VBS:Malware-gen keeps on being moved to chest (?)

[SandraSickofMalware]

Hi everyone, I just installed the latest free version of avast after i suspected that a USB that i plugged into my brand new laptop was infected  :'( !

When i did a full scan 3 files were found and moved to chest, and in the report log it noticed that this removable media had something nasty on it but because it wasnt plugged into my laptop  at the time it said something along the lines of "coudlnt find the path..." ??

Now im fairly certain that it was in my F:\ USB port, and now all i keep seeing is MALWARE BLOCKED notifications every single minute (that is no exagerration)

and the report avast gives me is as follows:

* avast! Real-time Shield Scan Report
* This file is generated automatically
*
* Started on: Wednesday, September 29, 2010 11:11:14 AM
*

29/09/2010 12:08:39   C:\Windows\autorun.inf [L] VBS:Malware-gen (0)
File was successfully moved to chest...
29/09/2010 12:08:50   C:\Windows\autorun.inf [L] VBS:Malware-gen (0)
File was successfully moved to chest...
29/09/2010 12:09:47   C:\Windows\autorun.inf [L] VBS:Malware-gen (0)
File was successfully moved to chest...
29/09/2010 12:09:49   C:\Windows\autorun.inf [L] VBS:Malware-gen (0)
File was successfully moved to chest...
29/09/2010 12:10:00   C:\Windows\autorun.inf [L] VBS:Malware-gen (0)
File was successfully moved to chest...
29/09/2010 12:10:54   C:\Windows\autorun.inf [L] VBS:Malware-gen (0)
File was successfully moved to chest...
29/09/2010 12:11:10   C:\Windows\autorun.inf [L] VBS:Malware-gen (0)
File was successfully moved to chest...
29/09/2010 12:12:04   C:\Windows\autorun.inf [L] VBS:Malware-gen (0)
File was successfully moved to chest...
29/09/2010 12:12:05   C:\Windows\autorun.inf [L] VBS:Malware-gen (0)
File was successfully moved to chest...
29/09/2010 12:12:20   C:\Windows\autorun.inf [L] VBS:Malware-gen (0)
File was successfully moved to chest...
29/09/2010 12:13:12   C:\Windows\autorun.inf [L] VBS:Malware-gen (0)
File was successfully moved to chest...
29/09/2010 12:13:28   C:\Windows\autorun.inf [L] VBS:Malware-gen (0)
File was successfully moved to chest...
29/09/2010 12:14:20   C:\Windows\autorun.inf [L] VBS:Malware-gen (0)
File was successfully moved to chest...
29/09/2010 12:14:36   C:\Windows\autorun.inf [L] VBS:Malware-gen (0)
File was successfully moved to chest...
29/09/2010 12:15:30   C:\Windows\autorun.inf [L] VBS:Malware-gen (0)
File was successfully moved to chest...
29/09/2010 12:15:30   C:\Windows\autorun.inf [L] VBS:Malware-gen (0)
File was successfully moved to chest...
29/09/2010 12:15:43   C:\Windows\autorun.inf [L] VBS:Malware-gen (0)
File was successfully moved to chest...
29/09/2010 12:16:37   C:\Windows\autorun.inf [L] VBS:Malware-gen (0)
File was successfully moved to chest...
29/09/2010 12:16:51   C:\Windows\autorun.inf [L] VBS:Malware-gen (0)
File was successfully moved to chest...
29/09/2010 12:17:45   C:\Windows\autorun.inf [L] VBS:Malware-gen (0)
File was successfully moved to chest...
29/09/2010 12:17:48   C:\Windows\autorun.inf [L] VBS:Malware-gen (0)
