Author Topic: Infection: Win32:VBCrypt-AGT [Trj] and Infection: ?  (Read 1795 times)

0 Members and 1 Guest are viewing this topic.

Offline Artūrs

  • Newbie
  • *
  • Posts: 12
Infection: Win32:VBCrypt-AGT [Trj] and Infection: ?
« on: April 07, 2017, 09:40:25 AM »
Hello!

We are using Avast Endpoint Protection SUITE PLUS and once at week we scan our computers. {All harddisks, Operating memory of the computer, Auto-Start Programs (All Users)}
Almost in every scan we get some computers with something like this:

  • \\{computer name}\*PROCESS\1bf8\firefox.exe\22810000\13d000    Infection: Win32:VBCrypt-AGT [Trj]
  • \\{computer name}\*PROCESS\1164\excel.exe\eced000\1c6000    Infection: Win32:VBCrypt-AGT [Trj]
  • \\{computer name}\*PROCESS\a0c\winword.exe\b800000\ff000    Infection: Win32:VBCrypt-AGT [Trj]
  • \\{computer name}\*PROCESS\1d00\acrord32.exe\a70000\ff000    Infection: Win32:VBCrypt-AGT [Trj]
  • \\{ComputerName}\*PROCESS\820\explorer.exe\730000\ff000     Infection: ?

And more similar... On next scan there is not any infection {on same computer}, even boot scan not found anything...
Question is should I be worry about it and is there any suggestions?

Offline Pondus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33760
Re: Infection: Win32:VBCrypt-AGT [Trj] and Infection: ?
« Reply #1 on: April 07, 2017, 09:54:31 AM »
Upload and check file(s) here  >>  www.virustotal.com
If you see file as scanned before, click rescan for a fresh result


Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline Artūrs

  • Newbie
  • *
  • Posts: 12
Re: Infection: Win32:VBCrypt-AGT [Trj] and Infection: ?
« Reply #2 on: April 07, 2017, 10:01:53 AM »
Hello! Thanks for quick answer!

Where is no files... Nothing in virus chest...

Offline Pondus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33760
Re: Infection: Win32:VBCrypt-AGT [Trj] and Infection: ?
« Reply #3 on: April 07, 2017, 10:04:16 AM »
Quote
\\{computer name}\*PROCESS\1bf8\firefox.exe\22810000\13d000
have you changed default scan settings? ... and selected scan memory?

This may give some weird scan results, it used to be an issue with home versions, dont know about endpoint

Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline Artūrs

  • Newbie
  • *
  • Posts: 12
Re: Infection: Win32:VBCrypt-AGT [Trj] and Infection: ?
« Reply #4 on: April 07, 2017, 10:12:56 AM »
Yes, as I wrote before where is set to scan "Operating memory of the computer".
« Last Edit: April 07, 2017, 10:21:49 AM by ArtÅ«rs »

Offline tcorey

  • Newbie
  • *
  • Posts: 2
Re: Infection: Win32:VBCrypt-AGT [Trj] and Infection: ?
« Reply #5 on: October 03, 2017, 02:15:56 AM »
Artus, were you able to get to the bottom of this? I've been dealing with the same thing for several months...

Thanks.

Offline registerstuff777

  • Newbie
  • *
  • Posts: 3
Re: Infection: Win32:VBCrypt-AGT [Trj] and Infection: ?
« Reply #6 on: November 06, 2017, 01:23:47 PM »
I'm getting the same problem on a fairly regular basis. The infected file is always swift-ddmmyyy[nnnn].ace

I'd really like to get to the bottom of this, too.

Cheers

Offline Pondus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33760
Re: Infection: Win32:VBCrypt-AGT [Trj] and Infection: ?
« Reply #7 on: November 06, 2017, 04:58:19 PM »
I'm getting the same problem on a fairly regular basis. The infected file is always swift-ddmmyyy[nnnn].ace

I'd really like to get to the bottom of this, too.

Cheers
Do you use endpoint / business program?  This is the business forum section

If you are a home user, start a topic in Viruses and Worms forum section

attach a screenshot of avast message, we need to see all info avast give





« Last Edit: November 06, 2017, 05:29:39 PM by Pondus »
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.