Bha.dll.vbs

avast cant detect this virus,
did anyone know how 2 remove these threat

Note:
-This worm is located in C:%WINDIR%\ copies itself to all removeable and shared drives as \Bha.dll.vbs and creates the file \autorun.inf. The file \autorun.inf can be safely removed
-nternet Explorer title bar shown this “Hacked by Pokemon”

Welcome to avast forums.
Sorry for your experience.

General removal procedure include:

  1. Enable/Disable System restore on Windows ME or Windows XP. System Restore cannot be disabled on Windows 9x and it’s not available in Windows 2k.

  2. Clean your temporary files. You can use the Windows Advanced Care or CCleaner features for that.

  3. It will be good if you download, install, update and run other trojan remover tools: a-squared and/or Free AVG Antispyware (trojan removers). Some users recommend SUPERantispyware or Spyware Terminator.

About the leak detection, how do you know it is an infection or not? To know if a file is a false positive, please submit it to JOTTI or VirusTotal and let us know the result. If it is indeed a false positive, send it in a password protected zip to virus@avast.com. Thanks.

Beside what Tech has suggested, sending a sample to avast for analysis will help detections.

Also see this, http://www.bleepingcomputer.com/forums/lofiversion/index.php/t82493.html

You could add the file to the User Files (File, Add) section of the avast chest where it can do no harm and send it from there (select the file, right click, email to Alwil Software). No need to zip and PW protect when the sample is sent from chest.

Or send the sample to virus@avast.com zipped and password protected with password in email body and false positive/undetected malware in the subject.

You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner I feel virustotal is the better option as it uses the windows version of avast (more packers supported) and there are currently 30 different scanners. Post the results here.
Or Jotti - Multi engine on-line virus scanner if any other scanners here detect them it is less likely to be a false positive. Whichever scanner you use, you can’t do this with the file in the chest, you will need to move it out.

This will possibly be detected by other AV, these malware names can be googled to provide mor information.

thx for ur quick reply
i`ll sending a sample to avast for analysis

No problem, welcome to the forums.

You can periodically scan the file in the user files section of the chest and see when it is added to the VPS update.