VBS:Malware-gen

[7thachmad]

i've got problems with irritating malware and trojan called win32:Pink [trj] and vbs:malware-gen AVASt home edition won't work even the splash screen scanner but the service is still running, looks like if there is opened windows that contain text antivirus the trojan quickly disabled it.

i've used boot time scan and turn off the system restore it successfully delete Autorun.inf at the c:\ and d:\ drive and i've forced to delete netcfg.dll and netcfg.0000 at system32\com folder that recognize as win32: pink[trj] but it keep coming when the system start again

please help  :'(

i use windows xp service pack 2 build 2600, VPS i forgot.

[redsock2]

Hello,

I have a VBS:Malware-gen

when I access
http://www.equilibriarte.org

VPS-Version: 081102-0, 11/02/2008

I think they use Iframes - Is there really a Problem with this site??
Please take a look...
Thanks for your help !!!

[kubecj]

Yep, they're serving something long, strange and encrypted at the end of the html.

[Lisandro]

redsock2, nowadays, avast website detection is more accurate and higher than other antivirus. Welcome to avast forums.

[redsock2]

Yes, I am impressed, really!!!
Thank you...
I Will reccomend Avast now :-))

I ask myself , why the equilibri admins dont realize this
script and remove it, its obvious in the htmlsource..
also it only appears on their main page, strange..

[DavidR]

Yes, strange indeed, if it is something they know about then you would have to ask why the hidden, encrypted data in javascript, what is a plain language script, what have they to hide. Either that or they are unaware that their home page has been hacked.

Welcome to the forums.

[dalonzolaw]

Hello,

I have a VBS:Malware-gen

when I access hxxp://www.asdaurora-pregnana.it

VPS Version :  081217-0

can anybody help me ?

thans

iussi

[kubecj]

There is a encrypted javascript at the end of the page, almost certainly a malware, I'd not consider that a FP.

[buyog]

I have the same problem

Avast popups when going to the site
hXXp://kentvoice.com

Screenshot here:
http://root.joshmir.com/vbs-malware.png

Thanks

[Lisandro]

buyog, nowadays, avast malware detection on webpages is quite accurate... take care!

[kubecj]

Large, encrypted stuff at the end of the page, most likely the malware.

Remember:
a) you can catch the bad stuff even from legitimate pages
b) Using MSIE can get you in trouble, avoid it if possible.

[Casaboontha]

a belated thank you to DavidR for pointing out the code!
I was able to fix my website. Thanks and a happy and prsperous 2009!

[DavidR]

You're welcome and a Happy New Year to you too.

[barmon]

Hi

I have avast home and everytime I go to this site:  http://www.clownclicks.com avast pops up for me to abort connection.

It says Malware name: VBS:Obfuscated-gen [trj]

Malware type:  Trojan Horse

VPS version:  090102-0, 01/02/2009

This does not appear in any other sites I go to, just to clownclicks.com
Never had any problems going to clownclicks.com and this virus warning just started about 30 min ago

I asked 3 friends to pull up clownclicks.com and they tell me they do not get any virus warnings.
So why me?

Hope to get answers, thanks!

[polonus]

Hi I scanned it with DrWeb's link checker:
Checking: http://www.clownclicks.com/
Engine version: 4.44.0.9170
File size: 10.84 KB

http://www.clownclicks.com/ - Ok

Checking: http://www.clownclicks.com/functions.js
File size: 7390 bytes

Went there with flock browser and NoScript temporarily allowing that site, no alerts (not from avast). So there must be something else wrong. Is your java version up to date?

polonus