Author Topic: Getting Process... is infected by "JS:ScriptSH-inf [Trj]" virus." - REPEATEDLY  (Read 10427 times)

0 Members and 1 Guest are viewing this topic.

cashonly

  • Guest
For the last few days, on my nightly scan, I've been getting the following 3 messages:

File "Process 3776, memory block 0x01220000, block size
1310720" is infected by "JS:ScriptSH-inf [trj]" virus.
"Scan Drives C: and F:" task used
Version of current VPS file is 090512-0, 05/12/2009

File "Process 3776, memory block 0x055A0000, block size
1310720" is infected by "JS:ScriptSH-inf [trj]" virus.
"Scan Drives C: and F:" task used
Version of current VPS file is 090512-0, 05/12/2009

File "Process 3776, memory block 0x00E20000, block size
1310720" is infected by "JS:ScriptSH-inf [trj]" virus.
"Scan Drives C: and F:" task used
Version of current VPS file is 090512-0, 05/12/2009

Can anyone tell me why Avast is not getting rid of it and how I can get rid of it?

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11849
    • AVAST Software
When you open Task Manager and look for process with PID 3776 (provided you didn't restart the machine yet) - what is it?

cashonly

  • Guest
Never thought of doing that!

Actually, it's SpyBot's TeaTimer

Shouldn't this be safe?

Thx,

Cash

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Isn't SpyBot encrypting their signatures? ???
The best things in life are free.

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11849
    • AVAST Software
Well, it's a memory scan... so the signatures are probably encrypted on disk, but decrypted in memory.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Well, it's a memory scan... so the signatures are probably encrypted on disk, but decrypted in memory.
Sure, but how it should be to avast do not detect it as a false positive? ???
The best things in life are free.

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11849
    • AVAST Software
I'm afraid it's not possible to prevent.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
I'm afraid it's not possible to prevent.
But how does it work until now?
Why does other antispyware do not do the same (result), for instance, MBAM or SAS...
The best things in life are free.

Kyuzo

  • Guest
This is similar to the warning I have been receiving after yesterday's update of my Spyware Terminator/ClamAV. An Avast! trojan horse warning on the same script item, "JS:ScriptSH-inf[trj]" keeps occurring on my machine at start-up. Avast! seems to be seeing this script item after ClamAV's 5/12/09 update. I and another poster mentioned it (he had a problem with Avast! seeing the script in ClamWin) .
« Last Edit: May 13, 2009, 04:39:01 PM by Kyuzo »

rdmaloyjr

  • Guest
avast! reports "JS:ScriptSH-inf [trj]" - REPEATEDLY & I don't have SpyBot S & D on my computer.

Kyuzo

  • Guest
I'm no software guru, but I am a reasonably good guesser. My take is that Spybot, ClamAV and ClamWin have updated their signature files with a (perhaps non-encrypted) signature of this script/trojan. Avast! now seems to be seeing this signature and warning of an infection.

Oddly, while my Avast! warning pop-up says my computer is infected with a trojan horse, the warning band at the bottom of the screen on start-up says that the file spotted has a "sample of JS:ScriptSH-inf[trj]".