VBS:FlufferMiner-D [TRJ]

[rogi10]

Hello. It is my first time posting on this forum (though I have lurked over here for some time, trying to learn some things), so I am sorry if something isn't done as it should be, and I will try to fix it right away.

So, I tend to do a full scan every few days, to be on the safe side. I had one done yesterday, and it came out clean. I tried to do one today, and after it got to 37% it went back to 3%, and it reported one infected file. At this time, the scan speed dropped from 1 GB/s to around 80 MB/s, which is odd, considering my C: drive is a SSD. When it scanned my E: drive, the speed was unchanged.

I stopped the scan to see what the file was, since I have not downloaded anything between these 2 scans, nor have I visited any suspicious sites. The infected file was "C:\Windows\Prefetch\AgRobust.db" , and it was described as the malware in the thread title. I did a google search, and apparently this should be a safe file. Still, I tried moving it to chest from the scan log, but I was not able to. I got an error saying "Virus Server Chest is not running. RPC communication failed. (2147422219)".

I am currently running another full scan, and waiting for it to finish. It has currently been 1h 5 mins from the scan start, while it usually takes around 25 minutes, which is making me think there is indeed something going wrong. I would appreciate any help with this issue, or some kind of confirmation that it is a false positive. Also, would it be safe to delete this file?

Thanks in advance,

Rog

[TwinHeadedEagle]

Hi,


Please download AdwCleaner by Xplode and save to your Desktop.

Double click on AdwCleaner.exe to run the tool.

• Click on the Scan button.
  
• After the scan has finished click on the Clean button.

Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.

• After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  
• Post logfile will also be saved in the C:\AdwCleaner folder.

Please download aswMBR and save it to your desktop.

Double click aswMBR.exe to start the tool.

• Select Yes if prompted to download the Avast database.
   
• Click Scan
   
• Upon completion of the scan ( Scan finished successfully ) click Save log and save it to your desktop, and post that log in your next reply for review.
  Note: do NOT attempt any Fix yet.

Please download Farbar Recovery Scan Tool by Farbar and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
  
• Under Optional Scan ensure "List BCD" and "Driver MD5" are ticked.
  
• Press Scan button.
  
• It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

[rogi10]

Thanks for the reply. I'm already downloading the programs that you mentioned, but before running them, considering I am running a full scan with Avast!, should I wait for it to end, since it has been going for like a hour and a half and try to move it to chest again/delete the file, or should I stop it prematurely and run the programs you mentioned?
The scan has now finished, and the only threat detected was indeed the same file. So, should I attempt some sort of action with avast, or just skip it and go straight to the programs you mentioned? By the way, Avast flagged the second file as suspicious, even though it's clearly not. Just found it curious :p

[rogi10]

So I ran the scans you asked me to, logs are attached as you asked.

Thanks for your patience,

Rog

[TwinHeadedEagle]

This is False Positive detection, your system is clean...



Please download DelFix by "Xplode" to your Desktop.

Run the tool and check the following boxes below;

• Remove disinfection tools
• Create registry backup
• Purge System Restore

Now click on "Run" button. Wait for the programme completes his work.
All the tools we used should be gone.
Tool will create and open an log report (DelFix.txt)
Note: The report will also be stored on C:\DelFix.txt


> I don't need DelFix log report.

[TIG3R3K]

same problem here,if i have this virus in quarantine is it good ? or i must restore it. I think avast is good antivirus so it know what is virus and what isnt. Sorry for my english but i come from Poland. but my PC was starting slower than yesterday so i think it iis virus.

[rogi10]

Alrighty, thanks for the help! Could you just tell me how can I report this as a false positive, and where i can find a solution for the slow scans?

Thanks again,

Rog

[Secondmineboy]

@TIG3R3K:

These detections seem to be false positives after Windows Update.

If you want a malware check follow the logs in assist to clean malware topic on
top of this forum section.

[rogi10]

I doubt it is because of windows updates, because I do not have windows updates turned on, and I still got this false positive.

[TIG3R3K]

IF i will leave it in quarantaine and dont remove this file which isnt virus, can it slow my PC, FPS etc. ?

[Secondmineboy]

NO.

Quarantine is save.

[Secondmineboy]

This detection was added in the last VPS update so its really new.

http://www.avast.com/de-de/virus-update-history