VBS Flufferminer -D[Trj] detected

[muppetlol]

Did not downloaded anything at all for the past 1 week. Been doing full scan daily like 3 times a day everyday since I bought Avast Internet Security.

However yesterday as I was opening pandora radio from my firefox, I noticed a sudden massive lag throughout my browser and my mouse was lagging.

Today when I turned on my computer, Windows update started to update and I installed all of the update. Then I restarted and did a full system scan and it detected 1 threat.

I used Malwarebytes to do a full scan but malwarebytes did not detect anything( Scanned like 3x). After Avast detected it, I moved it to the chest and Avast asked me to restart and do a boot-time scan. The VBS Flufferminer -D[Trj] was detected again in the boot-time scan. I tried to fix it in the boot-time scan but Avast told me this file is in C:\Windows , thus I exited the boot-time scan and booted into Windows so I can write this thread.

I understand that I should not touch anything in C:\Windows thus I did not remove it.

I moved it to the Chest, did a full scan and no threat was found. I was unable to locate the file as it seems to be moving around the directories.

This is the picture of the full scan did in Windows.



Yes I already checked and the file does end with bin.VF , there wasn't anymore words after that extension

This is the picture of the boot-time scan did when booting.



I tried to get to those location stated in the picture but I can't find the file in it.

I reached C:\Windows\Temp\_avast_   but the only file in it was called Webshlock

I reached C:\ProgramData\Microsoft\Windows Defender\Scans but I do not see mpcache-598xxxxxx , the only two folders in it was CleanStore and History

I'm pretty sure I did not download anything for the past 2 month cause I've been playing the same game everyday for like the past 3 months without downloading anything else.

Help would be appreciated as the scan logs does not seems to tell much. Could this be a false positive? What should I do next?

[TwinHeadedEagle]

Have you recently used USB flash drive?


Please download AdwCleaner by Xplode and save to your Desktop.

Double click on AdwCleaner.exe to run the tool.

• Click on the Scan button.
  
• After the scan has finished click on the Clean button.

Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.

• After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  
• Post logfile will also be saved in the C:\AdwCleaner folder.

Please download aswMBR and save it to your desktop.

Double click aswMBR.exe to start the tool.

• Select Yes if prompted to download the Avast database.
   
• Click Scan
   
• Upon completion of the scan ( Scan finished successfully ) click Save log and save it to your desktop, and post that log in your next reply for review.
  Note: do NOT attempt any Fix yet.
  
  

Please download Farbar Recovery Scan Tool by Farbar and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
  
• Under Optional Scan ensure "List BCD" and "Driver MD5" are ticked.
  
• Press Scan button.
  
• It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

[muppetlol]

No I have all my USB ports disconnected from my motherboard(No SATA cable to the external USB ports on my computer case) except those behind the motherboard since the day I bought it. No one has physical access to my computer but me. I do not use any disc drives or USB ports for files ( eg. flashdrives/thumbdrives or even smartphones )

The only thing on my USB ports are my mouse , keyboard and mic, been using them for like a year already.

Also It's not that I don't trust you with those programs listed in your posted but as a suspicious person, I take security very seriously thus the chances of me installing those programs just to get the logs would be zero.

I do not install anything on my computer, since I take security very seriously, the only thing installed are my games from steam and just Avast Internet Security. If even by doing this could cause me to get infected, I guess Windows must be a really bad platform then?

Is there other way we can work around this without downloading extra stuff into my computer?

[Pondus]

Been doing full scan daily like 3 times a day everyday since I bought Avast Internet Security.

ehrmm..... why?   

Is there other way we can work around this?

hmmm.... crystal ball or magic maybe   

relax the tools are used here every day by the removal expert and are totally safe

[muppetlol]

Been doing full scan daily like 3 times a day everyday since I bought Avast Internet Security.

ehrmm..... why?   

Is there other way we can work around this?

hmmm.... crystal ball or magic maybe   

relax the tools are used here every day by the removal expert and are totally safe

I'm just superstitious so I run more scans, it doesn't hurt to run more though.

Do I really have no choice but to install those programs stated in the post?

[Pondus]

I'm just superstitious so I run more scans, it doesn't hurt to run more though.

you have a antivirus program with realtime protection..... meaning evry file / process that moves when computer is on is checked in realtime

Do I really have no choice but to install those programs stated in the post?

he cant see whats going on inside unless he see those logs

and he will remove the tools used when finish

[TwinHeadedEagle]

Ok, wait for someone else to help you...I am not interested anymore...

[muppetlol]

I'm just superstitious so I run more scans, it doesn't hurt to run more though.

you have a antivirus program with realtime protection..... meaning evry file / process that moves when computer is on is checked in realtime

Do I really have no choice but to install those programs stated in the post?

he cant see whats going on inside unless he see those logs

and he will remove the tools used when finish

Thanks for that info, I didn't know the realtime actually scans as I use any file on my computer (:

Do I have to remove the tools myself after I get all the logs?

[Pondus]

Do I have to remove the tools myself after I get all the logs?

the removal expert will tell you how to when finish...

[zygomatic]

Dear senior members,

I have an identical problem. Would you mind if I posted my logs as well?

The file in question is in the attachment...

[Pondus]

I have an identical problem. Would you mind if I posted my logs as well?

No.... but start your own topic since helping multiple users in same will be chaotic

[zygomatic]

I have an identical problem. Would you mind if I posted my logs as well?

No.... but start your own topic since helping multiple users in same will be chaotic

Not a problem...

[tyraarane]

Are we sure this isn't just a false positive? I'm showing the exact same infection in the exact same file. It only appeared as a threat to Avast after the recent set of Windows updates, which included a bunch of security updates for Windows Defender. What are the odds of that?

[essexboy]

That looks to be in the windows defender definitions, which would make it an FP

[tommytinkroom]

Ditto,exactly the same file as the op.I successfully deleted it from Avast and then ran a boot scan which detected it again
so i pressed 6 to delete all,then did another full Avast scan which said no threat found.
Starting to think this might be an FP now.