[jr75018]

Hi,

 

I am new...and French, so my English language is far to be perfect.

 

I tried to find a list of malwares to know which is the threat of the two malwares my antiviruses software (G Data) found and I did not succeed. Can you help me, please ?

 

The two malwares :

 

Gen:Variant.Johnnie.50386
Gen:Variant.Johnnie.49826

 

Thank you.

 

Jacques (windows 7 - Firefox 54.0.1 64 bits) - Sorry if don't found the best place on this forum

Edited by jr75018, 15 August 2017 - 11:58 PM.

[Advertisements]

If you have samples of the files you can submit them to virustotal.com and see what the other a-v companies call it.  Sometimes you will find more on a virus from some of the others but these two appear to be F-Secure names for things that act like malware but which aren't really in their database.  See:

 

https://www.f-secure...2_generic.shtml

[RKinner]

If you have samples of the files you can submit them to virustotal.com and see what the other a-v companies call it.  Sometimes you will find more on a virus from some of the others but these two appear to be F-Secure names for things that act like malware but which aren't really in their database.  See:

 

https://www.f-secure...2_generic.shtml

[jr75018]

Hi,

 

and many thanks for your answer.

 

I feel confused cause when my antivirus (G Data*) discovered the two viruses I asked to send them in quarantine. So I don't know how to do to submit them to virustotal.com. I will check on the "infected" computer.

 

* I asked them but I received a kind of "robot" answer: ~ this kind of viruses could steel critical informations from your computer.

 

But nothing about keylogger.

Edited by jr75018, 26 August 2017 - 09:03 AM.

[RKinner]

 

Easiest way to submit a file is to copy the path:

Example:

c:\Windows\System32\spoolsv.exe

 

Then

Go to virustotal.com with your browser.  Click on Choose File then when the file chooser window opens, move down to the File Name: box and then Ctrl + v and the path should appear.  Hit Open and it should return to the main page with spoolsv.exe chosen.  Click on Scan it.  If it knows the file already it will tell you it's already been analyzed and offer you a choice of Reanalyze and View Last Analysis.  In that case click on View Last Analysis.  If it doesn't know the file it will take a minute to query 50+ different anti-virus companies.  In either case, If the Detection ratio: is not 0 / 50+ then copy the Analysis page and paste it into the forum.  You can just hit Ctrl + a then Ctrl + c to copy the page then go to a reply and Ctrl + v.

[jr75018]

Dear Rkinner,

 

Again, many thanks for your help.

 

The two viruses, on my Lenovo laptop (Windows 7), are in quarantine in C:\Program Files (x86)\Hostless Modem\3G Mobile Hotspot\ZDServSetup ((RestCD.exe and UninstallZDServ.exe) I use a ZTE MF70 dongle when I go to India).

 

The two files are encrypted (by G Data) and not accessible (Maybe ZTE protect its software ? Or G Data ?)). I can't see them when I am on the Windows explorer. I restored the two files and tried to download them to virustotal.com. I have been told I have no authorization to open this file. So I put them back in quarantine.

 

I pluged my dongle on my desktop (Windows 10) and run G Data on it. The two viruses were on the dongle. I tried to remove the files from the dongle. Impossible. Again i put them in quarantine. There are still in quarantine on the laptop.

 

It looks like I will never know what this two viruses are doing.

Edited by jr75018, 27 August 2017 - 04:46 AM.

[RKinner]

I think they are both false positives.  ZTE is an OK company and Hostless Modem is one of their products.

 

Uninstall Hostless Modem then reinstall it and see if your ani-virus has another fit.

[jr75018]

I pluged the dongle on the laptop and I scaned the computer and the dongle on line with Eset who discovered (and removed) only Win32/SmartTweak.B (not discovered by G Data).

 

So, I guess you are right when you think they are two false positives.

 

I feel better now.

 

Thank you.

 

Jacques