Author Topic: vbs/soraci virus  (Read 3365 times)

0 Members and 1 Guest are viewing this topic.

Offline avastjo

  • Newbie
  • *
  • Posts: 2
vbs/soraci virus
« on: July 19, 2004, 07:10:35 AM »
I downloaded your homve version and scanned the hard drive. Virus VBS/Soraci were detected and I selected the repair option but received an error message stating that basically states that the virus was not removed.

Any suggestion in removing this type of virus? At the moment I cannot choose the delete option.

Thanks in advance

Regards

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31303
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re:vbs/soraci virus
« Reply #1 on: July 19, 2004, 07:36:17 AM »
1) What os do you have?
2) What is the exact msg Avast gave?
3) In what file(s) was the infection detected?
4) What is/are the location of this/these file(s)?

VBS/Soraci-A is a HTML-based script which infects files with an extension of HTM, HTML or HTT in the current folder and all sub-folders of the current folder and changes browser settings for Microsoft Internet Explorer by setting registry entries.

If this is the vbs Avast detects, you most likely wouldn't have been infected if you had installed ALL security patches/update from Microsoft.

Why are you surprised if Avast says it is not removed while you have chosen repair? Repairing and removing are two different things. Run a full system scan and remove (delete) all infected files. Enable "remove on next system startup" if needed.

If this doesn't work for some odd reason, click on the link in my signature and follow the instructions there. And please answer the questions so we know more and can give more accurate help.

Offline avastjo

  • Newbie
  • *
  • Posts: 2
Re:vbs/soraci virus
« Reply #2 on: July 19, 2004, 08:16:14 AM »
Thanks for your information.

I am using windows 98se with previously IE6 but now using IE5. The reason for the downgrade in IE browser was for whatever reason IE6 just keeps terminating even in an offline mode. I don't know whether this is connected with vbs virus. The IE6 version was obtained from the latest AOL cd (version 9).

During a scan, the message 'a virus was found' was displayed. The message also includes the following:

Virus name: VS: Malware[Script]
VPS version: 0424-3, 06/11/2004

The available actions: delete .... repair...

Choosing the repair option, the message 'the file was not repaired. Cannot processed with  the name of the infected file '

Subsequent error message: 'Error occurred during file repaired'

At this time, deleting or removing the infected html files is not option for me.  I am trying for a remedy that will remove the vbs virus from the file.

Thanks and regards,

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31303
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re:vbs/soraci virus
« Reply #3 on: July 19, 2004, 08:50:17 AM »
There are two versions of IE6, one for NT systems and one for 98. You may have installed the wrong version. Get the correct one from the Microsoft website. http://www.microsoft.com/windows/ie/downloads/critical/ie6sp1/default.mspx

I see that you are using a old vps, the current version is 429-2.

If you want to keep your system as safe as possible, you really need to keep it up-to-date.

Why not just remove the infected files? Seems like the best solution to me. If you know HTML you can ofcourse edit each infected htm file in notepad and remove the harmfull code. But if you have a lot of files, it also will take a lot of time

Offline CharleyO

  • Avast Evangelist
  • Starting Graphoman
  • ***
  • Posts: 7085
  • Be alert for error code - ID 10T
Re:vbs/soraci virus
« Reply #4 on: July 20, 2004, 05:57:41 AM »
IE5 is a known security risk. This may be how you got infected. If your computer was already infected when IE6 was downloaded and was the right version, the infection may have caused the problem. More likely, Artras is right and you got an NT version.

Never trust anything AOL. Do as Artras suggested and get IE6 (with all other available updates/security patches) directly from Windows Update site only! This way, you will get the correct updates/patches for your computer's OS.    :)  

I am also using W98SE with IE6 and have no problems.    :D  


« Last Edit: July 20, 2004, 06:02:46 AM by CharleyO »
Self-built desktop (8 years old) - AMD64 3200+_Gigabyte GA-K8NS Ultra-939_4 gb RAM_GeForceFX 5800w/256 ram_XP/SP3_Avast 7_MBAM_ZA Free __and__ Toshiba Satellite Laptop_W7-64bit_ 4 gb Ram_Avast 8_MBAM