Jump to content

Google Files identified as malware cannot upload to check FP [Resolved]


laopa
 Share

Recommended Posts

Hi,

Ran a scan with Anti-Malware (5.0.0.64) yesterday and it identified one of the Google Earth files as being a Malware. Quarantined the file and tried to send for analysis as a FP but the Send button would not highlight and when I checked the suspect FP file was > 19.0MB. Would that be the problem.

This is the second Google Earth File that Anti-Malware has not liked in as many days.

Help.

laopa

Link to comment
Share on other sites

Hi laopa, welcome to the forum

There were several similar detections reported in the Forum recently

Please search with the respective keywords

If you cannot find the cases Main sections and or "Malware Removal" section of the Forum I can post the links here

Those are most likely False Positives

Please manually Update & rescan

Some of those were already fixed

In any case if you are still having the detections regarding Google Earth (\Plugins\ <>.dll)

or any other Google components like Google Update / Toolbar /& so on...

please submit the file(s) flagged as it is described Submitting suspected False Positives for analysis

My regards

p.s. Irrespectively provide more detailed information about your System Environment as in Forum Posting Rules #2). That matters

You can use your signature for that, so you will not be asked again & again

Link to comment
Share on other sites

Hi,

Thanks for the welcome and quick reply.

I will rerun a scan and see if it is picked up again. If it is a size of file issue can these be zipped and sent to Emsisoft in another way?

The Send should have be the Submit File button.

laopa

Link to comment
Share on other sites

Thank you for reply & adding the signature, laopa

Not really got the question about ZIPing.

If you are sending from the Detection List or Quarantine you may get a notification about inability to send/submit

If you are attaching passworded archive when sending e-mail that is a different matter

(could be a size restriction by you Client e-mail the server as well)

What is the size of a file(s) and what is the method you are using?

It is possible that the developers can provide the special upload address if all mentioned methods failed

Cheers!

Link to comment
Share on other sites

Hi,

When the Google Earth File was identified as a problem by Anti-Malware the other day I quarantined it. Then I went to the quarantine section and was going to send it for analysis to Emsisoft as a potential FP.

When I highlighted the file, the Submit Button did not "highlight/turn blue" and would not and could not be operated.

Out of frustration I restored the file and then went and checked how big it was. It was over 19.0MB and I thought that perhaps that was why I could not send it from quarantine to Emsisoft for analysis as a potential FP.

My question is, is there a size restriction on files that can be submitted once quarantined via clicking the Submit File Button and if there is, is there another way to send them to Emsisoft for analysis outside of the quarantined route?

If there is not a size restriction on files that can be sent from quarantine then what was the problem with the Submit File Button.

Some security software limits the size of uploadable files and requires that they be "compressed/zipped/archived" before they can be sent.

Is that OK?

Thanks

laopa

Link to comment
Share on other sites

Thanks for reply , laopa

As I said, recently there were several flaggings of different Google components

One of the latest detections & one of my replies can be seen here

As it was pointed I am using as minimum Google Software as possible and I am not going to,

So, I cannot be sure that you have the same flagging - you did not attach the the saved report

We cannot be sure whether that is same detection

You can send the report to Emsisoft and ask what you can do with 19MB & where to upload that

I would be damned (!) if that DLL alone is 19MB,

... probably you have the whole Trace.Directoty detection? :unsure:

Why would you quarantine it straight away without investigation

...anyway please send at least a report & state the size - the developers will tell you what to do and where you can upload it not using e-mail

My regards

Link to comment
Share on other sites

Hi,

It was the following.

C:\Program Files\Google\Google Earth\plugin\googleearth_free.dll Moved To Quarantine Backdoor.Win32.IRCNite.po!A2
I would be damned (!) if that DLL alone is 19MB,

... probably you have the whole Trace.Directoty detection?

You are right, it is actually 22.3MB. Right click, file properties on the little symbol of a blue sheet of paper with folded right corner and one blue and one orange cog on it in the Google Earth \ Plugin Directory.

Why would you quarantine it straight away without investigation

Because I am a newbie and have blind faith in technology and technological gurus.

Hope this helps.

laopa

Link to comment
Share on other sites

Yeap! that's the one of those I was talking about (had no idea that it is so big :blink:)

Please send an email as an FP referring to your case and just ask the advice regarding uploading the file

My regards

p.s. as for "blind faith" - (my personal opinion) that attitude never works no matter what & rather damaging - that applies to any area in human lives. We learn; we know something; we don't know something else... yet...

Link to comment
Share on other sites

Hi,

Yep it is that big. I will try to figure out the email to Emsisoft thing but I am pretty sure it is a FP.

On the P.S. "blind faith" thing (based on my experience) and apart from the band, I also think it is a lot of hoohaa, I tried to upload the sucker to VisusTotal but the file was too big, I scanned it with SUPERAntiSpyware, Malwarebytes Anti-Malware, HitManPro, Avira AntiVir and I did not get the impression Online Armor was bothered by it, so then I figured it was not really a system or operational software critical program or file, so I quarantined it and tried to upload it to EmsiSoft. Then I ran into the "dead Submit Button and wondered why and asked here on the forum if there was an upload limit for quarantined files.

Firing off an email to Emsisoft in the near shortly.

Regards

laopa

Link to comment
Share on other sites

Hi,

At the end of the day the results are in. Sent the file to [email protected] and attached a 7Zip encrypted copy (compressed to just over 10MB) of the file to them. Heard back from [email protected] within the hour and the file was a FP that has already been fixed.

Excellent support, thank you all very much.

I am still assuming that there is a file size limit for quarantined files but I guess that size is reached when the Submit Button will not activate. Know what to do now if it happens again.

In the above, the site I foolishly misspelt, was VIRUSTotal i.e. http://www.virustotal.com/.

Regards

laopa

Link to comment
Share on other sites

...At the end of the day the results are in. Sent the file to [email protected] and attached a 7Zip encrypted copy (compressed to just over 10MB) of the file to them. Heard back from [email protected] within the hour and the file was a FP that has already been fixed.

Excellent support, thank you all very much.

Thanks for the reply & letting us know , laopa

Cheers! :)

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...