Infected with Malware Win32: Vibpack (Wrm)

Hi, When I run Ad-aware I get a message from my Avast Antivirus telling me I have “Malware Win32: Vibpack (Wrm)”. It tells me to “Move to Chest” (quarantine), but no sooner I do this then another one pops up. I can’t stop them without cancelling Ad-aware. When I do a complete scan using Avast, it does not pick them up.
I have also run S&D and Hijackthis, but I cannot see anything untoward.
Any ideas?
Thanks for your time.
Mike.

It can be a false positive in a temporary ad-aware file.
Please let us know what exact file (and its location) is detected as being infected.

Submit the file to Jotti and let us know the results, i.e., if it is or not a false positive. :slight_smile:

Hi, This is the file name as provided by Avast warning:
name: Setup.exe C:\Documents and Settings\MikeHughes\LocalSettings\Temp\AAWTMP\C5057782.
I hope this helps.
Mike.

It seems like a conflict between Ad-aware and avast! to me - Adaware extracts or opens a file and avast! detects the file at the moment. I don’t know, however, whether the detected file is internal Adaware data file or some file found on your disk.
I’d suggest to temporarily stop avast! Standard Shield before running Ad-aware.

I tried disabling Avast then running Ad-aware, and it ran OK, with no viruses detected. I then re-enabled Avast, ran Ad-aware again and I still have the same problem.

Well, maybe it’s just a file that Adaware temporarily extracts into TEMP folder when it starts a scan (a file containing unencrypted malware signatures?)

Hi, any idea where I go from here to try and get rid of it?
Cheers.
Mike.

Already contact the people from ad-aware?
It seem that ad-aware creates a temp file which causes Avast to detect it.
As Igor said, this is likely the case.
So it is not likely a fault by avast, but by ad-aware.

ps: You still havent told us the exaxt file, only thing you did was telling us a folder

Hi, I have been in touch with Ad-aware and was told:
During a scan, Ad-Aware will temporarily decompress files to scan their contents without activating the content, but in doing so, the file is noticed by the antivirus’ resident scanner. Also, some antivirus applications include an option to quarantine infected files, and when Ad-Aware decompresses these quarantined files, the antivirus background scanner detects the virus moving outside the quarantine area.
So I don’t think there is anything to worry about.
Thanks for your help.
Mike.

Indeed, there is nothing to worry about since it is very clear that it is a temporary ad-aware file where the malware is detected. But still (and this is just my opinion) I think that ad-aware should change the way their application scans to prevent false positives like this.

Hi Eddy,

Sometimes the one scanner scans the things the other has taken off, so you think that it has come back. This with adware too.
By the way your log analyzer is a super tool,

greets,

polonus