Avast WEBforum
Other => Viruses and worms => Topic started by: muppetlol on November 14, 2013, 03:32:40 PM
-
Did not downloaded anything at all for the past 1 week. Been doing full scan daily like 3 times a day everyday since I bought Avast Internet Security.
However yesterday as I was opening pandora radio from my firefox, I noticed a sudden massive lag throughout my browser and my mouse was lagging.
Today when I turned on my computer, Windows update started to update and I installed all of the update. Then I restarted and did a full system scan and it detected 1 threat.
I used Malwarebytes to do a full scan but malwarebytes did not detect anything( Scanned like 3x). After Avast detected it, I moved it to the chest and Avast asked me to restart and do a boot-time scan. The VBS Flufferminer -D[Trj] was detected again in the boot-time scan. I tried to fix it in the boot-time scan but Avast told me this file is in C:\Windows , thus I exited the boot-time scan and booted into Windows so I can write this thread.
I understand that I should not touch anything in C:\Windows thus I did not remove it.
I moved it to the Chest, did a full scan and no threat was found. I was unable to locate the file as it seems to be moving around the directories.
This is the picture of the full scan did in Windows.
(http://i.imgur.com/ORALCaP.png)
Yes I already checked and the file does end with bin.VF , there wasn't anymore words after that extension
This is the picture of the boot-time scan did when booting.
(http://i.imgur.com/BfUCT1V.png)
I tried to get to those location stated in the picture but I can't find the file in it.
I reached C:\Windows\Temp\_avast_ but the only file in it was called Webshlock
I reached C:\ProgramData\Microsoft\Windows Defender\Scans but I do not see mpcache-598xxxxxx , the only two folders in it was CleanStore and History
I'm pretty sure I did not download anything for the past 2 month cause I've been playing the same game everyday for like the past 3 months without downloading anything else.
Help would be appreciated as the scan logs does not seems to tell much. Could this be a false positive? What should I do next?
-
Have you recently used USB flash drive?
Please download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/) by Xplode and save to your Desktop.
Double click on AdwCleaner.exe to run the tool.
- Click on the Scan button.
- After the scan has finished click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
- After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
- Post logfile will also be saved in the C:\AdwCleaner folder.
Please download aswMBR (http://public.avast.com/~gmerek/aswMBR.exe) and save it to your desktop.
Double click aswMBR.exe to start the tool.
- Select Yes if prompted to download the Avast database.
- Click Scan
- Upon completion of the scan ( Scan finished successfully ) click Save log and save it to your desktop, and post that log in your next reply for review.
Note: do NOT attempt any Fix yet.
Please download Farbar Recovery Scan Tool (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/) by Farbar and save it to your desktop.
Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.
- Double-click to run it. When the tool opens click Yes to disclaimer.
- Under Optional Scan ensure "List BCD" and "Driver MD5" are ticked.
- Press Scan button.
- It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
- The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
-
No I have all my USB ports disconnected from my motherboard(No SATA cable to the external USB ports on my computer case) except those behind the motherboard since the day I bought it. No one has physical access to my computer but me. I do not use any disc drives or USB ports for files ( eg. flashdrives/thumbdrives or even smartphones )
The only thing on my USB ports are my mouse , keyboard and mic, been using them for like a year already.
Also It's not that I don't trust you with those programs listed in your posted but as a suspicious person, I take security very seriously thus the chances of me installing those programs just to get the logs would be zero.
I do not install anything on my computer, since I take security very seriously, the only thing installed are my games from steam and just Avast Internet Security. If even by doing this could cause me to get infected, I guess Windows must be a really bad platform then?
Is there other way we can work around this without downloading extra stuff into my computer?
-
Been doing full scan daily like 3 times a day everyday since I bought Avast Internet Security.
ehrmm..... why? :o
Is there other way we can work around this?
hmmm.... crystal ball or magic maybe ;)
relax the tools are used here every day by the removal expert and are totally safe
-
Been doing full scan daily like 3 times a day everyday since I bought Avast Internet Security.
ehrmm..... why? :o
Is there other way we can work around this?
hmmm.... crystal ball or magic maybe ;)
relax the tools are used here every day by the removal expert and are totally safe
I'm just superstitious so I run more scans, it doesn't hurt to run more though.
