VBS:Malware-gen in disk file.

[nsbfix]

An on-demand disk scan with Avast! Pro (level = "thorough") reports that I have VBS:Malware-gen in 26 files.  A typical infected file is
c:\Documents and Settings\Test\Application Data\...\32F35B12d01

I've searched this forum for advice on how to handle this infection but most of the posts concern real-time detection from infected web sites or flash-drives.

I'm running on Windows XP (SP3).

How can I handle this?

Thanks.

[Lisandro]

I suggest:

1. Clean your temporary files.
2. Schedule a boot time scanning with avast with archive scanning turned on. If avast does not detect it, you can try DrWeb CureIT! instead.
3. Use MBAM (or SUPERantispyware or even Spyware Terminator) to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete them.
4. Test your machine with anti-rootkit applications. I suggest avast! antirootkit or Trend Micro RootkitBuster.
5. Make a HijackThis log to post here or this analysis site. Or even submit the RunScanner log to to on-line analysis.
6. Clean your Hosts file (replacing it) with HostsMan tool.
7. Disable System Restore and then reenable it again.
8. Immunize your system with SpywareBlaster.
9. Check if you have insecure applications with Secunia Software Inspector.

[nsbfix]

Tech:

Thanks for your reply.  I have some questions:

1. In your item #2 you say to schedule a boot time scan and if Avast does not detect it then try DrWeb CureIT.  I don't understand.  Avast has already found the virus.  How can it not find it again?

2. You say to try an anti-rootkit program.  But doesn't an Avast scan include checking for rootkits?

Thanks.

[hello123]

Avast! does detect rootkits but not all of them.
No anti-virus can detect 100% of all malware.
The bootime scan is very useful because it scans before windows starts and hence before the virus starts up.

Just follow the steps given by tech they should work.

NEVER DELETE ITEMS DETECTED ALWAYS MOVE TO CHEST OR QUARANTINE

SUPERantispyware and malwarebytes (mbam) make sure you update them they do not auto update you must do it your self.

[DavidR]

Thanks for your reply.  I have some questions:

1. In your item #2 you say to schedule a boot time scan and if Avast does not detect it then try DrWeb CureIT.  I don't understand.  Avast has already found the virus.  How can it not find it again?

2. You say to try an anti-rootkit program.  But doesn't an Avast scan include checking for rootkits?

Tech is speaking generically and not about your specific issue, so hopefully it would detect it and be able to deal with it on the boot-time scan. If either of those doesn't (detect or be able to deal with it) then you go to the next option. This is not saying avast won't find it if it has previously detected, but a series of steps.

A multi-application approach is often more effective (and again are just a series of steps) than one single application detecting everything, which can never be guaranteed to be 100%.

[Lisandro]

1. In your item #2 you say to schedule a boot time scan and if Avast does not detect it then try DrWeb CureIT.  I don't understand.  Avast has already found the virus.  How can it not find it again?

Replicant virus could come back. At boot time you'll be able to clean these infections.

2. You say to try an anti-rootkit program.  But doesn't an Avast scan include checking for rootkits?

Just to have a second opinion and, sometimes, caught something that avast missed.