Author Topic: Malware-gen detected - Error: system cannot find the file specified (2)  (Read 4739 times)

Offline jfour500

  • Newbie
  • *
  • Posts: 2
    • Personal Message (Offline)
a friend was using my external drive on their computer and Avast detected a threat, so they disconnected immediately.

I scanned the drive on my computer using malwarebytes, avg 9 and superantispyware, didnt find anything

Downloaded Avast, scanned & found

N:\System Volume Information|_restore(2846F638-C5AC-45B1-8F7F-98C3A36B3599)\RP67\A0066582.inf

Threat:VBS:Malware-gen

Error: The system cannot find the file specified (2)

Can not move, delete etc

Not very tech savy, suggestions on how to deal with this please! Thanks!




Offline Asyn

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 24968
    • >>>  avast! Forum - Deutschsprachiger Bereich  <<<
    • Personal Message (Offline)
As this threat is located in system restore, just empty system restore or this one restore point.
Or let avast put it to the chest..!
asyn
XP SP3 - avast! 9.0.2018 - CIS 3.14 [FW/D+] - MBAM 1.75 [On Demand] - Firefox ESR 24.4 [NS/ABP/EHH/BP] - Thunderbird 24.4 [EM/CH]
Deutschsprachiger Bereich -> avast! Wissenswertes (Downloads, Anleitungen und Infos): http://forum.avast.com/index.php?topic=60523.0

Offline jfour500

  • Newbie
  • *
  • Posts: 2
    • Personal Message (Offline)
Avast is unable to put it in the chest.
Cleared restore, rescanning, fingers crossed!

Thanks for advice!

Offline Asyn

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 24968
    • >>>  avast! Forum - Deutschsprachiger Bereich  <<<
    • Personal Message (Offline)
Avast is unable to put it in the chest.
Cleared restore, rescanning, fingers crossed!
Thanks for advice!

You're welcome..! :)
Awaiting your reply..!!
asyn
XP SP3 - avast! 9.0.2018 - CIS 3.14 [FW/D+] - MBAM 1.75 [On Demand] - Firefox ESR 24.4 [NS/ABP/EHH/BP] - Thunderbird 24.4 [EM/CH]
Deutschsprachiger Bereich -> avast! Wissenswertes (Downloads, Anleitungen und Infos): http://forum.avast.com/index.php?topic=60523.0

Offline polonus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 20168
  • Gender: Male
  • malware fighter
    • Personal Message (Offline)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline dozey_dude

  • Newbie
  • *
  • Posts: 1
    • Personal Message (Offline)
Hi I have had a similar problem,
avast keeps finding the problem but cannot remove it. I think the issue is either in the windows or
i386 directory.

File name: SVC: PRAGMArnnsmbexnm
Severity: High
Status: Threat: Rootkit: hidden service

Result: Error: The system cannot find the file specified(2)

Is there a way to remvove this problem, and is it really an issue?

If anyone has any ideas please let me know

Offline Asyn

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 24968
    • >>>  avast! Forum - Deutschsprachiger Bereich  <<<
    • Personal Message (Offline)
Is there a way to remvove this problem, and is it really an issue?

If you're on a 32bit system, run a boot time scan with avast.
Report back.
And yes, a rootkit infection is a rather big issue...
asyn
XP SP3 - avast! 9.0.2018 - CIS 3.14 [FW/D+] - MBAM 1.75 [On Demand] - Firefox ESR 24.4 [NS/ABP/EHH/BP] - Thunderbird 24.4 [EM/CH]
Deutschsprachiger Bereich -> avast! Wissenswertes (Downloads, Anleitungen und Infos): http://forum.avast.com/index.php?topic=60523.0

Offline essexboy

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 29073
  • Gender: Male
  • Dragons by Sasha
    • Malware fixes
    • Personal Message (Offline)
That is a very sneaky rootkit

GMER Rootkit Scanner - Download - Homepage
  • Download GMER
  • Extract the contents of the zipped file to desktop.
  • Double click GMER.exe.

  • If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
  • In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)

    Click the image to enlarge it
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "ark.txt" 
  • Save the log where you can easily find it, such as your desktop.
**Caution**Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Please copy and paste the report into your Post.

THEN

Download OTL  to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select Scan all users
  • Under the Custom Scan box paste this in

netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Attach both logs

Offline Asyn

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 24968
    • >>>  avast! Forum - Deutschsprachiger Bereich  <<<
    • Personal Message (Offline)
As Essexboy jumps in here, follow his advice...! ;)
asyn
XP SP3 - avast! 9.0.2018 - CIS 3.14 [FW/D+] - MBAM 1.75 [On Demand] - Firefox ESR 24.4 [NS/ABP/EHH/BP] - Thunderbird 24.4 [EM/CH]
Deutschsprachiger Bereich -> avast! Wissenswertes (Downloads, Anleitungen und Infos): http://forum.avast.com/index.php?topic=60523.0

 

Google Chrome

AVAST recommends using the FREE Google Chrome™ browser.

Download Google Chrome Now