Infected with VBS: Malware (Script) allthough avast running...

I run everyday a whole system scan with avast and I find everytime this script in my documents. Why does avast not see it the time it is coming in my pc? Is it dangerous? Why do I find it everyday in my pc? Where does it come from?

I run everyday a whole system scan with avast and I find everytime this script in my documents. Why does avast not see it the time it is coming in my pc? I have the script control set to on. Is it dangerous? Why do I find it everyday in my pc? Where does it come from?

<Vlk’s note: Merged with the duplicate thread in the Viruses&Worms category.>

Where is it located (in which file)?
Is it always in the same file?
Do you have the resident scanner sensitivity set to Normal or High?

Vlk

Yesterday i set the script sensitivity to high and today I found again this script in this file: C:\Documents and Settings\dex\Local Settings\Temporary Internet Files\Content.IE5\CPIVS9U7\index[2].htm
Why doesn’t avast block it?

I looked at the script sensitivity level after I wrote the previous message and it was to custom, allthough i put it at high yesterday, is it to custom because I unchecked Mozilla and Netscape and the splash screen? If yes what is the level, high or normal?

I found again this script today in a whole system scan in this file: C:\Documents and Settings\dex\Local Settings\Temporary Internet Files\Content.IE5\2P8FYTQ5\index4[1].htm

In a whole system scan, I found again the same script (VBS: Malware (Script))in this file: C:\Documents and Settings\dex\Local Settings\Temporary Internet Files\Content.IE5\09UZCHQZ\doa2.host[1].

You can send the file to us (e.g. to support@avast.com or divis@avast.com) to see what’s really inside – it’s hard to tell from the name.

Thanks
Vlk

Any news about this script?

Again the same virus in this file: C:\Documents and Settings\dex\Local Settings\Temporary Internet Files\Content.IE5\G98P6ZO5\index[1].htm.
Could you please tell me what is happening here???

Dear Hariskar,
VBS:Malware is a generic name for a lot of different pices of malware. We are not able to tell what it really is without the infected file. Please send it to me, divis@asw.cz, or to support@asw.cz for analysis.

Download Internet Sweeper from here:- http://www.bmesite.com/ this will delete the index.dat file and the malware along with it. As with the above poster I kept getting this on every scan and because the malware file is in the index.dat file it can’t be moved to the chest or deleted by Avast, as it can’t be moved to the cheat it isnt possible to send it to Avast.

HTH,
Trev

kareld I sent you the file attached in an email. Thanks for helping!

ghj290 avast can delete the file, but after one or two days I find it again in my pc…

I have the same virus Malware problem…It appears in HTML saved page (usually index.html)…I saved it in chest and I am sending it… ::slight_smile:

Ok…I sent it ti Avast! support for check…

I found this MALWARE by surfing this site: www.kazaalite.tk

Maybe it’s a Kazaa virus… 8)

Yes, I found it in the same site, www.k-lite.tk

It doesn’t come back, it just isn’t deleted from the index file. No one, single, file can be deleted from the index file. It is one file in it’s own right and contains all your internet history and just gets bigger and bigger over time. The only way to delete any one file is to delete the whole index file, but this can’t be done using the Windows delete function, Windows will just replace the file as is. This is a known “feature” (bug) in all versions of Windows and IE. In 95/98_* ghj290 you could boot to DOS mode and delete it that way, however in WIN XP this isn’t possible and therefore the need for tools as I suggested above._

I can delete it the way you tell me, but I visit this site often (www.k-lite.tk). Do I have to delete it everytime? I wonder why avast can’t block it. And when it finds it in the scan it says that it is deleted successfuly…

I went there and the script blocker jumped up straight away warning about malware script. I told it to delete it but it still ends up in the index file when I use the on demand scanner. Would be nice to know what it is I must admit.

Trev

I am not being warned about the script… i can find it only with the on demand scanner…