Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Submission in Waiting


  • Please log in to reply
11 replies to this topic

#1 Tenis

Tenis

    Bleepin' FX


  • Malware Study Hall Senior
  • 1,147 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:03 AM

Posted 31 October 2014 - 12:28 PM

I submit a startup entry on  Oct 22 2014 but still its not approved yet.

HandyAndy.exe

Status Waiting - Submitted on Oct 22 2014, 5:46 AM. Reviewed on Dec 31 1969, 7:00 PM

 

Please check.

 

Thank You.


Edited by tenisverma, 31 October 2014 - 01:14 PM.

fseDQlO.jpg

 

 


BC AdBot (Login to Remove)

 


m

#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,395 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:33 PM

Posted 06 November 2014 - 06:23 PM

Sorry about the delay. I need to review this file further. Do you have a link from where you downloaded it?

#3 Tenis

Tenis

    Bleepin' FX

  • Topic Starter

  • Malware Study Hall Senior
  • 1,147 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:03 AM

Posted 07 November 2014 - 12:51 AM

Actually i didn't download the file,My brother did.He install apps of android for that he download some programs.

Name of this program is Andy the Android Emulator.

I use Process Explorer so i see virus process of which i submit the file.


fseDQlO.jpg

 

 


#4 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 34,286 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:03:33 PM

Posted 07 November 2014 - 10:58 AM

I think you're seeing this one: http://www.andyroid.net/

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+

#5 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,395 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:33 PM

Posted 07 November 2014 - 12:41 PM

Do you know if he downloaded the file directly from the developers site? If not, he may have downloaded it from a third party site that bundled it with an adware installer. I didn't see any adware when I installed the executable directly from the site.

#6 Tenis

Tenis

    Bleepin' FX

  • Topic Starter

  • Malware Study Hall Senior
  • 1,147 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:03 AM

Posted 07 November 2014 - 11:53 PM

I asked and he said He download from developers site (http://www.andyroid.net/) but he didn't complete the installation process because it was downloading additional files approx. 400 MB.

Currently there is 6 MB in Andy Folder in Program Files.

 

VirusTotal Report

HandyAndy.exe

AndyPriorityMgr.exe

 

 

I am downloading it on different pc to test.


fseDQlO.jpg

 

 


#7 Tenis

Tenis

    Bleepin' FX

  • Topic Starter

  • Malware Study Hall Senior
  • 1,147 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:03 AM

Posted 08 November 2014 - 02:46 AM

I installed the program on different pc and run Process Explorer which also shows virus.

But the the file is different from before(Hash of file is Different).

I attached new report links below.

 

HandyAndy.exe 

AndyPriorityMgr.exe


fseDQlO.jpg

 

 


#8 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,395 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:33 PM

Posted 10 November 2014 - 02:00 PM

My guess is that these are false positives. I am not seeing anything wrong with it when I installed.

#9 Tenis

Tenis

    Bleepin' FX

  • Topic Starter

  • Malware Study Hall Senior
  • 1,147 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:03 AM

Posted 10 November 2014 - 03:23 PM

But i installed it on another pc to test it.

It still shows me.

That startup item seems unnecessary to me.

 

File has also verified signature.

Then what to do?.Its still suspicious to me.


fseDQlO.jpg

 

 


#10 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 34,286 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:03:33 PM

Posted 10 November 2014 - 04:21 PM

I have it disabled at startup. It is not required at startup.

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+

#11 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,395 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:33 PM

Posted 10 November 2014 - 05:25 PM

Added: http://www.bleepingcomputer.com/startups/HandyAndy.exe-28647.html

#12 Tenis

Tenis

    Bleepin' FX

  • Topic Starter

  • Malware Study Hall Senior
  • 1,147 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:03 AM

Posted 11 November 2014 - 09:07 AM

Thank You 


fseDQlO.jpg

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users