Submitting samples

Discussion in 'other anti-virus software' started by Klaus_1250, Jul 4, 2006.

Thread Status:
Not open for further replies.
  1. Klaus_1250

    Klaus_1250 Registered Member

    Joined:
    Jun 24, 2006
    Posts:
    45
    I occasionally clean out PC's for people and often find malware which is not recognzed by (most) virus-/malware scanners. I used to use virustotal and jotti to submit the samples to AV-vendors, but that is becomming more difficult with the increasing load on those services and it is not convinient if you have a large set of files. Is there any way around this issue?

    PS: How do you submit malware located in the registry? Never seen it before untill tis week, NOD32 didn't recognize it.
     
  2. ASpace

    ASpace Guest

    Fast writing to all these emails would be OK .
    https://www.wilderssecurity.com/showthread.php?t=132843

    :D

    Malware cannot be located in the registry only . Behind the registry there is also an infected file
     
  3. kjempen

    kjempen Registered Member

    Joined:
    May 6, 2004
    Posts:
    379
    What do you mean by malware located in the registry?

    Do you mean all the startup/run entries etc. that trojans and spyware and adware and worms add in the Windows registry? Almost all these malwares do that, but once the "bad" files have been removed this isn't really much to worry about. Just use a registry cleaner or spyware cleaner to get rid of the registry entries "related" to the malware.

    And if you want a third web scanner service to submit files to, try: http://scanner.virus.org/
     
  4. Klaus_1250

    Klaus_1250 Registered Member

    Joined:
    Jun 24, 2006
    Posts:
    45
    No, no startup/run entries, I mean actually malware code in the registry. It looked really odd, both the keys and their values didnt make sense and there where quite a lot of them.

    thanx!
     
  5. kjempen

    kjempen Registered Member

    Joined:
    May 6, 2004
    Posts:
    379
    You could use the "Export" feature in regedit.exe to export the weird registry entries to a file and try submitting the .reg file. Sure it's not just a corrupt registry? Sounds a bit strange...

    EDIT: There's not a lot of Antiviruses that monitor the Windows registry, so what help it would do to submit the .reg files? I don't know... Guess the new Kaspersky AV version monitors the Windows registry? And maybe also Panda?
     
  6. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    what antivirus flagged the infected registry entries and what malware did it find there?
     
  7. Klaus_1250

    Klaus_1250 Registered Member

    Joined:
    Jun 24, 2006
    Posts:
    45
    I think it was Ewido, but not too sure anymore, only had a few hours to clean it up and it had some particulair annoying things on it (which made almost every scanner stall) :-(

    @HiTech_boy: Thanx! I found a more complete list in one of the posts in that topic. Will try it out the next time I clean a PC. Jotti and VirusTotal are really getting slow :-(
     
  8. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    Why don't you use the dslreports malware submission tool? One click and all vendors are there in the "to" field in your mail client and you just add the zipped file and the password. It will be sent to 36 vendors.

    http://www.dslreports.com/faq/8428#submit

    (I just had dslr add the support address that Bit Defender recently told several users that submissions should now go to so they go now to two BD addresses if using this tool).
     
Thread Status:
Not open for further replies.