Equaton Posted August 22, 2010 Report Share Posted August 22, 2010 Hello, I wanted to know if there is a way to gather some info on files that immunet quarantined. For example today I got a "BITA150.tmp", but I don't know if it is a virus, a malware, keylogger, ecc... Thank you. Link to comment Share on other sites More sharing options...
Guest orlando Posted August 22, 2010 Report Share Posted August 22, 2010 Hello, I wanted to know if there is a way to gather some info on files that immunet quarantined. For example today I got a "BITA150.tmp", but I don't know if it is a virus, a malware, keylogger, ecc... Thank you. You're wrong, because if you click on a malware in your history, right there on various details (on the right), including the specific name of the malware, it would be "name detected" and when you delete the virus from quarantine this type of information you can not have more, determined for the deleted file. Regards, Orlando Link to comment Share on other sites More sharing options...
Equaton Posted August 22, 2010 Author Report Share Posted August 22, 2010 Sorry, I think I did not explained my issue well. I can find the info of the file that was quarantined (Event type, file path, date, ecc...), but some days ago immunet found a malicius file, it quarantined successfully, but there is no "detection name" in the info window (I haven't deleted it yet). So I was curious to know what kind of menace was that file (keylogger, tracking-cookie, Trojan, ecc...), and if there is an additional tool like an immunet menace-database. Maybe a left-blank "detention name" info mean only a very low level threat? Thank you. Link to comment Share on other sites More sharing options...
Guest orlando Posted August 22, 2010 Report Share Posted August 22, 2010 Sorry, I think I did not explained my issue well. I can find the info of the file that was quarantined (Event type, file path, date, ecc...), but some days ago immunet found a malicius file, it quarantined successfully, but there is no "detection name" in the info window (I haven't deleted it yet). So I was curious to know what kind of menace was that file (keylogger, tracking-cookie, Trojan, ecc...), and if there is an additional tool like an immunet menace-database. Maybe a left-blank "detention name" info mean only a very low level threat? Thank you. For now Immunet does not offer specific information on malware (like many companies offer one of the best in this field is norton). However, I inform Millard for a more precise and detailed reply, yet there isn't a thermometer to know the danger of threats. You can post the file here for analysis (just curious) if the file isn't too large. Regards, Orlando Link to comment Share on other sites More sharing options...
Equaton Posted August 23, 2010 Author Report Share Posted August 23, 2010 Thank you very much for your reply Orlando! But, how can I post the file in the forum without risk for my pc? I have to recover it from quarantine, post it here and then quarantine it again, or is there another, safer, process to do that? Sorry for the stupid question. Link to comment Share on other sites More sharing options...
Guest orlando Posted August 23, 2010 Report Share Posted August 23, 2010 Thank you very much for your reply Orlando! But, how can I post the file in the forum without risk for my pc? I have to recover it from quarantine, post it here and then quarantine it again, or is there another, safer, process to do that? Sorry for the stupid question. You see where Immunet find the file and restore them (Immunet ripristierà the folder where you found it), then post the file here (but do not run, if you do not run it there will be no problem, I also suggest zipping) and then delete the source file, so you only safe to put a zipped file here in the Fourm. I will summarize everything: 1 - Restore the file (where Immunet found him); 2 - Zipp it and deletes the source file (I suppose it's .exe file); 3 - Post here, if it is not too large, the file. Regards, Orlando Link to comment Share on other sites More sharing options...
Equaton Posted August 23, 2010 Author Report Share Posted August 23, 2010 I can't upload the file because it's 1200kb, and the forum permits me to upload only 500k. It's a .tmp by the way. I noticed today that I get a new .tmp file quarantined every time I try to update Chrome browser. Is it only a false positive maybe? Thank you for your help! Link to comment Share on other sites More sharing options...
Guest orlando Posted August 23, 2010 Report Share Posted August 23, 2010 I can't upload the file because it's 1200kb, and the forum permits me to upload only 500k. It's a .tmp by the way. I noticed today that I get a new .tmp file quarantined every time I try to update Chrome browser. Is it only a false positive maybe? Thank you for your help! You may have a false positive, look at this discussion that I found on chrome updater: http://forum.immunet.com/index.php?/topic/59-possible-google-chrome-false-positive/ I will contact a private message, incorporate them into my personal email where I will discuss his file, I avoid posting my email in public. Regards, Orlando Link to comment Share on other sites More sharing options...
Guest orlando Posted August 23, 2010 Report Share Posted August 23, 2010 I analyzed your file and it is clean, associated with Google Chrome and Google signed with copyright. It 'a false positive and bring it to the competent persons as safe. Thanks and Regards, Orlando Link to comment Share on other sites More sharing options...
Equaton Posted August 23, 2010 Author Report Share Posted August 23, 2010 Wonderful! Again, thank you very much for your support. Link to comment Share on other sites More sharing options...
alfred Posted August 24, 2010 Report Share Posted August 24, 2010 Sorry, I think I did not explained my issue well. I can find the info of the file that was quarantined (Event type, file path, date, ecc...), but some days ago immunet found a malicius file, it quarantined successfully, but there is no "detection name" in the info window (I haven't deleted it yet). So I was curious to know what kind of menace was that file (keylogger, tracking-cookie, Trojan, ecc...), and if there is an additional tool like an immunet menace-database. Maybe a left-blank "detention name" info mean only a very low level threat? Thank you. OK, you've stumbled upon a bug with our database code I think. The item should have a threat name. I can help. Can you please send me a support snapshot: http://support.immunet.com/tiki-read_article.php?articleId=10 Also, if you roll the file out of quarantine, zip it and password it I will be happy to look at it for you as well. My email address is alfred@immunet.com al Link to comment Share on other sites More sharing options...
alfred Posted August 24, 2010 Report Share Posted August 24, 2010 OK, you've stumbled upon a bug with our database code I think. The item should have a threat name. I can help. Can you please send me a support snapshot: http://support.immunet.com/tiki-read_article.php?articleId=10 Also, if you roll the file out of quarantine, zip it and password it I will be happy to look at it for you as well. My email address is alfred@immunet.com al OK, I clearly should have read the whole thread - thanks for handling that Orlando - I would still appreciate the support snapshot though. Best, al Link to comment Share on other sites More sharing options...
Guest orlando Posted August 24, 2010 Report Share Posted August 24, 2010 OK, you've stumbled upon a bug with our database code I think. The item should have a threat name. I can help. Can you please send me a support snapshot: http://support.immunet.com/tiki-read_article.php?articleId=10 Also, if you roll the file out of quarantine, zip it and password it I will be happy to look at it for you as well. My email address is alfred@immunet.com al However, it is a false positive. I tried this morning to send the file, but without success. I try again to send the false positive in your personal email (Alfred). Regards, Orlando Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.