File was successfully moved to chest...
29/09/2010 12:17:58   C:\Windows\autorun.inf [L] VBS:Malware-gen (0)
File was successfully moved to chest...
29/09/2010 12:18:53   C:\Windows\autorun.inf [L] VBS:Malware-gen (0)
File was successfully moved to chest...
29/09/2010 12:18:58   C:\Windows\autorun.inf [L] VBS:Malware-gen (0)
File was successfully moved to chest...
29/09/2010 12:19:09   C:\Windows\autorun.inf [L] VBS:Malware-gen (0)
File was successfully moved to chest...
29/09/2010 12:20:00   C:\Windows\autorun.inf [L] VBS:Malware-gen (0)
File was successfully moved to chest...
29/09/2010 12:20:09   C:\Windows\autorun.inf [L] VBS:Malware-gen (0)
File was successfully moved to chest...
29/09/2010 12:20:16   C:\Windows\autorun.inf [L] VBS:Malware-gen (0)
File was successfully moved to chest...
29/09/2010 12:21:08   C:\Windows\autorun.inf [L] VBS:Malware-gen (0)
File was successfully moved to chest...
29/09/2010 12:21:19   C:\Windows\autorun.inf [L] VBS:Malware-gen (0)
File was successfully moved to chest...
29/09/2010 12:21:23   C:\Windows\autorun.inf [L] VBS:Malware-gen (0)
File was successfully moved to chest...
29/09/2010 12:22:18   C:\Windows\autorun.inf [L] VBS:Malware-gen (0)
File was successfully moved to chest...
29/09/2010 12:22:29   C:\Windows\autorun.inf [L] VBS:Malware-gen (0)
File was successfully moved to chest...
29/09/2010 12:22:31   C:\Windows\autorun.inf [L] VBS:Malware-gen (0)
File was successfully moved to chest...
29/09/2010 12:23:28   C:\Windows\autorun.inf [L] VBS:Malware-gen (0)
File was successfully moved to chest...
29/09/2010 12:23:36   C:\Windows\autorun.inf [L] VBS:Malware-gen (0)
File was successfully moved to chest...
29/09/2010 12:23:39   C:\Windows\autorun.inf [L] VBS:Malware-gen (0)
File was successfully moved to chest...
29/09/2010 12:24:39   C:\Windows\autorun.inf [L] VBS:Malware-gen (0)
File was successfully moved to chest...
29/09/2010 12:24:44   C:\Windows\autorun.inf [L] VBS:Malware-gen (0)
File was successfully moved to chest...
29/09/2010 12:24:46   C:\Windows\autorun.inf [L] VBS:Malware-gen (0)
File was successfully moved to chest...
29/09/2010 12:25:46   C:\Windows\autorun.inf [L] VBS:Malware-gen (0)
File was successfully moved to chest...
29/09/2010 12:25:52   C:\Windows\autorun.inf [L] VBS:Malware-gen (0)
File was successfully moved to chest...
29/09/2010 12:25:54   C:\Windows\autorun.inf [L] VBS:Malware-gen (0)
File was successfully moved to chest...
29/09/2010 12:26:57   C:\Windows\autorun.inf [L] VBS:Malware-gen (0)
File was successfully moved to chest...
29/09/2010 12:27:01   C:\Windows\autorun.inf [L] VBS:Malware-gen (0)
File was successfully moved to chest...
29/09/2010 12:28:07   C:\Windows\autorun.inf [L] VBS:Malware-gen (0)
File was successfully moved to chest...
29/09/2010 12:28:07   C:\Windows\autorun.inf [L] VBS:Malware-gen (0)
File was successfully moved to chest...
29/09/2010 12:28:12   C:\Windows\autorun.inf [L] VBS:Malware-gen (0)
File was successfully moved to chest...
29/09/2010 12:29:14   C:\Windows\autorun.inf [L] VBS:Malware-gen (0)
