Malware-gen detected - Error: system cannot find the file specified (2)

[jfour500]

a friend was using my external drive on their computer and Avast detected a threat, so they disconnected immediately.

I scanned the drive on my computer using malwarebytes, avg 9 and superantispyware, didnt find anything

Downloaded Avast, scanned & found

N:\System Volume Information|_restore(2846F638-C5AC-45B1-8F7F-98C3A36B3599)\RP67\A0066582.inf

Threat:VBS:Malware-gen

Error: The system cannot find the file specified (2)

Can not move, delete etc

Not very tech savy, suggestions on how to deal with this please! Thanks!

[Asyn]

As this threat is located in system restore, just empty system restore or this one restore point.
Or let avast put it to the chest..!
asyn

[jfour500]

Avast is unable to put it in the chest.
Cleared restore, rescanning, fingers crossed!

Thanks for advice!

[Asyn]

Avast is unable to put it in the chest.
Cleared restore, rescanning, fingers crossed!
Thanks for advice!

You're welcome..!
Awaiting your reply..!!
asyn

[polonus]

Here is a proposed way to fix it:
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039?OpenDocument&src=sec_doc_nam

polonus

[dozey_dude]

Hi I have had a similar problem,
avast keeps finding the problem but cannot remove it. I think the issue is either in the windows or
i386 directory.

File name: SVC: PRAGMArnnsmbexnm
Severity: High
Status: Threat: Rootkit: hidden service

Result: Error: The system cannot find the file specified(2)

Is there a way to remvove this problem, and is it really an issue?

If anyone has any ideas please let me know

[Asyn]

Is there a way to remvove this problem, and is it really an issue?

If you're on a 32bit system, run a boot time scan with avast.
Report back.
And yes, a rootkit infection is a rather big issue...
asyn

[essexboy]

That is a very sneaky rootkit

GMER Rootkit Scanner - Download - Homepage

• Download GMER
• Extract the contents of the zipped file to desktop.
• Double click GMER.exe.

• If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
  
• In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
  • IAT/EAT
  • Drives/Partition other than Systemdrive (typically C:\)
  • Show All (don't miss this one)
  
  Click the image to enlarge it
  

• Then click the Scan button & wait for it to finish.
• Once done click on the [Save..] button, and in the File name area, type in "ark.txt" 
  
• Save the log where you can easily find it, such as your desktop.

**Caution**Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Please copy and paste the report into your Post.

THEN

Download OTL  to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Select Scan all users
  
• Under the Custom Scan box paste this in

netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    
  • Attach both logs

[Asyn]

As Essexboy jumps in here, follow his advice...!
asyn