VBS:Malware-gen

[dan the immunology man]

Just wanted to say thanks for the quick response, Initially had this problem but appears corrected now.

[ericvd]

Hello,
had same VBS:Malware-gen stuff   on  a few different sites . They almost all  disappeared after   the different updates in Avast! (home edition) of the last  2 days, EXCEPT one :   on my   mail  site (annoying !!) .
Running VPS  file version =  080127-1  . Ran  full (= also program )update  1 hr ago (with no effect since  standard setting= automatic update ) .
Site :  WWW.aemail4u.com .
Problem starts  when logging in  on the  mail server  (I mean :  www.aemail4u.com is OK,  but  any further attempt  creates a warning )
Last msg from the log : (2 mins ago) :
Sign of "VBS:Malware-gen" has been found in "http://aemail4u.mail.everyone.net/email/scripts/welcome.pl?EV1=12014509807790792" file .

[kubecj]

False alarm removed from the database. Will be out on the next update.

(You know, without report we can't do anything)

[mp5]

Updated VPS to 080128-0, but is still getting the problem with this address
http://www.huaren.us/index71.asp?boardid=355

It's ok to go to the main page, http://www.huaren.us/, but if you go to any forums the warning about VBS:Malware-gen will come up. It's a Chinese website, but it has English names for the forums too, like Exchange, Parenting, etc. My wife visits the website everyday. Please have the problem fixed so she can stop bothering me. 

[kubecj]

False alarm removed. Thanks for your submission.

Please remember, that without the reports we can't fix things (because we don't know they're broken).

[jeannot]

Hello,

I have the same problem with the website of an hotel in italy : http://www.casalbertina.it/
I receive this virus message and the connexion can't go on.
I've immediately do a scan of the PC : Avast found the same "virus" on d: in a folder where there is nothing special or new (some previous scans with avast and an other antivirus online of this folder have nothing founded ) then blocked.
Avast update itself automatically.
Here is the log :
"28/01/2008 20:07:26   SYSTEM   1444   Sign of "VBS:Malware-gen" has been found in "http://www.casalbertina.it/favicon.ico" file. 
28/01/2008 20:07:34   SYSTEM   1444   Sign of "VBS:Malware-gen" has been found in "http://www.casalbertina.it/" file. 
28/01/2008 20:09:30   SYSTEM   1444   Sign of "VBS:Malware-gen" has been found in "http://www.casalbertina.it/" file. 
28/01/2008 20:42:09   SYSTEM   1444   Sign of "VBS:Malware-gen" has been found in "http://www.casalbertina.it/" file. 
28/01/2008 20:42:28   SYSTEM   1444   Sign of "VBS:Malware-gen" has been found in "http://www.casalbertina.it/" file. 
28/01/2008 21:04:56   Eigenaar   3944   Sign of "Win32:Adware-gen [Adw]" has been found in "D:\BACK UP PROGRAMMES ET OUTLOCK\MISES A JOUR  PC\Nero-6.6.1.15a.exe\Toolbar.exe\[Embedded#620d0]\[Embedded#04080]" file. 
28/01/2008 22:23:37   SYSTEM   1448   Sign of "VBS:Malware-gen" has been found in "http://www.casalbertina.it/" file.  "

Can you help me.
Thanks in advance

[kubecj]

The hotel's webpage contains double encrypted hidden iframe. I'd not call this a false alarm, it's highly suspicious.

[jeannot]

OK. Thank you.
But the other one found on d: ?
It's an update of nero 6 (download a long time ago on the site of Ahead) and which was ignored before.
An explanation ?

[ericvd]

thanks for your  help !  Last update loaded today (***128-0 ),  and my problem is solved .
You're the best ! ! ! 

[mp5]

Updated VPS to 080128-0, but is still getting the problem with this address
http://www.huaren.us/index71.asp?boardid=355

Updated and problem solved. Thanks a bunch!

[mairy]

Same problem here white trying to enter http://foromjworldpage.mforos.com, a forum of www.miarroba.com community. I guess that's the web... It's the only website I entered today...

VPS: 080131-1

I tried to clik the options but the alarm comes again just some secondslater.

[kubecj]

Running the very same VPS, I visited the site and got no warning. Next time please copy the url from the warning dialogue, so that I may download and check it. Thanks.

[mairy]

Ok, i'll do it.... But, meanwhile, how do i close the window that appears over and pver again? Do I hace to click "no hacer nada" (don't do anything").... All the other options don't work, the window appears just some seconds later....

[mairy]

It says the virus was found on "c:\autorun.inf" The log says nothing about any website....

And the window appears over an pver again, I'm starting going crazy

[Maxx_original]

it's a correct detection imho... autorun viruses are quite widespread in last few months... i can't understand microsoft hole to system, when they left autoruns turned on for all drives by default.. it gives no sense to allow autorun for other devices than CD/DVD... unfortunately, many ppl have no idea how to turn it off right after installation..