Do I really have no choice but to install those programs stated in the post?
-
I'm just superstitious so I run more scans, it doesn't hurt to run more though.
you have a antivirus program with realtime protection..... meaning evry file / process that moves when computer is on is checked in realtime
Do I really have no choice but to install those programs stated in the post?
he cant see whats going on inside unless he see those logs
and he will remove the tools used when finish
-
Ok, wait for someone else to help you...I am not interested anymore...
-
I'm just superstitious so I run more scans, it doesn't hurt to run more though.
you have a antivirus program with realtime protection..... meaning evry file / process that moves when computer is on is checked in realtime
Do I really have no choice but to install those programs stated in the post?
he cant see whats going on inside unless he see those logs
and he will remove the tools used when finish
Thanks for that info, I didn't know the realtime actually scans as I use any file on my computer (:
Do I have to remove the tools myself after I get all the logs?
-
Do I have to remove the tools myself after I get all the logs?
the removal expert will tell you how to when finish...
-
Dear senior members,
I have an identical problem. Would you mind if I posted my logs as well?
The file in question is in the attachment...
-
I have an identical problem. Would you mind if I posted my logs as well?
No.... but start your own topic since helping multiple users in same will be chaotic
-
I have an identical problem. Would you mind if I posted my logs as well?
No.... but start your own topic since helping multiple users in same will be chaotic
Not a problem...
-
Are we sure this isn't just a false positive? I'm showing the exact same infection in the exact same file. It only appeared as a threat to Avast after the recent set of Windows updates, which included a bunch of security updates for Windows Defender. What are the odds of that?
-
That looks to be in the windows defender definitions, which would make it an FP
-
Ditto,exactly the same file as the op.I successfully deleted it from Avast and then ran a boot scan which detected it again
so i pressed 6 to delete all,then did another full Avast scan which said no threat found.
Starting to think this might be an FP now.
-
I'm also having the same problem. I did a virus scan on Virustotal and Avast is the only one that seems to think the file is a virus. I haven't done anything to the file as everything points to a FP.
https://www.virustotal.com/en/file/dc8e8178619073562e6e32d184e64623ef5037d219d72241e2e52fe0d8c852ff/analysis/1384459728/
-
@mv54:
The file is really new (First submitted 7 hours ago) so please wait some time and rescan the file in some days.
-
I deleted this vbs flufferminer,have i done any damage to my system,being as it's an FP?
-
No it will do no harm .. I have uploaded a file that was found on my system during a screensaver scan as an FP
If you could do the same
-
Have you recently used USB flash drive?
Please download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/) by Xplode and save to your Desktop.
Double click on AdwCleaner.exe to run the tool.
- Click on the Scan button.
- After the scan has finished click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
- After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
- Post logfile will also be saved in the C:\AdwCleaner folder.
Please download aswMBR (http://public.avast.com/~gmerek/aswMBR.exe) and save it to your desktop.
Double click aswMBR.exe to start the tool.
- Select Yes if prompted to download the Avast database.
- Click Scan
- Upon completion of the scan ( Scan finished successfully ) click Save log and save it to your desktop, and post that log in your next reply for review.
Note: do NOT attempt any Fix yet.
Please download Farbar Recovery Scan Tool (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/) by Farbar and save it to your desktop.
Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.
- Double-click to run it. When the tool opens click Yes to disclaimer.
- Under Optional Scan ensure "List BCD" and "Driver MD5" are ticked.
- Press Scan button.
- It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
- The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
These are my two reports.
I have no error like that at the second screenshot of @muppetlol post above.
I decided to select to move the virus to the virus chest with the fourth option.
I have just run fully scan of Malwarebytes without any warning.
What I have to do next?
-
No it will do no harm .. I have uploaded a file that was found on my system during a screensaver scan as an FP
If you could do the same
I understand that a lot of users are having this VBS Flufferminer -D[Trj] , however has it been confirmed that it is a FP since a lot of people are getting?
Does it mean my computer is safe to use and is not infected?
