for you as well.

 

My email address is alfred@immunet.com

 

al

Link to comment
Share on other sites
alfred Newbie

alfred

Posted
Posted

OK, you've stumbled upon a bug with our database code I think. The item should have a threat name. I can help. Can you please send me a support snapshot:

 

http://support.immunet.com/tiki-read_article.php?articleId=10

 

Also, if you roll the file out of quarantine, zip it and password it I will be happy to look at it for you as well.

 

My email address is alfred@immunet.com

 

al

 

 

OK, I clearly should have read the whole thread - thanks for handling that Orlando - I would still appreciate the support snapshot though. Best,

al

Link to comment
Share on other sites
Guest orlando

Guest orlando

Posted
Posted

OK, you've stumbled upon a bug with our database code I think. The item should have a threat name. I can help. Can you please send me a support snapshot:

 

http://support.immunet.com/tiki-read_article.php?articleId=10

 

Also, if you roll the file out of quarantine, zip it and password it I will be happy to look at it for you as well.

 

My email address is alfred@immunet.com

 

al

 

However, it is a false positive. I tried this morning to send the file, but without success. I try again to send the false positive in your personal email (Alfred).

 

Regards,

Orlando

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...