Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

How to know what is doing a specific malware ?


  • Please log in to reply

#1
jr75018

jr75018

    New Member

  • Member
  • Pip
  • 4 posts

Hi,

 

I am new...and French, so my English language is far to be perfect.

 

I tried to find a list of malwares to know which is the threat of the two malwares my antiviruses software (G Data) found and I did not succeed. Can you help me, please ?

 

The two malwares :

 

Gen:Variant.Johnnie.50386
Gen:Variant.Johnnie.49826

 

Thank you.

 

Jacques (windows 7 - Firefox 54.0.1 64 bits) - Sorry if don't found the best place on this forum


Edited by jr75018, 15 August 2017 - 11:58 PM.

  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,911 posts
  • MVP

If you have samples of the files you can submit them to virustotal.com and see what the other a-v companies call it.  Sometimes you will find more on a virus from some of the others but these two appear to be F-Secure names for things that act like malware but which aren't really in their database.  See:

 

https://www.f-secure...2_generic.shtml


  • 0

#3
jr75018

jr75018

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts

Hi,

 

and many thanks for your answer.

 

I feel confused cause when my antivirus (G Data*) discovered the two viruses I asked to send them in quarantine. So I don't know how to do to submit them to virustotal.com. I will check on the "infected" computer.

 

* I asked them but I received a kind of "robot" answer: ~ this kind of viruses could steel critical informations from your computer.

 

But nothing about keylogger.


Edited by jr75018, 26 August 2017 - 09:03 AM.

  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,911 posts
  • MVP
 
Easiest way to submit a file is to copy the path:
Example:
c:\Windows\System32\spoolsv.exe
 
Then
Go to virustotal.com with your browser.  Click on Choose File then when the file chooser window opens, move down to the File Name: box and then Ctrl + v and the path should appear.  Hit Open and it should return to the main page with spoolsv.exe chosen.  Click on Scan it.  If it knows the file already it will tell you it's already been analyzed and offer you a choice of Reanalyze and View Last Analysis.  In that case click on View Last Analysis.  If it doesn't know the file it will take a minute to query 50+ different anti-virus companies.  In either case, If the Detection ratio: is not 0 / 50+ then copy the Analysis page and paste it into the forum.  You can just hit Ctrl + a then Ctrl + c to copy the page then go to a reply and Ctrl + v.

  • 0

#5
jr75018

jr75018

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts

Dear Rkinner,

 

Again, many thanks for your help.

 

The two viruses, on my Lenovo laptop (Windows 7), are in quarantine in C:\Program Files (x86)\Hostless Modem\3G Mobile Hotspot\ZDServSetup ((RestCD.exe and UninstallZDServ.exe) I use a ZTE MF70 dongle when I go to India).

 

The two files are encrypted (by G Data) and not accessible (Maybe ZTE protect its software ? Or G Data ?)). I can't see them when I am on the Windows explorer. I restored the two files and tried to download them to virustotal.com. I have been told I have no authorization to open this file. So I put them back in quarantine.

 

I pluged my dongle on my desktop (Windows 10) and run G Data on it. The two viruses were on the dongle. I tried to remove the files from the dongle. Impossible. Again i put them in quarantine. There are still in quarantine on the laptop.

 

It looks like I will never know what this two viruses are doing.


Edited by jr75018, 27 August 2017 - 04:46 AM.

  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,911 posts
  • MVP

I think they are both false positives.  ZTE is an OK company and Hostless Modem is one of their products.

 

Uninstall Hostless Modem then reinstall it and see if your ani-virus has another fit.


  • 0

#7
jr75018

jr75018

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts

I pluged the dongle on the laptop and I scaned the computer and the dongle on line with Eset who discovered (and removed) only Win32/SmartTweak.B (not discovered by G Data).

 

So, I guess you are right when you think they are two false positives.

 

I feel better now.

 

Thank you.

 

Jacques


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP