Author Topic: Win32.VB-II found by Avast  (Read 8524 times)

0 Members and 1 Guest are viewing this topic.

slfroedge

  • Guest
Win32.VB-II found by Avast
« on: March 19, 2006, 10:10:51 PM »
Avast has found Win32.VB-II [wrm] but no other scanner detects this.  I tried VirusTotal, ewido, and virusscan.jotti  Again, only Avast ID's this Win32.VB-II.  Is this a real threat or a false positive?  It most likely came via the internet (MSN, email, music downloads, etc.)  It is in F:\WINDOWS\system32\config\SecEvent.Evt   as well as Music Match Jukebox Default.ddf   Therefore, when I want to do a system restore checkpoint, it will get added to the restore file, too.

I searched the threads and found nothing about this worm.  I also sent this information to Avast, but I couldn't put the infected file in a zipped file, and I was not able to send it from the chest (an error occurred on the page, even after I clicked to download the active x to send the file).   Does anyone have information regarding this?  Thanks, Shari

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: Win32.VB-II found by Avast
« Reply #1 on: March 19, 2006, 11:59:55 PM »
Avast has found Win32.VB-II [wrm] but no other scanner detects this.  I tried VirusTotal, ewido, and virusscan.jotti  Again, only Avast ID's this Win32.VB-II.  Is this a real threat or a false positive? 
Most probably a false positive...
Can you zip it and send to virus (at) avast.com again, but this time, be off-line (not connected to Internet), disable Standard Shield (or all providers), zip the file with a password (virus, for instance), make an email, attach the file and inform the password in the message body.
Turn on avast again. Connect and send the email. Thanks.
The best things in life are free.

slfroedge

  • Guest
Re: Win32.VB-II found by Avast
« Reply #2 on: March 20, 2006, 01:10:46 AM »
Thank you for your reply.  I learned how to zip the file into a folder and send it.  Now, I hope to learn how to deal with this problem, whether it is positively a virus/worm or a false positive. 
I've been reading the threads, and there are similar problems, but no resolutions that I have found.  All request more info.  Thanks so much!

P.S. I had a subscription to Norton for years.  I no longer use it.  Avast! is much better!

slfroedge

  • Guest
Re: Win32.VB-II found by Avast
« Reply #3 on: March 20, 2006, 01:20:48 AM »
I reread your reply.  I use hotmail, and it did not seem possible to attach the file without being connected.  Did the file get sent okay?

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: Win32.VB-II found by Avast
« Reply #4 on: March 20, 2006, 01:56:49 AM »
But no resolutions that I have found.
There are in two exclusion lists: one in program settings, for the on-demand scanning.
And other in Standard Shield settings, for the on-access protection (residents).
Maybe it could be a workaround until it's repaired by avast team.

Did the file get sent okay?
They should answer... Maybe Karel  ;D
The best things in life are free.

CharleyO

  • Guest
Re: Win32.VB-II found by Avast
« Reply #5 on: March 20, 2006, 04:01:22 AM »
***

Welcome to the forums, slfroedge.    :)

Be sure that Norton is completely uninstalled from your computer. None of the Norton/Symantec products will completely uninstall in the normal manner as they will leave behind files/registry entries that will foul any other av product from working correctly.    >:(


***

slfroedge

  • Guest
Re: Win32.VB-II found by Avast
« Reply #6 on: March 20, 2006, 04:55:38 AM »
Thanks.  Norton is tough to uninstall.  I get a msg. saying that I can't ininstall Norton WMI Update because there is still a file on my system that requires it.  Symantec's help page only states that this could occur, but not how to find out where the file is hiding.  I'll try some more.  Any suggestions?

slfroedge

  • Guest
Re: Win32.VB-II found by Avast
« Reply #7 on: March 20, 2006, 05:08:26 AM »
I have found the folder which contains Norton Antivirus.  Is it safe to delete it?  I read somewhere that it may not be safe just to delete programs.  I don't know why so much of it was left behind on uninstall. 
I did try to uninstall with CCleaner, but it could not take them off either.
If it is safe to delete registry entires for Norton, and delete the folder, then I can do that.
Please advise.  Thanks.
« Last Edit: March 20, 2006, 05:59:16 AM by slfroedge »

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89053
  • No support PMs thanks
Re: Win32.VB-II found by Avast
« Reply #8 on: March 20, 2006, 03:54:39 PM »
Another link worth looking at, which is a program removal tool that can remove the remnants of a number of different Norton Programs:
Removing your Norton program using SymNRT

Run this tool and reboot. It may be advisable to uninstall avast, reboot and install again after the remnants of Norton are removed.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.3.6108 (build 24.3.8975.762) UI 1.0.801/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

slfroedge

  • Guest
Re: Win32.VB-II found by Avast
« Reply #9 on: March 21, 2006, 01:43:24 AM »
Thanks for the tips on Norton uninstall.  I've learned a lot the past two days.  Here's a reply from Avast! regarding Win32:VB.II  :

Hello,
thanks for a sample. It is our false allarm and will be corrected in next VPS update.
Regards Cernik

 Thanks to everyone who offered help.  I used your tips.  At least I got my HD cleaned up and running more smoothly. :) :)

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89053
  • No support PMs thanks
Re: Win32.VB-II found by Avast
« Reply #10 on: March 21, 2006, 02:55:02 PM »
Glad we could help, a belated welcome to the forums.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.3.6108 (build 24.3.8975.762) UI 1.0.801/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

CharleyO

  • Guest
Re: Win32.VB-II found by Avast
« Reply #11 on: March 22, 2006, 12:26:31 AM »
***

It is nice to know that your HD is cleaner & running smoother.

Please come back often, learn more, and maybe help others.    :)


***

slfroedge

  • Guest
Re: Win32.VB-II found by Avast
« Reply #12 on: March 23, 2006, 01:16:15 AM »
Thanks for the warm welcome.  I'll help if I can, but I'm pretty new at this.  My mistakes may prove to be my most valuable contributions! ;D

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89053
  • No support PMs thanks
Re: Win32.VB-II found by Avast
« Reply #13 on: March 23, 2006, 01:32:31 AM »
If your going to be sticking around for a while you might want to use this resized image for your avatar as we try to keep them at 100 X 100.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.3.6108 (build 24.3.8975.762) UI 1.0.801/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

slfroedge

  • Guest
Re: Win32.VB-II found by Avast
« Reply #14 on: March 23, 2006, 01:36:16 AM »
Thanks!  I guess this is not the place to ask how you resized it? :-[