« previous next »
Pages: [1]   Go Down

Author Topic: VBS:Malware-gen Post.exe  (Read 3463 times)

0 Members and 2 Guests are viewing this topic.

free_kscorpio

  • Guest
VBS:Malware-gen Post.exe
« on: December 19, 2009, 10:39:49 PM »
I have done the stupid thing of opening a link sent by a colleague of mine and I got infected by a VBS:Malware-gen. The problem is that it was impossible to do anything to it: I couldn't move it to chest, I couldn't rename it or delete it. This was the pop-up message:
"Sign of "VBS:Malware-gen" has been found in "C:\Users\Carmen\AppData\Local\Opera\Opera\temporary_downloads\poste.exe\run.bat" file. "
The link of the virus is:
http://3stepstosold.com/traci/poste.exe

I tried deleting it manually but I wasn't allowed. I tried changing the rights: it was impossible. The problem is that I couldn't do anything to it and the pop-up alert would just keep showing up. So I decided to "take no action". When I chose this option the post.exe program just disappeared.  I tried researching it online and tried to use a program which was recommended for removing this post.exe virus but it was unable to detect anything.(PREVXCSIFREE64.EXE). The avast scan came up empty as well and a boot scan is impossible to perform because this feature is not available for Windows Vista. I can't find the program anywhere inside the computer. So how do I get rid if it?
Logged

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67183
Re: VBS:Malware-gen Post.exe
« Reply #1 on: December 19, 2009, 10:41:10 PM »
I suggest:

1. Clean your temporary files.
2. Schedule a boot time scanning with avast with archive scanning turned on. It's available for Vista 32 bits. If avast does not detect it, you can try DrWeb CureIT! instead.
3. Use MBAM (or SUPERantispyware or even Spyware Terminator) to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete them.
4. Test your machine with anti-rootkit applications. I suggest avast! antirootkit or Trend Micro RootkitBuster.
5. Make a HijackThis log to post here or this analysis site. Or even submit the RunScanner log to to on-line analysis.
6. Clean your Hosts file (replacing it) with HostsMan tool.
7. Disable System Restore and then reenable it again.
8. Immunize your system with SpywareBlaster.
9. Check if you have insecure applications with Secunia Software Inspector.
Logged
The best things in life are free.

free_kscorpio

  • Guest
Re: VBS:Malware-gen Post.exe
« Reply #2 on: December 20, 2009, 03:55:15 PM »
Thank you for such a quick reply, I am very grateful. I have followed all the steps you suggested yesterday. Avast wasn't able to detect anything, and I cannot run a boot scan because I'm running a 64 bit version. Bun the other programs from the list did find some viruses and were able to successfully quarantine them. Malwarebytes and Doctor web were the ones that solved the problem. Avast antirootkit scan along with others, came up empty. After restarting the computer I performed the scans again an everything appears to be in order. I hope that post.exe virus is gone for good.
Again, thank you very much for the help, I was able to solve this problem in such a short amount of time.
Logged
Pages: [1]   Go Up
« previous next »