For the last few days, on my nightly scan, I’ve been getting the following 3 messages:
File “Process 3776, memory block 0x01220000, block size
1310720” is infected by “JS:ScriptSH-inf [trj]” virus.
“Scan Drives C: and F:” task used
Version of current VPS file is 090512-0, 05/12/2009
File “Process 3776, memory block 0x055A0000, block size
1310720” is infected by “JS:ScriptSH-inf [trj]” virus.
“Scan Drives C: and F:” task used
Version of current VPS file is 090512-0, 05/12/2009
File “Process 3776, memory block 0x00E20000, block size
1310720” is infected by “JS:ScriptSH-inf [trj]” virus.
“Scan Drives C: and F:” task used
Version of current VPS file is 090512-0, 05/12/2009
Can anyone tell me why Avast is not getting rid of it and how I can get rid of it?
This is similar to the warning I have been receiving after yesterday’s update of my Spyware Terminator/ClamAV. An Avast! trojan horse warning on the same script item, “JS:ScriptSH-inf[trj]” keeps occurring on my machine at start-up. Avast! seems to be seeing this script item after ClamAV’s 5/12/09 update. I and another poster mentioned it (he had a problem with Avast! seeing the script in ClamWin) .
I’m no software guru, but I am a reasonably good guesser. My take is that Spybot, ClamAV and ClamWin have updated their signature files with a (perhaps non-encrypted) signature of this script/trojan. Avast! now seems to be seeing this signature and warning of an infection.
Oddly, while my Avast! warning pop-up says my computer is infected with a trojan horse, the warning band at the bottom of the screen on start-up says that the file spotted has a “sample of JS:ScriptSH-inf[trj]”.