Need help cleaning files of VBS:Solow

[Ptimmyj]

Hey everyone
I've looked up how to deal with the VBS:Solow worm, but i can't find any information on cleaning files that have the virus attached to them.
Avast is telling me the severity is "High"
Is this possible? It is attached to an important .WAV audio file and I would rather not delete it, but when I try to repair in Avast it says: "Error: file not repaired. (42060)"
Also, nothing showed up when scanned with Avira and SuperAntiSpyware
Thanks a lot!

[Pondus]

http://www.tech-pro.net/howto_002.html
Unlike most viruses, worms do not usually modify or "infect" existing files on a computer. They are usually self-contained files, often dropped into system folders such as the Windows folder. Therefore, removing a worm from a computer should simply be a matter of identifying and deleting the files it installed, and the registry links that may be pointing to them. However, removal may be made more complicated because:


Worm.VBS.Solow.A
http://www.bitdefender.com/VIRUS-1000187-en--Worm.VBS.Solow.A.html

VBS/Solow-A
http://www.sophos.com/security/analyses/viruses-and-spyware/vbssolowa.html

Worms infect computers, but do not infect files. They can simply be identified and deleted.
Removing worms http://www.sophos.com/support/disinfection/worms.html

Removal instructions for Worm VBS Solow g:
To delete this malware infection, please download and install Emsisoft Anti-Malware.
Run a full scan on all drives and move all detected items to the quarantine.

[Pondus]

Check your computer for Malware with

Malwarebytes Antimalware http://filehippo.com/download_malwarebytes_anti_malware/
after install click UPDATE and run quick scan, click on REMOVE SELECTED to quarantine anything found

SUPERAntiSpyware http://filehippo.com/download_superantispyware/
Are cookies really spyware and are they dangerous?
http://www.superantispyware.com/supportfaqdisplay.html?faq=26

If anything is found come back and post the scan logs here

[Pondus]

Also, nothing showed up when scanned with Avira and SuperAntiSpyware

Well if avast have moved the file to chest, then there is noting to detect

are you running avast and avira at the same time ?


Running two antivirus
http://www.bleepingcomputer.com/forums/index.php?s=df90e4e4d3d5f704b8c6ad2d3410903f&showtopic=260844&view=findpost&p=1441638

[Ptimmyj]

Yeah I was running avira and avast at the same time... but I have since reinstalled avira as an on-call scanner and the files in avasts' virus chest still show up as infected with VBS:Solow... that's why I was confused because this is a worm and isn't supposed to infect already existing files...
SuperAntiSpyware detects nothing either. My files will play when restored so I'm wondering if maybe this is just a false-positive due to me running the two at once, and that avast has retained the false-positive info?? I don't know, I just don't want to move the file from my laptop to my pro tools machine there is any potential for even minor damage
thanks for your help guys, i'll try some of the other things suggested as well!

[polonus]

Hi Ptimmyj,

This is a Network Worm. This is a security risk and you should remove this threat immediately. Otherwise it may cause data loss or other misbehavior including performance degradation. It is highly recommended that you run Solo antivirus to remove this Worm.VBS.Solow.B along with any other Viruses, Trojans, Worms, Adware, Spyware, Rootkits, and Malicious software.These are steps you have to take to get rid of it completely:

The following instructions pertain to your current and recent av solution:

   1. Disable System Restore (Windows Me/XP).
   2. Update the virus definitions.
   3. Run a full system scan.
   4. Delete any values added to the registry.
       To delete the value from the registry
Important: It is strongly recommended that you back up the registry before making any changes to it.
Incorrect changes to the registry can result in permanent data loss or corrupted files.
Modify the specified subkeys only.

   1. Click Start > Run.
   2. Type regedit
   3. Click OK.

      Note: If the registry editor fails to open the threat may have modified the registry to prevent access to the registry editor. Security Response has developed a tool to resolve this problem. Download and run this tool, and then continue with the removal. Downoad here: http://securityresponse.symantec.com/avcenter/venc/data/tool.to.reset.shellopencommand.registry.keys.html

   4. Navigate to and delete the following registry entries:

      HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\"FS6519" = "%Windir%\FS6519.dll.vbs"
      HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Window Title" = "TAGA LIPA ARE!"

   5. Exit the Registry Editor,

polonus

[Ptimmyj]

Thank you everyone especially polonus for your help! However the problem still remains...
My computer is fine and their is/was nothing wrong with the registry, but now it's my 130GB WD external hardrive that is infected according to Avast.
Here's an update:
- scanned with Solo antivirus: nothing.
- scanned with Avira: nothing
- scanned with AntiMalwarebytes - nothing
- scanned with SuperAntiSpyware - nothing
- ran a Combofix - nothing
- DiskDisinfector - nothing
- Avast boot-time scan - nothing???
- Avast: SAME results, and I know it's going to keep happening because a new audio file that i just recorded today is infected with VBS:Solow. When I try to repair it says "file not repaired" and when I try to move it to the chest it says "not enough disk space" which is bull#&&$ cause there's lots of space.
* all of these results are from both scanning the files while still on the external and also from scanning them on my laptop after copying them over.

So i think something is wrong with Avast, for why would I get nothing found in the boot-up scan??
It's kind of annoying to say the least, these files are extremely important and I do NOT want my computer to get all f*#&ed up.

I did play one of the infected files in Itunes and it worked....... so I don't know what is up.
For now I'm assuming it's all safe, but I don't want to lose any information on the off-chance that this is a serious issue like Polonus suggested...

Thank you for your help!