Avast WEBforum

Other => Viruses and worms => Topic started by: REDACTED on August 30, 2016, 01:40:19 AM

Title: False positive or malware?
Post by: REDACTED on August 30, 2016, 01:40:19 AM

So In the last few days i have seen a notification appearing at least every 15 minutes saying that a threat has been blocked. Running a scan however yields no results, and using malwarebytes nothing is detected. The detection pops up with no particular pattern, and to me it doesn't seem to be associated with a particular program I use.

Googling the object name "cookie773.exe" it shows up on a malware analysis website, but then why is it not detected by either Avast or Malwarebytes?

I don't know the directory it's operating out of either since "wscript.exe" is a windows process, meaning that I am clueless as to how to remove or stop this. I've attached the notification popup that Avast displays when it detects the virus.

Some help would be appreciated thanks.  :)

Title: Re: False positive or malware?
Post by: Yanto.Chiang on August 30, 2016, 05:24:37 AM

Hi kash1ninja,

This is weird case, but according to some cases that i found on blog that wscript.exe part of windows scripting to support VBScript program on windows.
Below are some information that you can try and error:
xttps://support.microsoft.com/en-us/kb/232211
xttp://www.howtogeek.com/forum/topic/wscriptexe-problem
xttp://www.file.net/process/wscript.exe.html

We hope with above references can help you.

Cheers,

Title: Re: False positive or malware?
Post by: dbrisendine on August 30, 2016, 06:42:17 AM

Please follow the directions for scans in this topic and attach as many of the logs as you can run.
Logs to assist in cleaning malware  (https://forum.avast.com/index.php?topic=53253.0)

FRST.txt, Addition.txt, Malwarebytes Anti-Malware log and aswMBR.txt.  Thanks.

Title: Re: False positive or malware?
Post by: Milos on August 30, 2016, 08:03:50 AM

Hello,
wscript runs some script which tries to download the detected file. Try to find wscript.exe process in Task manager where should be also mentioned parameters (command line) of the wscript, which is the source of the script trying to download the file.

Milos

Title: Re: False positive or malware?
Post by: dbrisendine on August 31, 2016, 03:54:20 AM

The logs I have asked for will show where wscript is being called / run from.

Title: Re: False positive or malware?
Post by: REDACTED on August 31, 2016, 03:27:40 PM

Thanks for the help guys.

In over 24 hours, and 3 restarts I have not encountered the issue at all  ;D,  and I am unsure why. Some time after my original post i installed AVG, but it did not detect anything so I uninstalled. That was the only changes to the system made in that period.

Its possible that the file is perhaps laying dormant?  So I will specifically look out for the wscript process if I see this detected by Avast again, but for now the issue is solved i guess.

Thanks again.  :)