Unable to find the quarantined item

Hi,

 

I made a full scan of my PC today and found that there’s an infection.  It seems to be some sort “Generic detection” (Suspicious:W32/Malware!Gemini).  As I am not sure what is it and I selected quarantined function.

 

However, by checking the quarantine flyer, it did not show me the pathname (i.e. System infection (one or more objects) and the file size is more then 31 Mb!

 

Please help and let me know how can I submit such file to you guys. Thanks!

 

KF

 

Comments

  • Jason
    Jason Posts: 15
    Hi KF, I believe you can submit the file here: https://analysis.f-secure.com/portal/login.html
  • yeungmic
    yeungmic Posts: 6

    Hi Jason,

     

    Thanks for your advice!

     

    However, I cannot locate the quarantined item in my PC, hence, SAS only support a single file no larger then 20Mb (unless you are a honor collector) or one compressed file which included less the 100 files.

     

    I have made some screen sorts on that day, not sure if I can post it here? Smiley Indifferent

     

     

  • Stephan
    Stephan Posts: 351

    Hi yeungmic,

     

    The detection name indicates a generic detection, therefore there is a possibility it is a false positive.

     

    The file name and path are interesting details to know.

     

    Information about found infections are stored in different logfiles.

     

    Can you please check your windows application eventlog?

    Infections are logged as errors, the path to the infection is in the details.

     

    Depending on the product and configuration, it might not be written to the eventlog, in that case please search for logfile.log and/or removal.log.

     

    If you have trouble finding the information, please drop me a line :)

     

    About the sample upload:

    Try compressing the file, format zip, password "infected" - if it is still too large for SAS, drop me a line.

     

    Best regards,
    Stephan

  • Siltanen
    Siltanen Posts: 108 Former F-Secure Employee

    Hello yeungmic,

     

    When you can't find specific details about an item that was placed on the quarantine, you could give our advanced quarantine recovery tool, unquar.exe, a try!

     

    You can find further information and download link for the tool from: http://www.f-secure.com/en/web/home_global/support/article/kba/15587

    You could try to list the files/items being quarantined by using unquar.exe as follows from command line:

    unquar.exe -m recovery -i Suspicious:W32/Malware!Gemini

    The unquar.exe should contain quite good explanation of the command line switches, however if you need some additional help, feel free to send me an private message.

This discussion has been closed.