Total Defense

Americas
Brazil
Canada
Latin America
United States
Europe
Austria
Belgium
Croatia
Czech Republic
Denmark
France
Germany
Hungary
Ireland
Italy
Macedonia
Netherlands
Poland
Portugal
Romania
Russia
Slovenia
Spain
Sweden
Switzerland
Turkey
United Kingdom
Ukraine
Middle East & Africa
Algeria
Kenya
Middle East
Namibia
Nigeria
South Africa
Asia & Pacific
Australia
China
Hong Kong
India
Indonesia
Japan
Malaysia
New Zealand
North Korea
Philippines
Singapore
South Korea
Thailand
United States

NEWS

17 September 07

Submit a Malware Sample

A solution-specific guide to submitting malware samples.

Use this form to request a new entry for malware that is not already listed in our encyclopedia. When at all possible, and to ensure that we are performing the appropriate analysis, please submit a sample of the file that is being reported as infected.

Anti-Malware solutions provide protection by detecting unwanted software - malware like worms, trojans and viruses, or spyware - and disabling or removing it from your system. This is generally accomplished by detecting the tell-tale "signatures" or files, directories and registry entries associated with the malware.

There are several reasons you may need to send in a sample of malware or a file you suspect to contain malware. Our technicians may ask you to submit a sample for further analysis or you may believe that you have found malware of some kind that we did not detect. In the second case in particular, we ask that you please send us a sample of the malware at your earliest convenience.

The simplest way to get that sample to us is by completing the Malware Submission Form found under the "Submit a Sample; Virus/Spyware" area of Security Advisor.

Alternately, you may forward it to us as an email attachment, but be advised that in some cases, deliberately sending potential malware via email - even with the most benevolent of intentions - may be in violation of your usage agreement with your Internet Service Provider.

To Escalate A Malware Issue:

After you have submitted your sample through the form or email, you must update Support with the Virtue submission number received from the automated response system after a successful sample submission. This update to Support can be done via the phone or through logging into the SupportConnect system to update your existing open issue. Total Defense Security Advisor Research can only match up a sample with an issue if notified by the customer through this process.

The Total Defense Support Connect website allows you to open issues or update them online at the following website:

http://www.totaldefense.com/support

You MUST open a ticket with Total Defense Support through the normal process, update them once the malware has been submitted, and indicate to Support the extent and reasons for your escalation request. Associating your Total Defense Support issue with the your malware submission will ensure your submission is escalated and reviewed, while not diminishing the importance of the other submissions.

Additional instructions for compressing samples:

Please compress and password protect your file before submitting it to our researchers. If you do not compress and password protect the file, it may be intercepted or blocked and fail to reach us.

You will also need to temporarily disable your Total Defense Anti-Spyware and Total Defense Anti-Virus software as they may deny access to the file, preventing you from compressing it.

Below are detailed instructions for compressing and password protecting your sample using popular compression software.

Note: These instructions only apply to recent versions of the mentioned compression software. If you are using an older version, please upgrade to the latest version available. If you are using a different compression utility to the following listed programs, please consult your program vendor for further help.

For WinZIP ®:

1. Right click on the suspect file and select Add to ZIP - the ADD dialog will appear.

2. Click the Password button at the bottom of this dialog.

3. Enter the password spyware or virus and click OK.

4. Re-enter the password spyware or virus and again click OK. The Add to archive field at the top of the dialog will display the location of the zip file about to be created.

5. Click the ADD button to create the password protected zip file in this location. The archive you create will have a .ZIP extension.

Use this location and file for submission.

For WinRAR ®:

1. Right click on the suspect file and select Add to archive. The Archive name and parameters dialog will appear.

2. Click the Advanced tab and select Set password.

3. Enter the password spyware or virus, then re-enter for verification - Click OK.

4. Click back to the General tab, the archive name is displayed.

5. Click the OK button to create the archive in the current folder. The archive you create will have a .RAR extension.

Use this location and file for submission.

For WinACE:

1. Right click on the suspect file and select Add to... The Add files / Create Archive dialog appears.

2. Click the Options tab - in the Password field, enter the password spyware or virus.

3. Re-enter the password for verification.

4. Click the Add button to create the archive in the current folder. The archive you create will have a .ACE extension.

Use this location and file for submission.

Please Note: At the current time, our malware sample submission system correspondence is in English only. If you require additional assistance in a language other than English, please contact your local support office during normal business hours using the contact details supplied here.

Home & Home Office

Home & Home Office Support

Business

Business Support

Partners

Deal Registration

Support

Security Advisor

Home & Home Office

Business

About Us

News

NEWS

Submit a Malware Sample

Shop

Support

Company Info

Resources