Author Topic: Infection: Win32:VBCrypt-AGT [Trj] and Infection: ?  (Read 6359 times)

0 Members and 1 Guest are viewing this topic.

Offline Artūrs

  • Newbie
  • *
  • Posts: 15
Infection: Win32:VBCrypt-AGT [Trj] and Infection: ?
« on: April 07, 2017, 09:40:25 AM »
Hello!

We are using Avast Endpoint Protection SUITE PLUS and once at week we scan our computers. {All harddisks, Operating memory of the computer, Auto-Start Programs (All Users)}
Almost in every scan we get some computers with something like this:

  • \\{computer name}\*PROCESS\1bf8\firefox.exe\22810000\13d000    Infection: Win32:VBCrypt-AGT [Trj]
  • \\{computer name}\*PROCESS\1164\excel.exe\eced000\1c6000    Infection: Win32:VBCrypt-AGT [Trj]
  • \\{computer name}\*PROCESS\a0c\winword.exe\b800000\ff000    Infection: Win32:VBCrypt-AGT [Trj]
  • \\{computer name}\*PROCESS\1d00\acrord32.exe\a70000\ff000    Infection: Win32:VBCrypt-AGT [Trj]
  • \\{ComputerName}\*PROCESS\820\explorer.exe\730000\ff000     Infection: ?

And more similar... On next scan there is not any infection {on same computer}, even boot scan not found anything...
Question is should I be worry about it and is there any suggestions?

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37613
  • Not a avast user
Re: Infection: Win32:VBCrypt-AGT [Trj] and Infection: ?
« Reply #1 on: April 07, 2017, 09:54:31 AM »
Upload and check file(s) here  >>  www.virustotal.com
If you see file as scanned before, click rescan for a fresh result



Offline Artūrs

  • Newbie
  • *
  • Posts: 15
Re: Infection: Win32:VBCrypt-AGT [Trj] and Infection: ?
« Reply #2 on: April 07, 2017, 10:01:53 AM »
Hello! Thanks for quick answer!

Where is no files... Nothing in virus chest...

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37613
  • Not a avast user
Re: Infection: Win32:VBCrypt-AGT [Trj] and Infection: ?
« Reply #3 on: April 07, 2017, 10:04:16 AM »
Quote
\\{computer name}\*PROCESS\1bf8\firefox.exe\22810000\13d000
have you changed default scan settings? ... and selected scan memory?

This may give some weird scan results, it used to be an issue with home versions, dont know about endpoint


Offline Artūrs

  • Newbie
  • *
  • Posts: 15
Re: Infection: Win32:VBCrypt-AGT [Trj] and Infection: ?
« Reply #4 on: April 07, 2017, 10:12:56 AM »
Yes, as I wrote before where is set to scan "Operating memory of the computer".
« Last Edit: April 07, 2017, 10:21:49 AM by ArtÅ«rs »

REDACTED

  • Guest
Re: Infection: Win32:VBCrypt-AGT [Trj] and Infection: ?
« Reply #5 on: October 03, 2017, 02:15:56 AM »
Artus, were you able to get to the bottom of this? I've been dealing with the same thing for several months...

Thanks.

REDACTED

  • Guest
Re: Infection: Win32:VBCrypt-AGT [Trj] and Infection: ?
« Reply #6 on: November 06, 2017, 01:23:47 PM »
I'm getting the same problem on a fairly regular basis. The infected file is always swift-ddmmyyy[nnnn].ace

I'd really like to get to the bottom of this, too.

Cheers

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37613
  • Not a avast user
Re: Infection: Win32:VBCrypt-AGT [Trj] and Infection: ?
« Reply #7 on: November 06, 2017, 04:58:19 PM »
I'm getting the same problem on a fairly regular basis. The infected file is always swift-ddmmyyy[nnnn].ace

I'd really like to get to the bottom of this, too.

Cheers
Do you use endpoint / business program?  This is the business forum section

If you are a home user, start a topic in Viruses and Worms forum section

attach a screenshot of avast message, we need to see all info avast give





« Last Edit: November 06, 2017, 05:29:39 PM by Pondus »