-
I'm also having the same problem. I did a virus scan on Virustotal and Avast is the only one that seems to think the file is a virus. I haven't done anything to the file as everything points to a FP.
https://www.virustotal.com/en/file/dc8e8178619073562e6e32d184e64623ef5037d219d72241e2e52fe0d8c852ff/analysis/1384459728/
1/46 on VT as well.
https://www.virustotal.com/en/file/9aac47f8516c0ae96c144c7afd0613474b90827ef02472f0b25fece93656ec29/analysis/1384479633/ (https://www.virustotal.com/en/file/9aac47f8516c0ae96c144c7afd0613474b90827ef02472f0b25fece93656ec29/analysis/1384479633/)
-
I'm also having the same problem. I did a virus scan on Virustotal and Avast is the only one that seems to think the file is a virus. I haven't done anything to the file as everything points to a FP.
https://www.virustotal.com/en/file/dc8e8178619073562e6e32d184e64623ef5037d219d72241e2e52fe0d8c852ff/analysis/1384459728/
1/46 on VT as well.
https://www.virustotal.com/en/file/9aac47f8516c0ae96c144c7afd0613474b90827ef02472f0b25fece93656ec29/analysis/1384479633/ (https://www.virustotal.com/en/file/9aac47f8516c0ae96c144c7afd0613474b90827ef02472f0b25fece93656ec29/analysis/1384479633/)
Just put it into the chest for now
-
I'm definitely thinking FP. It happens. Saw the little red virus alert box when I got in front of the computer this am - momentary fear, but seeing location in the Windows Defender folder - not so much. Will be ready if the customers call about this issue today :)
Eric
Lizardwebs Raleigh Computer Repair (http://lizardwebs.net/computer-repair-raleigh/remove-computer-virus/)
-
Three hours wasted yesterday and today on this, and another FalseFlag in "c:\Intel\Logs\IntelGFXCoin.log".
The amount of false positives that Avast is recently raising, and the fecklessness of their support will drive us to another AV client. The software/company has nosedived of late.
-
The exact same thing just happened to me. The Avast program said it found a vbs:flufferminer-D virus in the same windows defender folder as what you said, and I too had just updated my Windows 7 with about 12 new updates just hours before. Got rid of it and then did the recommended boot scan. Said it had now reappeared in a Windows file, and was I sure I wanted to delete it. It was in the Avast folder that resides in the Windows folder, so I quarantined it with no ill-effects. So it seems to me that Avast isn't recognizing something in one of the new Windows updates for what it really is and it thinks its something bad. I mean, what are the chances of that Windows Defender file being corrupt direct from Microsoft and then only people with Avast get it...? Never happen.
-
Assessed as an FP awaiting Avast confirmation
-
Are we sure this isn't just a false positive? I'm showing the exact same infection in the exact same file. It only appeared as a threat to Avast after the recent set of Windows updates, which included a bunch of security updates for Windows Defender. What are the odds of that?
Greetings
I got exactly the same problem last days simultaneously on 4 PC and 2 notebooks (WIFI without physical links, and no use of USB drive/key) at the same time/same place :
C:\Windows\Temp\_avast_ (a "temp file" don't remember the name) that was correctly deleted after reboot
Since yesterday
C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-1927DB...FBFA.bin.vb
But strange : no typical trace of this TRJ after register deep seeking in safe mode :-\
Does anyone knows more about this ?
-
Have you recently used USB flash drive?
Please download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/) by Xplode and save to your Desktop.
Double click on AdwCleaner.exe to run the tool.
- Click on the Scan button.
- After the scan has finished click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
- After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
- Post logfile will also be saved in the C:\AdwCleaner folder.
Please download aswMBR (http://public.avast.com/~gmerek/aswMBR.exe) and save it to your desktop.
Double click aswMBR.exe to start the tool.
- Select Yes if prompted to download the Avast database.
- Click Scan
- Upon completion of the scan ( Scan finished successfully ) click Save log and save it to your desktop, and post that log in your next reply for review.
Note: do NOT attempt any Fix yet.
Please download Farbar Recovery Scan Tool (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/) by Farbar and save it to your desktop.
Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.
- Double-click to run it. When the tool opens click Yes to disclaimer.
- Under Optional Scan ensure "List BCD" and "Driver MD5" are ticked.
- Press Scan button.
- It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
- The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Same problem here ! Did all that above, filew attached! Can't figure something out ! Someone explain/help please . Oh, and What is an FP ?
