VBS:Malware-gen

[MrChuck]

Thanks to all, I have passed this information on to the webmaster at Australia Olives.

[MrChuck]

Here is the webmaster's comment--interesting!

'I did at one stage install a Google Adsense module on the site. stat-google.com is referenced in that file.
I subsequently removed the google ads, but the script that Google gave me is still on the site. It's used for counting the number of 'click-throughs' that are made from a Google ad to the advertisers home page, so that Google can pay commissions. I'm am sure it won't hurt you, but I will take it off the site since we're not using it anyway.
In the meantime, I did also find a folder full of images that i didn't put there, and which I'm getting our service provider to look into as well.'

So is google adsense a worm? :-)

MrChuck

[kubecj]

I'll ask Paranoia Inc. subsidiary in my neighborhood 

Problem is we're mostly getting 'how' it's done. And doing that encrypted in an external file looked simply suspicious (I it does not matter which site it contacts).

[designsbywinter]

I have this similar problem in a Plugin that is made for Cash Crusader GPT script software.

I am getting the warning to abort connection because the file emailidlist.php has the virus VBS: malware-gen

Is there a way for me to submit the zip file so you guys can put it on your white list or something? This is a highly sold plugin and I do not need that warning popping up for customers to think they are buying an infected product.

Thanks in advance for your help! 

Winter Perkins
www.designsbywinter.info
www.seamlesswebsolutions.com

[Lisandro]

Is there a way for me to submit the zip file so you guys can put it on your white list or something?

You send the samples to virus@avast.com ?
You can zip and password the files... Inform a link to this thread and the password used.
Or you can send the files to Chest and, from there, resend to Alwil for analysis.
Thanks.

As a workaround, if you think and are sure it's a false positive, you can add these files to the Standard Shield provider (on-access scanning) exclusion list.
Left click the 'a' blue icon, click on the provider icon at left and then Customize. Go to Advanced tab and click on Add button...
You can use wildcards like * and ?. But be careful, you should 'exclude' that many files that let your system in danger.
You can add the url to WebShield exclusion list also.

[kubecj]

False alarm, fixed in the internal build.

[Lisandro]

False alarm, fixed in the internal build.

Thanks for the quick response. Hey... today is Sunday

[kubecj]

Monday here already 

[Lisandro]

Monday here already 

Wow... worse... it's late in the evening... children must be at their bed

[Smoovious]

I have to add another site that may be giving a falst positive.

hxxp://absolute-bikini.com/ (and hxxp://absolute-bikini.com/)

Also, once I block the malware from the page, I find I can't even attempt to bring up the page again.

Is there something in avast that is preventing it? I was going to try and find out what was in the page source but can't do that now.

I haven't found anywhere where the site is blacklisted yet, still looking tho.

-- Smoovious

[kubecj]

Indeed a false alarm. Removed from the internal build, will be fixed in next public vps update.

[Smoovious]

but what about not being able to bring up the site again? can I reset that right?

--Smoovious

[DavidR]

You could temporarily add the domain the the Web Shield, Customize, Exceptions tab, URLs to exclude. That however would leave a large hole in the web shield security.

If you can do without your bikini fix for a short time, then the next VPS update shouldn't be too long.

[Smoovious]

hahahaha. I don't need it now, no... just wanted to make sure that it wasn't going to be persistent after the next VPS update.

-- Smoovious

[SOURAV]

i am new in this forum. i ve been using avst home edition last one year The problem I'm facing is whenever I plugin USB drive into pc and double-click to open that, it takes some time to open then my avst continuously shows a virus has been detected message c:\windows\system32\BV:malware gen, then follwed by a message box windows script host: can not find script file c:\documents and settings\Administrator\boot.vbs"  when click ok to terminate it re appeares again and again i could not stooped it. if reboot also it appears again. please help me  [I scan everytime I plugin USB]





Is there any antispyware, antimalware or antivirus program that I need to run in order to save from virus and worms.

Please reply.

Thanks.