Jump to content
yourpalal

Submitting samples

Recommended Posts

Good day. I tried to submit a sample from the SUPERSampleSubmit.exe but it kept saying files not found. So since I'm a newbie here, how I am I to send then for analysis? Here is what my SUPERAntiSpyware Scan Log showed (and are quarantined for now):

Generated 06/06/2010 at 00:21 AM

Application Version : 4.15.1000

Core Rules Database Version : 5036

Trace Rules Database Version: 2848

Scan type : Complete Scan

Total Scan Time : 01:23:02

Memory items scanned : 548

Memory threats detected : 0

Registry items scanned : 7446

Registry threats detected : 0

File items scanned : 34721

File threats detected : 4

Trojan.Dropper/Win-NV

C:\WINDOWS\SYSTEM\MSVIDEO.DLL

C:\WINDOWS\SYSTEM32\MSVIDEO.DLL

C:\WINDOWS\WINSXS\X86_MICROSOFT-WINDOWS-V..OR-WINDOWS16-SYSTEM_31BF3856AD364E35_6.0.6000.16386_NONE_154EBB74CBCD1BE0\MSVIDEO.DLL

C:\WINDOWS\WINSXS\X86_MICROSOFT-WINDOWS-VIDEO-FOR-WINDOWS16_31BF3856AD364E35_6.0.6000.16386_NONE_5DC33D5D7A504F78\MSVIDEO.DLL

thanks

Share this post


Link to post
Share on other sites

What Windows operating system are you running?

If you are running XP, Vista, or Windows 7, then you are running an extremely old verion of SAS. The latest version is V4.38.1004 and can be downloaded at the link below. Be Sure to uninstall the old version of SAS before installing the latest version.

https://www.superantispyware.com/

Are you able to submit the file MSVideo.dll to VirusTotal or Jottie at the links below?

http://www.virustotal.com/

http://virusscan.jotti.org/en

If you let SAS quarantine the files, they are no longer in their original location. They are in the SAS Quarantine folder. Also, if you tried to submit them while SAS had them locked out prior to quarantining them, then the submit sample program would not have access to them.

Share this post


Link to post
Share on other sites

What Windows operating system are you running?

If you are running XP, Vista, or Windows 7, then you are running an extremely old verion of SAS. The latest version is V4.38.1004 and can be downloaded at the link below. Be Sure to uninstall the old version of SAS before installing the latest version.

https://www.superantispyware.com/

Are you able to submit the file MSVideo.dll to VirusTotal or Jottie at the links below?

http://www.virustotal.com/

http://virusscan.jotti.org/en

If you let SAS quarantine the files, they are no longer in their original location. They are in the SAS Quarantine folder. Also, if you tried to submit them while SAS had them locked out prior to quarantining them, then the submit sample program would not have access to them.

Thanks for the reply--I have Vista HP, SP2. I tried to upload to virustotal, but it seemed that it was only wanting exe. files, not dll.s

I update SAS 2-3 Xs/week, so I assumed it was the latest version. But later I will install new version. So what would I do with the quarantined files if I were to uninstall old version?

Also, I had SAS open to copy/paste files when I tried to use submit sample, so it was probably locked, as you said. [Learning something new every day.]

Thanks

Share this post


Link to post
Share on other sites

Thanks for the reply--I have Vista HP, SP2. I tried to upload to virustotal, but it seemed that it was only wanting exe. files, not dll.s

I update SAS 2-3 Xs/week, so I assumed it was the latest version. But later I will install new version. So what would I do with the quarantined files if I were to uninstall old version?

Also, I had SAS open to copy/paste files when I tried to use submit sample, so it was probably locked, as you said. [Learning something new every day.]

Thanks

You should restore those MSVideo.dll files. Run MSVideo.dll through the jotti link above. VirusTotal does appear to be down. Then submit them to SAS via SuperSampleSubmit.

If you have those files in quarantine (without restoring them) at the time you uninstall SAS, you will loose the files...which you do not want to happen at this time.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×