« previous next »
Pages: [1]   Go Down

Author Topic: Bha.dll.vbs  (Read 2989 times)

0 Members and 1 Guest are viewing this topic.

Askabomoh

  • Guest
Bha.dll.vbs
« on: March 19, 2007, 02:19:02 AM »
avast cant detect this virus,
did anyone know how 2 remove these threat

Note:
-This worm is located in C:\%WINDIR%\ copies itself to all removeable and shared drives as \Bha.dll.vbs and creates the file \autorun.inf. The file \autorun.inf can be safely removed
-nternet Explorer title bar shown this "Hacked by Pokemon"
Logged

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: Bha.dll.vbs
« Reply #1 on: March 19, 2007, 02:33:16 AM »
Welcome to avast forums.
Sorry for your experience.

General removal procedure include:

1) Enable/Disable System restore on Windows ME or Windows XP. System Restore cannot be disabled on Windows 9x and it's not available in Windows 2k.

2) Clean your temporary files. You can use the Windows Advanced Care or CCleaner features for that.

3) It will be good if you download, install, update and run other trojan remover tools: a-squared and/or Free AVG Antispyware (trojan removers). Some users recommend SUPERantispyware or Spyware Terminator.

About the leak detection, how do you know it is an infection or not? To know if a file is a false positive, please submit it to JOTTI or VirusTotal and let us know the result. If it is indeed a false positive, send it in a password protected zip to virus@avast.com. Thanks.
Logged
The best things in life are free.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89061
  • No support PMs thanks
Re: Bha.dll.vbs
« Reply #2 on: March 19, 2007, 01:41:15 PM »
Beside what Tech has suggested, sending a sample to avast for analysis will help detections.

Also see this, http://www.bleepingcomputer.com/forums/lofiversion/index.php/t82493.html

You could add the file to the User Files (File, Add) section of the avast chest where it can do no harm and send it from there (select the file, right click, email to Alwil Software). No need to zip and PW protect when the sample is sent from chest.

Or send the sample to virus@avast.com zipped and password protected with password in email body and false positive/undetected malware in the subject.

You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner I feel virustotal is the better option as it uses the windows version of avast (more packers supported) and there are currently 30 different scanners. Post the results here.
Or Jotti - Multi engine on-line virus scanner if any other scanners here detect them it is less likely to be a false positive. Whichever scanner you use, you can't do this with the file in the chest, you will need to move it out.

This will possibly be detected by other AV, these malware names can be googled to provide mor information.
Logged
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.3.6108 (build 24.3.8975.762) UI 1.0.801/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Askabomoh

  • Guest
Re: Bha.dll.vbs
« Reply #3 on: March 20, 2007, 07:21:48 AM »
thx for ur quick reply
i`ll sending a sample to avast for analysis
Logged

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89061
  • No support PMs thanks
Re: Bha.dll.vbs
« Reply #4 on: March 20, 2007, 02:21:34 PM »
No problem, welcome to the forums.

You can periodically scan the file in the user files section of the chest and see when it is added to the VPS update.
Logged
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.3.6108 (build 24.3.8975.762) UI 1.0.801/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security
Pages: [1]   Go Up
« previous next »