-
Issue has been resolved with the latest VPS update
-
Is this a positive? New but joined to ask about this as i currently seem to have it. I did a little looking up about it, the first page of google hits says the virus is pretty malicious, except for on here? Also what's a VPS update? Thanks
-
I'm also having the same problem. I did a virus scan on Virustotal and Avast is the only one that seems to think the file is a virus. I haven't done anything to the file as everything points to a FP.
https://www.virustotal.com/en/file/dc8e8178619073562e6e32d184e64623ef5037d219d72241e2e52fe0d8c852ff/analysis/1384459728/
the update VPS 131115-1 fixed the problem.
this file is not already flagged by avast
-
Have this problem across all pc one overseas, my cousin and mine ....mine O_o
-
Can we Avast users please get confirmation from Avast that this was a FP (FALSE POSITIVE) so we can go back to our daily activities? That would be very helpful.
-
I'm also having the same problem. I did a virus scan on Virustotal and Avast is the only one that seems to think the file is a virus. I haven't done anything to the file as everything points to a FP.
https://www.virustotal.com/en/file/dc8e8178619073562e6e32d184e64623ef5037d219d72241e2e52fe0d8c852ff/analysis/1384459728/
the update VPS 131115-1 fixed the problem.
this file is not already flagged by avast
Well I just updated Avast with VPS 131115-1. So everything should be fine per Jefferson Santiag. :)
-
For a new user what is the VPS?
-
Have you recently used USB flash drive?
Please download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/) by Xplode and save to your Desktop.
Double click on AdwCleaner.exe to run the tool.
- Click on the Scan button.
- After the scan has finished click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
- After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
- Post logfile will also be saved in the C:\AdwCleaner folder.
Please download aswMBR (http://public.avast.com/~gmerek/aswMBR.exe) and save it to your desktop.
Double click aswMBR.exe to start the tool.
- Select Yes if prompted to download the Avast database.
- Click Scan
- Upon completion of the scan ( Scan finished successfully ) click Save log and save it to your desktop, and post that log in your next reply for review.
Note: do NOT attempt any Fix yet.
Please download Farbar Recovery Scan Tool (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/) by Farbar and save it to your desktop.
Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.
- Double-click to run it. When the tool opens click Yes to disclaimer.
- Under Optional Scan ensure "List BCD" and "Driver MD5" are ticked.
- Press Scan button.
- It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
- The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Same problem here ! Did all that above, filew attached! Can't figure something out ! Someone explain/help please . Oh, and What is an FP ?
As you already know the problem is solved, I did the same but I think it was a waste of time.
If you want you can delete your attachments from your post, nothing big but!
Of course delete the programs you downloaded and the files from your computer just an idea.
-
For a new user what is the VPS?
Virus Pattern Signature
http://www.avast.com/en-eu/virus-update-history (http://www.avast.com/en-eu/virus-update-history)
-
For a new user what is the VPS?
Hi Drfunk,
Welcome to the forums.
Your question is a little bit off topic, as this topic is about a possible false positive report as in the topic header. But as you may be new here, see below: ( You can always start your own topic and ask any question you may have there.) :)
Sorry you've had to ask twice about this. VPS is likely an acronym for Virus Pattern Signature, otherwise known as the virus database avast! will issue to all users once or twice a day, as needed. Must admit the VPS acronym may be off a bit, as cannot readily find documentation on this per avast!, or maybe have not looked in the right places, but the vps is the daily virus database update avast uses to update virus definitions.
Beginning with version 7.0, streaming updates were introduced, and as program builds have progressed over time, streaming updates became more frequent and now have priority over the standard vps updates issued once or twice a day. Streaming updates are now issued up to 10 x an hour or more with version 9.0, the better to keep up with the newest and latest developing threats.
VPS virus database updates now are used primarily to clean up false positive alerts and any corruption or duplication by avast!. In other words, this is when all prior streaming updates are consolidated and cleaned up, if needed, and all this is done at the same time when that vps is released.
-
As you already know the problem is solved, I did the same but I think it was a waste of time.
I ask myself about this "FP" cause of threat localizations : "Temp\_avast_", and then "Defender/scans"... strange...
But seems all is ok now after some deep scans. Thanks to devs for their reactivity :)
-
A FP is a False Postive. Meaning it was wrongfully detected as a virus.