File was successfully moved to chest...
29/09/2010 12:29:19   C:\Windows\autorun.inf [L] VBS:Malware-gen (0)
File was successfully moved to chest...
29/09/2010 12:30:22   C:\Windows\autorun.inf [L] VBS:Malware-gen (0)
File was successfully moved to chest...
29/09/2010 12:30:27   C:\Windows\autorun.inf [L] VBS:Malware-gen (0)
File was successfully moved to chest...
29/09/2010 12:31:32   C:\Windows\autorun.inf [L] VBS:Malware-gen (0)
File was successfully moved to chest...
29/09/2010 12:32:40   C:\Windows\autorun.inf [L] VBS:Malware-gen (0)
File was successfully moved to chest...
29/09/2010 12:32:42   C:\Windows\autorun.inf [L] VBS:Malware-gen (0)
File was successfully moved to chest...
29/09/2010 12:33:48   C:\Windows\autorun.inf [L] VBS:Malware-gen (0)
File was successfully moved to chest...
29/09/2010 12:33:52   C:\Windows\autorun.inf [L] VBS:Malware-gen (0)
File was successfully moved to chest...
29/09/2010 12:34:58   C:\Windows\autorun.inf [L] VBS:Malware-gen (0)
File was successfully moved to chest...
29/09/2010 12:34:58   C:\Windows\autorun.inf [L] VBS:Malware-gen (0)
File was successfully moved to chest...
29/09/2010 12:35:02   C:\Windows\autorun.inf [L] VBS:Malware-gen (0)
File was successfully moved to chest...
29/09/2010 12:36:05   C:\Windows\autorun.inf [L] VBS:Malware-gen (0)
File was successfully moved to chest...
29/09/2010 12:36:10   C:\Windows\autorun.inf [L] VBS:Malware-gen (0)
File was successfully moved to chest...
29/09/2010 12:37:14   C:\Windows\autorun.inf [L] VBS:Malware-gen (0)
File was successfully moved to chest...
29/09/2010 12:37:16   C:\Windows\autorun.inf [L] VBS:Malware-gen (0)
File was successfully moved to chest...
29/09/2010 12:37:21   C:\Windows\autorun.inf [L] VBS:Malware-gen (0)
File was successfully moved to chest...
29/09/2010 12:38:21   C:\Windows\autorun.inf [L] VBS:Malware-gen (0)
File was successfully moved to chest...
29/09/2010 12:38:28   C:\Windows\autorun.inf [L] VBS:Malware-gen (0)
File was successfully moved to chest...
29/09/2010 12:39:31   C:\Windows\autorun.inf [L] VBS:Malware-gen (0)
File was successfully moved to chest...
29/09/2010 12:39:32   C:\Windows\autorun.inf [L] VBS:Malware-gen (0)
File was successfully moved to chest...
29/09/2010 12:39:39   C:\Windows\autorun.inf [L] VBS:Malware-gen (0)
File was successfully moved to chest...
29/09/2010 12:40:38   C:\Windows\autorun.inf [L] VBS:Malware-gen (0)
File was successfully moved to chest...
29/09/2010 12:40:46   C:\Windows\autorun.inf [L] VBS:Malware-gen (0)
File was successfully moved to chest...
29/09/2010 12:41:47   C:\Windows\autorun.inf [L] VBS:Malware-gen (0)
File was successfully moved to chest...
29/09/2010 12:41:49   C:\Windows\autorun.inf [L] VBS:Malware-gen (0)
File was successfully moved to chest...
29/09/2010 12:41:54   C:\Windows\autorun.inf [L] VBS:Malware-gen (0)
File was successfully moved to chest...
29/09/2010 12:42:54   C:\Windows\autorun.inf [L] VBS:Malware-gen (0)
File was successfully moved to chest...
29/09/2010 12:42:59   C:\Windows\autorun.inf [L] VBS:Malware-gen (0)
File was successfully moved to chest...


