I made a full scan of my PC today and found that there’s an infection. It seems to be some sort “Generic detection” (Suspicious:W32/Malware!Gemini). As I am not sure what is it and I selected quarantined function.
However, by checking the quarantine flyer, it did not show me the pathname (i.e. System infection (one or more objects) and the file size is more then 31 Mb!
Please help and let me know how can I submit such file to you guys. Thanks!
Thanks for your advice!
However, I cannot locate the quarantined item in my PC, hence, SAS only support a single file no larger then 20Mb (unless you are a honor collector) or one compressed file which included less the 100 files.
I have made some screen sorts on that day, not sure if I can post it here?
The detection name indicates a generic detection, therefore there is a possibility it is a false positive.
The file name and path are interesting details to know.
Information about found infections are stored in different logfiles.
Can you please check your windows application eventlog?
Infections are logged as errors, the path to the infection is in the details.
Depending on the product and configuration, it might not be written to the eventlog, in that case please search for logfile.log and/or removal.log.
If you have trouble finding the information, please drop me a line :)
About the sample upload:
Try compressing the file, format zip, password "infected" - if it is still too large for SAS, drop me a line.
When you can't find specific details about an item that was placed on the quarantine, you could give our advanced quarantine recovery tool, unquar.exe, a try!
You can find further information and download link for the tool from: http://www.f-secure.com/en/web/home_global/support/article/kba/15587
You could try to list the files/items being quarantined by using unquar.exe as follows from command line:
unquar.exe -m recovery -i Suspicious:W32/Malware!Gemini
The unquar.exe should contain quite good explanation of the command line switches, however if you need some additional help, feel free to send me an private message.
This topic has been closed due to inactivity. If you would like to discuss this topic further, please start a new post.
You can reference this topic in your post by adding this link: