VBS

[brickman]

Hi, my Avast told me that my pc has the following virus:

File name:       H:\Autorun.inf
Malware name:     VBS: Malware-gen
VPS Version:    091112-0, 11/12/2009
 
I ran Malwarebytes' Anti-Malware, CounterSpy, and Livecare; none of the three found anything wrong. Could it be a bluff from Avast since my free trial is about to expire? Any help will be greatly appreciated.

Thank you.

[nmb]

Hello brickman

bluffing is done by rogue av's and avast is no rogue.

well it might be a false positive.

go to cmd

change directory to h: (or the drive where the virus was found)

type "edit Autorun.inf"

copy and paste the contents of the opened autorun.inf file in the editor here.

close cmd.

well let you know whether it is a fp or not.

alternatively, get panda usb vaccine : http://download.softpedia.com/dl/94db7ef081ce0aa64a36449ca7faeb8e/4b01426f/100122684/software/security/USBVaccineSetup.exe

install without the ntfs support and vaccinate your computer. install this update : http://support.microsoft.com/kb/971029 by downloading the required updater based on your os.

nmb

[brickman]

Hello brickman

bluffing is done by rogue av's and avast is no rogue.

well it might be a false positive.

go to cmd

change directory to h: (or the drive where the virus was found)

type "edit Autorun.inf"

copy and paste the contents of the opened autorun.inf file in the editor here.

close cmd.

well let you know whether it is a fp or not.

alternatively, get panda usb vaccine : http://download.softpedia.com/dl/94db7ef081ce0aa64a36449ca7faeb8e/4b01426f/100122684/software/security/USBVaccineSetup.exe

install without the ntfs support and vaccinate your computer. install this update : http://support.microsoft.com/kb/971029 by downloading the required updater based on your os.

nmb

call me dumb, but what is cmd?, and by the way, I don't think I have an H drive at all.

[nmb]

oki.

if you read your first post again, you can see

File name:       H:\Autorun.inf

- probably its a usb drive.

insert the usb drive again. close the autorun window, if you get any.

do not open the usb folder. just check the drive whether h: or any other.

open run command : windows key(keyboard) + R , type "cmd" without quotes hit enter you should see a dark background windows open.

now type : "cd drive:" replace drive: with the drive of your usb. again without quotes

type "edit Autorun.inf" hit enter - again without quotes

now you will see a editor with blue background.

select all the contents of it, copy and paste(post) here.

close the cmd window.

and then

get panda usb vaccine : http://download.softpedia.com/dl/94db7ef081ce0aa64a36449ca7faeb8e/4b01426f/100122684/software/security/USBVaccineSetup.exe

install without the ntfs support and vaccinate your computer.

install this update : http://support.microsoft.com/kb/971029 by downloading the required updater based on your os.

nmb

[brickman]

oki.

if you read your first post again, you can see

File name:       H:\Autorun.inf

- probably its a usb drive.

insert the usb drive again. close the autorun window, if you get any.

do not open the usb folder. just check the drive whether h: or any other.

open run command : windows key(keyboard) + R , type "cmd" without quotes hit enter you should see a dark background windows open.

now type : "cd drive:" replace drive: with the drive of your usb. again without quotes

type "edit Autorun.inf" hit enter - again without quotes

now you will see a editor with blue background.

select all the contents of it, copy and paste here.

close the cmd window.

and then

get panda usb vaccine : http://download.softpedia.com/dl/94db7ef081ce0aa64a36449ca7faeb8e/4b01426f/100122684/software/security/USBVaccineSetup.exe

install without the ntfs support and vaccinate your computer. install this update : http://support.microsoft.com/kb/971029 by downloading the required updater based on your os.

nmb

Hello brickman

bluffing is done by rogue av's and avast is no rogue.

well it might be a false positive.

go to cmd

change directory to h: (or the drive where the virus was found)

type "edit Autorun.inf"

copy and paste the contents of the opened autorun.inf file in the editor here.

close cmd.

well let you know whether it is a fp or not.

alternatively, get panda usb vaccine : http://download.softpedia.com/dl/94db7ef081ce0aa64a36449ca7faeb8e/4b01426f/100122684/software/security/USBVaccineSetup.exe

install without the ntfs support and vaccinate your computer. install this update : http://support.microsoft.com/kb/971029 by downloading the required updater based on your os.

nmb

the blue screen comes out empty.

[nmb]

are you sure you checked the usb autorun.inf ?

did you install the tools I asked you to? : panda usb vaccine and ms update?

nmb

[brickman]

are you sure you checked the usb autorun.inf ?

did you install the tools I asked you to? : panda usb vaccine and ms update?

nmb

I will in a minute, I thought the cmd was first. I will let you know.

[brickman]

are you sure you checked the usb autorun.inf ?

did you install the tools I asked you to? : panda usb vaccine and ms update?

nmb

I will in a minute, I thought the cmd was first. I will let you know.

OK, computer and g drive (usb memory stick) vaccinated . Also downloaded ms update, did a cmd for drive g and came out with an empty blue screen, H drive is not found by the system

C:\Documents and Settings\RAUL SR>H:
The system cannot find the drive specified.

C:\Documents and Settings\RAUL SR>

[nmb]

now nothing to worry. your system is protected from virus being automatically executed when you insert the key. make sure you scan your usb key everytime you insert.

do you see a file autorun_.inf any of the drives?..

nmb

[brickman]

now nothing to worry. your system is protected from virus being automatically executed when you insert the key. make sure you scan your usb key everytime you insert.

do you see a file autorun_.inf any of the drives?..

nmb

the only one is in my Magicjack (voip) :


[AutoRun]
action= "Start  magicJack"
icon= autorun.ico
defaultaction=autorun.ico
label=magicJack
open=autorun.exe
shell\phone\command=autorun.exe
shell\phone=Start &magicJack
shell=phone

[Content]
MusicFiles=0
PictureFiles=0
VideoFiles=0

[IgnoreContentPaths]

[DeviceInstall]
;DriverPath=

[nmb]

search for autorun.exe in your drive and upload it to virustotal.com and give us the link.

nmb

[brickman]

search for autorun.exe in your drive and upload it to virustotal.com and give us the link.

nmb

got to go, will try later, thank you.

[brickman]

search for autorun.exe in your drive and upload it to virustotal.com and give us the link.

nmb

got to go, will try later, thank you.

the only autorun.exe is in my e drive, like I said before, which is a VOIP, is that the one you want?

[Jastis Bago]

its problem ??

[nmb]

the only autorun.exe is in my e drive, like I said before, which is a VOIP, is that the one you want?

yes you can upload it to virustotal.com and give the link.

nmb