Author Topic: VBS:Malware-gen  (Read 199219 times)

0 Members and 1 Guest are viewing this topic.

dan the immunology man

  • Guest
Re: VBS:Malware-gen
« Reply #30 on: January 26, 2008, 10:35:07 PM »
Just wanted to say thanks for the quick response, Initially had this problem but appears corrected now.

ericvd

  • Guest
Re: VBS:Malware-gen
« Reply #31 on: January 27, 2008, 05:47:48 PM »
Hello,
had same VBS:Malware-gen stuff   on  a few different sites . They almost all  disappeared after   the different updates in Avast! (home edition) of the last  2 days, EXCEPT one :   on my   mail  site (annoying !!) .
Running VPS  file version =  080127-1  . Ran  full (= also program )update  1 hr ago (with no effect since  standard setting= automatic update ) .
Site :  WWW.aemail4u.com .
Problem starts  when logging in  on the  mail server  (I mean :  www.aemail4u.com is OK,  but  any further attempt  creates a warning )
Last msg from the log : (2 mins ago) :
Sign of "VBS:Malware-gen" has been found in "http://aemail4u.mail.everyone.net/email/scripts/welcome.pl?EV1=12014509807790792" file .

kubecj

  • Guest
Re: VBS:Malware-gen
« Reply #32 on: January 27, 2008, 06:03:55 PM »
False alarm removed from the database. Will be out on the next update.

(You know, without report we can't do anything)

mp5

  • Guest
Re: VBS:Malware-gen
« Reply #33 on: January 28, 2008, 09:08:00 PM »
Updated VPS to 080128-0, but is still getting the problem with this address
http://www.huaren.us/index71.asp?boardid=355

It's ok to go to the main page, http://www.huaren.us/, but if you go to any forums the warning about VBS:Malware-gen will come up. It's a Chinese website, but it has English names for the forums too, like Exchange, Parenting, etc. My wife visits the website everyday. Please have the problem fixed so she can stop bothering me.  :(

kubecj

  • Guest
Re: VBS:Malware-gen
« Reply #34 on: January 28, 2008, 09:21:41 PM »
False alarm removed. Thanks for your submission.

Please remember, that without the reports we can't fix things (because we don't know they're broken).

jeannot

  • Guest
Re: VBS:Malware-gen
« Reply #35 on: January 28, 2008, 10:47:08 PM »
Hello,

I have the same problem with the website of an hotel in italy : http://www.casalbertina.it/
I receive this virus message and the connexion can't go on.
I've immediately do a scan of the PC : Avast found the same "virus" on d: in a folder where there is nothing special or new (some previous scans with avast and an other antivirus online of this folder have nothing founded ) then blocked.
Avast update itself automatically.
Here is the log :
"28/01/2008 20:07:26   SYSTEM   1444   Sign of "VBS:Malware-gen" has been found in "http://www.casalbertina.it/favicon.ico" file. 
28/01/2008 20:07:34   SYSTEM   1444   Sign of "VBS:Malware-gen" has been found in "http://www.casalbertina.it/" file. 
28/01/2008 20:09:30   SYSTEM   1444   Sign of "VBS:Malware-gen" has been found in "http://www.casalbertina.it/" file. 
28/01/2008 20:42:09   SYSTEM   1444   Sign of "VBS:Malware-gen" has been found in "http://www.casalbertina.it/" file. 
28/01/2008 20:42:28   SYSTEM   1444   Sign of "VBS:Malware-gen" has been found in "http://www.casalbertina.it/" file. 
28/01/2008 21:04:56   Eigenaar   3944   Sign of "Win32:Adware-gen [Adw]" has been found in "D:\BACK UP PROGRAMMES ET OUTLOCK\MISES A JOUR  PC\Nero-6.6.1.15a.exe\Toolbar.exe\[Embedded#620d0]\[Embedded#04080]" file. 
28/01/2008 22:23:37   SYSTEM   1448   Sign of "VBS:Malware-gen" has been found in "http://www.casalbertina.it/" file.  "

Can you help me.
Thanks in advance

kubecj

  • Guest
Re: VBS:Malware-gen
« Reply #36 on: January 28, 2008, 11:28:29 PM »
The hotel's webpage contains double encrypted hidden iframe. I'd not call this a false alarm, it's highly suspicious.

jeannot

  • Guest
Re: VBS:Malware-gen
« Reply #37 on: January 29, 2008, 11:12:14 AM »
OK. Thank you.
But the other one found on d: ?
It's an update of nero 6 (download a long time ago on the site of Ahead) and which was ignored before.
An explanation ?

ericvd

  • Guest
Re: VBS:Malware-gen
« Reply #38 on: January 29, 2008, 04:34:57 PM »
thanks for your  help !  Last update loaded today (***128-0 ),  and my problem is solved .
You're the best ! ! ! 

mp5

  • Guest
Re: VBS:Malware-gen
« Reply #39 on: January 30, 2008, 01:15:53 AM »
Updated VPS to 080128-0, but is still getting the problem with this address
http://www.huaren.us/index71.asp?boardid=355

Updated and problem solved. Thanks a bunch!

mairy

  • Guest
Re: VBS:Malware-gen
« Reply #40 on: January 31, 2008, 05:24:57 PM »
Same problem here white trying to enter http://foromjworldpage.mforos.com, a forum of www.miarroba.com community. I guess that's the web... It's the only website I entered today...

VPS: 080131-1

I tried to clik the options but the alarm comes again just some secondslater.

kubecj

  • Guest
Re: VBS:Malware-gen
« Reply #41 on: January 31, 2008, 05:28:18 PM »
Running the very same VPS, I visited the site and got no warning. Next time please copy the url from the warning dialogue, so that I may download and check it. Thanks.

mairy

  • Guest
Re: VBS:Malware-gen
« Reply #42 on: January 31, 2008, 05:32:34 PM »
Ok, i'll do it.... But, meanwhile, how do i close the window that appears over and pver again? Do I hace to click "no hacer nada" (don't do anything").... All the other options don't work, the window appears just some seconds later....

mairy

  • Guest
Re: VBS:Malware-gen
« Reply #43 on: January 31, 2008, 06:09:27 PM »
It says the virus was found on "c:\autorun.inf" The log says nothing about any website....

And the window appears over an pver again, I'm starting going crazy ::)
« Last Edit: January 31, 2008, 06:14:31 PM by mairy »

Offline Maxx_original

  • Moderator
  • Super Poster
  • *
  • Posts: 1479
Re: VBS:Malware-gen
« Reply #44 on: January 31, 2008, 09:35:50 PM »
it's a correct detection imho... autorun viruses are quite widespread in last few months... i can't understand microsoft hole to system, when they left autoruns turned on for all drives by default.. it gives no sense to allow autorun for other devices than CD/DVD... unfortunately, many ppl have no idea how to turn it off right after installation.. :-\