Author Topic: VBS:ExeDropper-gen, please help!  (Read 14067 times)

0 Members and 1 Guest are viewing this topic.

StefanR

  • Guest
VBS:ExeDropper-gen, please help!
« on: April 19, 2011, 04:39:45 PM »
Hi I'm not fantastic with computers so bare with me.
I am having some severe issues with a virus named:
VBS:ExeDropper-gen

I'm running avast version 4.8


It seems that all of my .htm and .html files are being infected and detected as virus's
I'm at a loose end any help would be much appreciated.

Thanks

Stefan

Djleder

  • Guest
Re: VBS:ExeDropper-gen, please help!
« Reply #1 on: April 19, 2011, 04:45:17 PM »
Please update to the latest Avast 6. There was a error in the definitions detecting false positives. Also Avast 6 has much better detection and removal then 4.8. You can download Avast 6 from this site :)Hope this helps!

StefanR

  • Guest
Re: VBS:ExeDropper-gen, please help!
« Reply #2 on: April 19, 2011, 04:50:56 PM »
Thanks, Doing this now.
I have also ran something called malwarebytes antimalware and that found 7 things which were put into quarantine.

Djleder

  • Guest
Re: VBS:ExeDropper-gen, please help!
« Reply #3 on: April 19, 2011, 04:56:14 PM »
Good! Sounds like your on the right path please make sure to uninstall avast 4.8 before install avast 6!

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37614
  • Not a avast user
Re: VBS:ExeDropper-gen, please help!
« Reply #4 on: April 19, 2011, 04:57:41 PM »
Thanks, Doing this now.
I have also ran something called malwarebytes antimalware and that found 7 things which were put into quarantine.
I recomed posting all scan logs here

Ornette

  • Guest
Re: VBS:ExeDropper-gen, please help!
« Reply #5 on: April 19, 2011, 04:59:51 PM »
As I am here and an waiting for a reply myself, thought I'd just say

Have you checked your task manager to see what processes are running?

There's a good chance there's some spawned browser processes - IEXPLORE.EXE or FIREFOX.EXE - running

These would be infecting your files with the ExeDropper

StefanR

  • Guest
Re: VBS:ExeDropper-gen, please help!
« Reply #6 on: April 19, 2011, 05:04:45 PM »
Going to post the logs here soon just have to get them from the infected computer to my laptop,
Going to install version 6 of avast.
I noticed 3 iexplorer.exe processes which I have now ended.
I have also turned off my wireless internet on the PC.

Ornette

  • Guest
Re: VBS:ExeDropper-gen, please help!
« Reply #7 on: April 19, 2011, 05:12:26 PM »
I noticed 3 iexplorer.exe processes which I have now ended.

Yes that is the dreaded RAMNIT

Everyone seems to be having this problem and noone seems to have the definite answer to solving it

Your best bet so far, from me, is to END THOSE processes as soon as you turn on your computer to prevent further damages

If you check my post, on this thread, you will see my current progress
http://forum.avast.com/index.php?topic=63275.msg633553#msg633553

StefanR

  • Guest
Re: VBS:ExeDropper-gen, please help!
« Reply #8 on: April 19, 2011, 05:17:20 PM »
ahh damn that sounds bad...

well I'll check out your post and will post my logs here shortly,

Am I looking at a full system re-boot here? I would really like to avoid this if possible

many thanks for your response :)

Djleder

  • Guest
Re: VBS:ExeDropper-gen, please help!
« Reply #9 on: April 19, 2011, 05:21:05 PM »
Ornette please post a log of your Malwarebytes scan So we can determine further action.

Thanks! Also from this point we do not have enough data to determine if it is Ramnit, if you post logs and more info we can find the exact problem!

argus

  • Guest
Re: VBS:ExeDropper-gen, please help!
« Reply #10 on: April 19, 2011, 05:32:55 PM »
StefanR

Download DDS and save it to your Desktop from here:
http://download.bleepingcomputer.com/sUBs/dds.scr

Double click dds.scr to run the tool.

    * When done, DDS will open two (2) logs:
         1. DDS.txt
         2. Attach.txt

Save both reports to your desktop. Post DDS.txt back to topic.

argus

  • Guest
Re: VBS:ExeDropper-gen, please help!
« Reply #11 on: April 19, 2011, 05:40:02 PM »
DDS log send as attach


Ornette

  • Guest
Re: VBS:ExeDropper-gen, please help!
« Reply #12 on: April 19, 2011, 05:42:05 PM »
Djleder,

The last scan I done with MBAM didn't help me with this vbs:exedropper-gen[trj] and win32:ramnit-b problem

Hijack This was more helpful and showed me the entries in my HKLM\..\Winlogon\Userinit & All Users\Startup

Code: [Select]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon:
C:\WINDOWS\system32\userinit.exe,C:\Program Files\wskbplkv\fyynaotm.exe

C:\Documents and Settings\Ornette\Start Menu\fyynaotm.exe

To be honest I have been faffing around for two days with this, so you will forgive me if I appear to be ahead of myself.



Djleder

  • Guest
Re: VBS:ExeDropper-gen, please help!
« Reply #13 on: April 19, 2011, 05:48:06 PM »
Excellent! Is the problem still there or is it all fixed? ;D

StefanR

  • Guest
Re: VBS:ExeDropper-gen, please help!
« Reply #14 on: April 19, 2011, 05:54:03 PM »
Okay so I have attached two MBAM logs, and also an OTS log from the latest scans I have performed.
I'll get DDS onto my infected computer and do that now.
I have also installed the latest version of avast which appears to be running okay.
Thanks again!