Avast WEBforum
Other => Viruses and worms => Topic started by: cashonly on May 13, 2009, 01:20:23 PM
-
For the last few days, on my nightly scan, I've been getting the following 3 messages:
File "Process 3776, memory block 0x01220000, block size
1310720" is infected by "JS:ScriptSH-inf [trj]" virus.
"Scan Drives C: and F:" task used
Version of current VPS file is 090512-0, 05/12/2009
File "Process 3776, memory block 0x055A0000, block size
1310720" is infected by "JS:ScriptSH-inf [trj]" virus.
"Scan Drives C: and F:" task used
Version of current VPS file is 090512-0, 05/12/2009
File "Process 3776, memory block 0x00E20000, block size
1310720" is infected by "JS:ScriptSH-inf [trj]" virus.
"Scan Drives C: and F:" task used
Version of current VPS file is 090512-0, 05/12/2009
Can anyone tell me why Avast is not getting rid of it and how I can get rid of it?
-
When you open Task Manager and look for process with PID 3776 (provided you didn't restart the machine yet) - what is it?
-
Never thought of doing that!
Actually, it's SpyBot's TeaTimer
Shouldn't this be safe?
Thx,
Cash
-
Isn't SpyBot encrypting their signatures? ???
-
Well, it's a memory scan... so the signatures are probably encrypted on disk, but decrypted in memory.
-
Well, it's a memory scan... so the signatures are probably encrypted on disk, but decrypted in memory.
Sure, but how it should be to avast do not detect it as a false positive? ???
-
I'm afraid it's not possible to prevent.
-
I'm afraid it's not possible to prevent.
But how does it work until now?
Why does other antispyware do not do the same (result), for instance, MBAM or SAS...
-
This is similar to the warning I have been receiving after yesterday's update of my Spyware Terminator/ClamAV. An Avast! trojan horse warning on the same script item, "JS:ScriptSH-inf[trj]" keeps occurring on my machine at start-up. Avast! seems to be seeing this script item after ClamAV's 5/12/09 update. I and another poster mentioned it (he had a problem with Avast! seeing the script in ClamWin) .
-
avast! reports "JS:ScriptSH-inf [trj]" - REPEATEDLY & I don't have SpyBot S & D on my computer.
-
I'm no software guru, but I am a reasonably good guesser. My take is that Spybot, ClamAV and ClamWin have updated their signature files with a (perhaps non-encrypted) signature of this script/trojan. Avast! now seems to be seeing this signature and warning of an infection.
Oddly, while my Avast! warning pop-up says my computer is infected with a trojan horse, the warning band at the bottom of the screen on start-up says that the file spotted has a "sample of JS:ScriptSH-inf[trj]".