Author Topic: ScriptBridge-inf - Stopped ZTreeWin String Search But Not Found By Smart Search  (Read 2700 times)

0 Members and 1 Guest are viewing this topic.

Offline baumgrenze

  • Jr. Member
  • **
  • Posts: 34
At the end of a busy day, yesterday, I did a string search for an IP address in all of the Word documents in my "My Documents" folder. Twice Avast stopped the search with a popup about ScriptBridge-inf and its association with a Word document created in the period 2008 - 2010. It also suggested a Smart Search. The Smart Search found no problems. A few hours earlier I ran Malwarebytes and it found nothing.

I thought I'd saved a few screen dumps in a Word document, just for the record. I must have closed it without saving because I can't find anything this morning.

Does this make sense to any forum experts?

I can't understand it.

thanks

baumgrenze

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 36992
Quote
Twice Avast stopped the search with a popup about ScriptBridge-inf and its association with a Word document created in the period 2008 - 2010.
Upload and check the file / word.doc at  www.virustotal.com
If scanned before, always click rescan for a fresh result ... post link to scan result here


Quote
A few hours earlier I ran Malwarebytes and it found nothing.
Malwarebytes would not detect this as it does not target script or doc files




Offline baumgrenze

  • Jr. Member
  • **
  • Posts: 34
Thank you for replying.

Just to recap:

I thought I had a couple of screen dumps in a Word document. I must not have made it or closed it without saving. It was a long night and this was just one of many irritations, some much larger.

I immediately ran Smart Scan and it found nothing. Does it not find script/doc files.

The pop-up message cited "OLE:ScriptBridge-inf   [Trj]" and it happened twice during the search.

Sorry I can't provide more.

baumgrenze


Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31309
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Since they are older word documents, it seems to me they where created before the patch for the vulnerability was installed.
That sure would explain why newer documents where not flagged.

Offline baumgrenze

  • Jr. Member
  • **
  • Posts: 34
I'm tired and thinking slower.

When Avast says it stopped something like the scriptbridge-inf trojan, and it tells me what file is impacted, is it 'proud enough' of its prowess to make an entry in a log file? If so, where should I look?

thanks

baumgrenze

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 36992
Is your Office version full updates?       https://technet.microsoft.com/library/security/ms13-051


Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31309
  • Watching (over?) you
    • Malware removal, Biljart and other things.
What will be in the log file(s) (or not) depend on the settings.