vbs malware (scipt) VIRUS

[caz2-k]

avast found three infected files in the C\\Windows/system/folder.htt . I deleted two of the files and moved one to the virus chest. Is there anything more I can do? I think this may have come in on some free software as i have been downloading quite a few recently.

[raman]

It could be a Variant of VBS.Redlof. If you want more infos, check the file you put in the Chest by using this link:  http://www.kaspersky.com/remoteviruschk.html

[caz2-k]

thanks raman I'll check this out....

[gilat]

I had the same warning about one file in the folder.htt, and it look like a false alarm to me. I asked to delete the virus anyway, but now I cannot find any clue to it's presence in any of the program's logs. Where it suppose to be document? And if it is a real virus or malicious code - what it's suppose to do exactly?

I'm working with win2000.

[raman]

Normaly i like saying everything is a false alarm but this time i think it is not.  vbs.redlof does modify htt files. http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=VBS_REDLOF.A

But like i said you can test that.

BTW:  This little tool is able to simply enable or disable the scripting host(vbs), by modify the registry: http://www.symantec.com/avcenter/noscript.exe

[gilat]

I said that because it appeared just like that, after in complete scanning the antivirus found nothing, and because I use win2000 which don't have windows\system as system folder, and because I use a personal firewall and two (free) antivirus, and I never found virus in my computer before, and because that so called virus didn't had a real name or description, and I still don't understand why cannot I find the appearance of that virus (or script) in the avast log (where I have to look??).  I usually very careful so I insist upon checking it.

I didn't find in my registry any of the keys that mentioned in the page you linked, and anyway, that virus is from 4.2002! it'll be a real insult to me to catch it now.. of course my system have all the security and critical patches.

..and thanks for the quick answer!

[raman]

You could use the one you put to the chest. It is located in Program files\alwillsoftware\avast4\data\chest(?) you could test the file by using the link i mentioned and/or send the file to support@asw.cz.

[gilat]

..but as I already said, I deleted the "virus" - I expected to find the event in the log anyway - but couldn't .

[Cochise]

I find this very strange too because last night I ran a thorough scan and found the exact same virus on my pc. Avast did not move it to the chest and deleted the file. The log said there was an error in moving it. Usually I have just run a standard scan and nothing has ever shown up before.

I had Mcafee Ver 7.0 (just un-installed it a few days ago)prior to Avast and had done thorough scans before with Heuristic scanning and nothing has ever shown up before. Mcafee also has a script blocker, Mcafee Firewall and Hawk mail alert and still nothing ever showed up before. Another point is that no one has ever  e-mailed me saying that I sent them infected mail.

I have not found anything on this Virus because there was no name given. I was wondering if this could be some sort of Spyware due to the fact that my pc has always run fine and it has never detected anything prior to installing Avast.

I also would like to know what this unknown virus is and if it is completly gone since Avast deleted it.

[raman]

It seems that we need somebody who is able to send such a file to support@asw.cz!?

[Glouck]

Hi.
I have the same problem : 4 files infected with VBS Malware.
I just mailed with the files joined.
I hope that it will help others ( and me ... ).
Glouck

[raman]

 Thanks and i think Pavel made an answer to that here

[Glouck]

So it appears to de a false alarm ; i take a breath....
Thanks
Glouck

[gilat]

Now I got a virus alarm on driver I downloaded from driverguide.com, it's very importent for me to know if this antivirus give false alarm frequency. I recommend it for other people and with all the noise maybe it's not recommended for weak heart.. how can I check it?
I redownloaded the same driver and check it with AVG that found no virus. the I scanned it with AVAST that find: Win32:Trojan-gen. {Other}
here is the link to the driver:
http://www2.driverguide.com/uploads/uploads16/29793.html

[raman]

This time it is not a Winrar-sfx, it is a winace-sfx!
Possibly(95%) false alarm. If you want, you can use winrar to unpack it.