Author Topic: Malware-gen detected - Error: system cannot find the file specified (2)  (Read 5435 times)

0 Members and 1 Guest are viewing this topic.

Offline jfour500

  • Newbie
  • *
  • Posts: 2
a friend was using my external drive on their computer and Avast detected a threat, so they disconnected immediately.

I scanned the drive on my computer using malwarebytes, avg 9 and superantispyware, didnt find anything

Downloaded Avast, scanned & found

N:\System Volume Information|_restore(2846F638-C5AC-45B1-8F7F-98C3A36B3599)\RP67\A0066582.inf

Threat:VBS:Malware-gen

Error: The system cannot find the file specified (2)

Can not move, delete etc

Not very tech savy, suggestions on how to deal with this please! Thanks!




Offline Asyn

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32779
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
As this threat is located in system restore, just empty system restore or this one restore point.
Or let avast put it to the chest..!
asyn
XP SP3 - Avast 10.3.2225 - CIS 3.14 [FW/D+] - MBAM 1.75 [On Demand] - Firefox ESR 31.8 [NS/ABP/EHH/SVC] - Thunderbird 38.1 [EM]
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen und Infos):
https://forum.avast.com/index.php?topic=60523.0

Offline jfour500

  • Newbie
  • *
  • Posts: 2
Avast is unable to put it in the chest.
Cleared restore, rescanning, fingers crossed!

Thanks for advice!

Offline Asyn

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32779
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Avast is unable to put it in the chest.
Cleared restore, rescanning, fingers crossed!
Thanks for advice!

You're welcome..! :)
Awaiting your reply..!!
asyn
XP SP3 - Avast 10.3.2225 - CIS 3.14 [FW/D+] - MBAM 1.75 [On Demand] - Firefox ESR 31.8 [NS/ABP/EHH/SVC] - Thunderbird 38.1 [EM]
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen und Infos):
https://forum.avast.com/index.php?topic=60523.0

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 24630
  • malware fighter
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline dozey_dude

  • Newbie
  • *
  • Posts: 1
Hi I have had a similar problem,
avast keeps finding the problem but cannot remove it. I think the issue is either in the windows or
i386 directory.

File name: SVC: PRAGMArnnsmbexnm
Severity: High
Status: Threat: Rootkit: hidden service

Result: Error: The system cannot find the file specified(2)

Is there a way to remvove this problem, and is it really an issue?

If anyone has any ideas please let me know

Offline Asyn

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32779
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Is there a way to remvove this problem, and is it really an issue?

If you're on a 32bit system, run a boot time scan with avast.
Report back.
And yes, a rootkit infection is a rather big issue...
asyn
XP SP3 - Avast 10.3.2225 - CIS 3.14 [FW/D+] - MBAM 1.75 [On Demand] - Firefox ESR 31.8 [NS/ABP/EHH/SVC] - Thunderbird 38.1 [EM]
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen und Infos):
https://forum.avast.com/index.php?topic=60523.0

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 37776
  • Dragons by Sasha
    • Malware fixes
That is a very sneaky rootkit

GMER Rootkit Scanner - Download - Homepage
  • Download GMER
  • Extract the contents of the zipped file to desktop.
  • Double click GMER.exe.

  • If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
  • In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)

    Click the image to enlarge it
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "ark.txt" 
  • Save the log where you can easily find it, such as your desktop.
**Caution**Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Please copy and paste the report into your Post.

THEN

Download OTL  to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select Scan all users
  • Under the Custom Scan box paste this in

netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Attach both logs

Offline Asyn

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32779
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
As Essexboy jumps in here, follow his advice...! ;)
asyn
XP SP3 - Avast 10.3.2225 - CIS 3.14 [FW/D+] - MBAM 1.75 [On Demand] - Firefox ESR 31.8 [NS/ABP/EHH/SVC] - Thunderbird 38.1 [EM]
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen und Infos):
https://forum.avast.com/index.php?topic=60523.0