Author Topic: Infection: Win32:VBCrypt-AGT [Trj] and Infection: ? (Read 6271 times)

Artūrs · « **on:** April 07, 2017, 09:40:25 AM »

Hello!

We are using Avast Endpoint Protection SUITE PLUS and once at week we scan our computers. {All harddisks, Operating memory of the computer, Auto-Start Programs (All Users)}
Almost in every scan we get some computers with something like this:

\\{computer name}\*PROCESS\1bf8\firefox.exe\22810000\13d000 Infection: Win32:VBCrypt-AGT [Trj]
\\{computer name}\*PROCESS\1164\excel.exe\eced000\1c6000 Infection: Win32:VBCrypt-AGT [Trj]
\\{computer name}\*PROCESS\a0c\winword.exe\b800000\ff000 Infection: Win32:VBCrypt-AGT [Trj]
\\{computer name}\*PROCESS\1d00\acrord32.exe\a70000\ff000 Infection: Win32:VBCrypt-AGT [Trj]
\\{ComputerName}\*PROCESS\820\explorer.exe\730000\ff000 Infection: ?

And more similar... On next scan there is not any infection {on same computer}, even boot scan not found anything...
Question is should I be worry about it and is there any suggestions?

Pondus · « **Reply #1 on:** April 07, 2017, 09:54:31 AM »

Upload and check file(s) here >> www.virustotal.com
If you see file as scanned before, click rescan for a fresh result

Artūrs · « **Reply #2 on:** April 07, 2017, 10:01:53 AM »

Hello! Thanks for quick answer!

Where is no files... Nothing in virus chest...

Pondus · « **Reply #3 on:** April 07, 2017, 10:04:16 AM »

Quote

\\{computer name}\*PROCESS\1bf8\firefox.exe\22810000\13d000

have you changed default scan settings? ... and selected scan memory?

This may give some weird scan results, it used to be an issue with home versions, dont know about endpoint

Artūrs · « **Reply #4 on:** April 07, 2017, 10:12:56 AM »

Yes, as I wrote before where is set to scan "Operating memory of the computer".

REDACTED · « **Reply #5 on:** October 03, 2017, 02:15:56 AM »

Artus, were you able to get to the bottom of this? I've been dealing with the same thing for several months...

Thanks.

REDACTED · « **Reply #6 on:** November 06, 2017, 01:23:47 PM »

I'm getting the same problem on a fairly regular basis. The infected file is always swift-ddmmyyy[nnnn].ace

I'd really like to get to the bottom of this, too.

Cheers

Pondus · « **Reply #7 on:** November 06, 2017, 04:58:19 PM »

Quote from: registerstuff777 on November 06, 2017, 01:23:47 PM

I'm getting the same problem on a fairly regular basis. The infected file is always swift-ddmmyyy[nnnn].ace

I'd really like to get to the bottom of this, too.

Cheers

Do you use endpoint / business program? This is the business forum section

If you are a home user, start a topic in Viruses and Worms forum section

attach a screenshot of avast message, we need to see all info avast give

Author Topic: Infection: Win32:VBCrypt-AGT [Trj] and Infection: ? (Read 6271 times)

Artūrs

Infection: Win32:VBCrypt-AGT [Trj] and Infection: ?

Pondus

Re: Infection: Win32:VBCrypt-AGT [Trj] and Infection: ?

Artūrs

Re: Infection: Win32:VBCrypt-AGT [Trj] and Infection: ?

Pondus

Re: Infection: Win32:VBCrypt-AGT [Trj] and Infection: ?

Artūrs

Re: Infection: Win32:VBCrypt-AGT [Trj] and Infection: ?

REDACTED

Re: Infection: Win32:VBCrypt-AGT [Trj] and Infection: ?

REDACTED

Re: Infection: Win32:VBCrypt-AGT [Trj] and Infection: ?

Pondus

Re: Infection: Win32:VBCrypt-AGT [Trj] and Infection: ?