Avast WEBforum
Other => Viruses and worms => Topic started by: axelsonj on September 12, 2008, 03:14:19 AM
-
I'm a new AVAST user and not very technically savvy. Since I installed AVAST (Home edition) earlier this month a warning has come up about every 5 minutes. It says:
Sign of "VBS:Small AY" has been found in "Outgoing email 'Personal Information Error' From: "Service@Paypal.com"<service@paypal.com>, To: "file.
I have been choosing the Abort Connection, but the warning comes up again in about 5 minutes. I also did a boot-time scan (nothing found), but the warning continues to come up.
What does this mean and how do I fix it?
Thank you.
-
VBS:Small AY
This VBScript file is usually imbedded into HTML file and uploaded into remote sites.
Once a webpage is accessed that has this script, it downloads a malicious Trojan Spyware file from this site.
* http://www.{BLOCKED}.com/bbs/dsgdfhr.exe
It uses the following vulnerability.
* http://www.microsoft.com/technet/security/Bulletin/MS06-014.mspx
now how do you fix it
I Don't know never heard of this one edit actually I had but not under that name, and not for awhile
It seems all Av's target it
I'd start by downloading, MAlware Bytes Anti Malware, (free) bypass the please buy screen) or go to the download page not the "product" page install, update scan
check any hits and then
click REMOVE CHECKED- not to worry a backup will be made
I'd also download update and scan with Super Anti Spyware send any hits to quarantine
post the logs
If you have spybot search and destroy installed turn off t-timer for awhile
do you happen to have Windows Defender installed
do you use firefox ? you might want to install the NOSCRIPT plug in for awhile
also Tuesday was monthly patch day
go to SECUNIA
and download and run Secunia Software Inspector
-
Thank you for your response. Could you post a link to site(s) where I can download the programs you referred to?
Thanks again
-
google is your friend :) but there are a lot of look alike scams out there so it's ok to ask
1. Disable System Restore and then reenable it again.
2. Clean your temporary files. Use ATF cleaner or Ccleaner- but post up any relevant AV logs first
3. Schedule a boot time scanning with avast with archive scanning turned on.
rt click on the ball and update>programs
then open avast and schedule boot time scan- reboot and send any hits to chest, do not remove/delete
did you quarantine or send to chest any previous AV scans? what was there (ignore cookies)
you can try DrWeb CureIT!
http://www.freedrweb.com/cureit/
4. Use SUPERantispyware,
http://www.superantispyware.com/
update quarantine post logs
MBAM
http://malwarebytes.org/mbam.php
put a check mark next to any baddies and the click REMOVE CHECKED- a backup will be made
secunia.com/vulnerability_scanning/online/
-
***
Sometimes, we forget that those we are trying to help do not always understand without the little details we become use to doing automatically.
1. Disable System Restore and then reenable it again.
Should this not be ...
1. Disable System Restore, reboot the computer, and then reenable it again.
Please correct me if I am wrong. :)
***
-
There isn't any need to reboot in XP. Turning system restore off will remove all restore points. This should be done after the machine is clean.
-
Actually I agree with oldman
I had copied the instructions from another thread as I was late for dinner
actually a link to Disable/ Restore instructions such as those at Major Geeks would help
-
Select Start > All Programs > Accessories > System tools > System Restore.
On the dialogue box that appears select Create a Restore Point
Click NEXT
Enter a name e.g. Clean
Click CREATE
You now have a clean restore point, to get rid of the bad ones:
Select Start > All Programs > Accessories > System tools > Disk Cleanup.
In the Drop down box that appears select your main drive e.g. C
Click OK
The System will do some calculation and the display a dialogue box with TABS
Select the More Options Tab.
At the bottom will be a system restore box with a CLEANUP button click this
Accept the Warning and select OK again, the program will close and you are done
This will remove all old restore posts except the last one created, which if done after the machine was cleaned, will be an uninfected one.
-
***
Thanks oldman & wyrmrider ... I asked because I wanted to be sure. :)
***
-
You're welcome CharleyO. Not 100% certain, but I believe the turn off, boot, turn on, is a throw back to ME. Haven't upgraded this one to ME yet, so can't test the theory. ::)