Author Topic: Win32-VBCrypt-csl (Read 5442 times)

robotdevil · « **on:** January 19, 2014, 12:58:29 AM »

I seem to have picked up this WIN32:VBCrypt-CSL [trj] on my laptop and Avast will not move it to the chest or delete the process, Any help with removing this Trojan will be greatly appreciated. Thanks

Pondus · « **Reply #1 on:** January 19, 2014, 01:22:41 AM »

Before we can help we need some logs http://forum.avast.com/index.php?topic=53253.0

robotdevil · « **Reply #2 on:** January 19, 2014, 01:27:45 AM »

Hello Pondus,

I appreciate your prompt attention to my issue and I just want to apologize for starting a new thread on this topic as I understand there have been many before mine covering the same thing. I just want to make sure i understand, after clicking your link you want me to run Malware Bytes and post the log on this thread to be reviewed correct?

robotdevil · « **Reply #3 on:** January 19, 2014, 01:36:52 AM »

Pondus,

Here is the MBAM Log, for some reason it did not pick up any threats as Avast did, I am moving onto the OTL program.

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.01.18.07

Windows 8 x64 NTFS
Internet Explorer 11.0.9600.16476
metal_000 :: CLAPTRAP [administrator]

1/18/2014 5:30:16 PM
mbam-log-2014-01-18 (17-30-16).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 234268
Time elapsed: 3 minute(s), 40 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

polonus · « **Reply #4 on:** January 19, 2014, 01:47:30 AM »

Now you need some expert assistance from a qualified removal expert here.
Wait for his arrival and then follow all of his instructions to the dot.
The removal of this malware consists of a number of steps like:
deactivating system restore, run computer in safe mode, cleanse temp internet files, delete malware processes and cleanse the malicious registry entries.
This can only be dome under guidance of a qualified removal expert.

polonus

robotdevil · « **Reply #5 on:** January 19, 2014, 01:51:03 AM »

Polonus,

Here is the OTL log. Also I am running Windows 8 and the next step requires another program to be downloaded with a note attached that says the program is not compatible with my version of Windows, what should I do next?

polonus · « **Reply #6 on:** January 19, 2014, 01:52:28 AM »

The qualified removal expert will inform you next. Wait for him to enter the thread.

polonus

Pondus · « **Reply #7 on:** January 19, 2014, 01:54:03 AM »

Can you tell us the name and location of the file detected .....full file path?

Now you wait for a malware expert to arrive. Since it is way past midnight here in europe you may not recive a reply tonight

robotdevil · « **Reply #8 on:** January 19, 2014, 01:59:24 AM »

Pondus,

I would be happy to provide that information, however I cant seem to locate the avast log of my last scan, is there any help you can offer in finding this folder or information? Also I appreciate all your help and assistance in these late hours for you.

polonus · « **Reply #9 on:** January 19, 2014, 02:01:10 AM »

I have informed a qualified removal expert and he will be in when awake first thing to-morrow.
Pondus and I are late out guys. It is nearing 2.00 AM GMT here in this part of Europe.
So you wait a couple of hours for us to catch up with your malware cleansing routine.

And wish us Europeans a good night's rest.

polonus

Pondus · « **Reply #10 on:** January 19, 2014, 02:02:55 AM »

Quote from: robotdevil on January 19, 2014, 01:59:24 AM

Pondus,

I would be happy to provide that information, however I cant seem to locate the avast log of my last scan, is there any help you can offer in finding this folder or information? Also I appreciate all your help and assistance in these late hours for you.

Try avast chest (quarantine)

Night night

robotdevil · « **Reply #11 on:** January 19, 2014, 02:03:25 AM »

Polonus and Pondus,

No problem, I hope you all have a goodnights rest and I look forward to working with you tomorrow, Thanks again for all the assistance and prompt replies

magna86 · « **Reply #12 on:** January 19, 2014, 02:40:30 AM »

Hi robotdevil,

Posted OTL log looks clean.

This "Win32-VBCrypt-csl" is known as posible False detection. Could you please open your avast AV, seek and show me the full path of detected file.
I do not need the name of detection, I need the file path (e.g: c:\windows\system32\some_folder\some_file.exe )..
ScreenShot will do.

robotdevil · « **Reply #13 on:** January 19, 2014, 05:54:41 PM »

Hello Magna86,

the file path for that avast picked up is C:\Users\metal_000\AppData\Local\Microsoft\Windows\WebCache\V010164F.log

magna86 · « **Reply #14 on:** January 20, 2014, 02:17:53 PM »

Then this is FP caught by one of avast heuristics. You don't have anything to worry about, you are clean.