If it has been moved to chest then why is this still a problem? I'm in a real state right now, as is my computer, i'm tempted to just turn off the avast signs and notifications but that obviously doesn't solve the problem!! If ANYONE could help me it would be incredibly appreciated!

Thank you very much for taking time to read my problem.

Regards

S

[DavidR]

Why it keeps happening, because something keeps creating it and the culprit is likely to be an infected USB.

Flash Drive Disinfector
Information and Download Flash_Disinfector.exe by sUBs from >here< and save it to your desktop.

• Double-click Flash_Disinfector.exe to run it (first with no USB sticks connected) and follow any prompts that may appear.
• The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
• Wait until it has finished scanning and then exit the program.
• Reboot your computer when done.

Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.

Mirror download site, http://download.bleepingcomputer.com/sUBs/Flash_Disinfector.exe

####
If it keeps coming back, there is likely to be an undetected or hidden element to the infection that restores or downloads the file again. What is your firewall ?

If you haven't already got this software (freeware), download, install, update and run it and report the findings (it should product a log file).

• 1.  MalwareBytes Anti-Malware (MBAM), On-Demand only in free version http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe, right click on the link and select Save As or Save File (As depending on your browser), save it to a location where you can find it easily later.
• 2. SUPERantispyware (SAS). On-Demand only in free version.

Don't worry about reported tracking cookies they are a minor issue and not one of security, allow SAS to deal with them though. - See http://en.wikipedia.org/wiki/HTTP_cookie.
Also available a portable version of SAS, http://www.superantispyware.com/portablescanner.html, no installation required.

[SandraSickofMalware]

Hiya, thanks for your reply!

Funnily enough before you replied i tried looking around Google to find some more help and i did download MalwareBytes - i did a quick scan and it found 8 infected files but it said it couldn't remove them but asked that i restart my computer to help the process. I did do so and now i am running a full scan on my computer, which as one would expect, appear to be a long process - that is no matter though and I shall see if there are any fruits to these particular labours

May I also ask you, is Flash Drive Disinfector by sUBs a reputable name or well known? Unfortuantely I am relatively new to the horrific world of malware and so on so I am extremely hesistant to download any new programs, it took me a good 15 minutes to convince myself to get MalwareByte's Anti malware! I don't wish to download something and then unknowningly ruin my computer even further. Also, this Flash Drive Disinfector, presumably it scans my hard disk too , or is it designed simply for removable media like USBs? And finally, does it provide real time protection? I am aware Avast provides the real time protection, so im curious to know is Avast, MalwareBytes and Flash_Disinfector.exe will run together? I suppose this is also another question in itself, but if is chose to purchase and install , say, Kaspersky's full program and protection, would i first have to remove Avast and Malware Bytes or could i install all of them on my computer at the same time?

As for the culprit USB I do believe that when i inserted it into another laptop avast actually moved every single file i had on there to chest, and now when i explore this usb it says nothing is present in Windows Explorer but all my photographs appear in a separate program that autoruns itself (i believe its adobe?) so im wondering where on earth the files have gone to! This might also mean that scanning this usb will be fruitless, but , as you said it does appear that something has been deposited in my current laptop. Do you think i should take out my files from the chest and put them back on the usb? (if that possible?)

I must apologise for the ludicrous amount of questions i have asked of you, however any light you can shed on what i have asked would be much appreciated.

Thank you,

S

[DavidR]

We wouldn't suggest it in the forums if it wasn't, I have used it on my system.

1. Flash Disenfector does what is said in the info link (Red >here< text) in the above post, please read it in full.

A very brief description - It targets some common malware issues but not everything, it removes any existing autorun.inf files on the hard disk, it creates an autorun.inf 'folder' to prevent future attempts to place autorun.inf 'files' on the hard disk. It is a specific tool and not a general anti-virus/malware scan.

2. Avast wouldn't remove any files autonomously, only files it considers infected and for those you should have received an avast alert. So I don't what else might be going on that you can't see them in explorer.

You don't say what files were moved to the chest, so I can't make any recommendation/suggestion ?

However, you can scan the files within the chest to see if avast still detects them as infected, if so there would be no point in trying to restore files considered infected.