Infection: Win32:VBCrypt-AGT [Trj] and Infection: ?

Hello!

We are using Avast Endpoint Protection SUITE PLUS and once at week we scan our computers. {All harddisks, Operating memory of the computer, Auto-Start Programs (All Users)}
Almost in every scan we get some computers with something like this:

  • \{computer name}*PROCESS\1bf8\firefox.exe\22810000\13d000 Infection: Win32:VBCrypt-AGT [Trj]
  • \{computer name}*PROCESS\1164\excel.exe\eced000\1c6000 Infection: Win32:VBCrypt-AGT [Trj]
  • \{computer name}*PROCESS\a0c\winword.exe\b800000\ff000 Infection: Win32:VBCrypt-AGT [Trj]
  • \{computer name}*PROCESS\1d00\acrord32.exe\a70000\ff000 Infection: Win32:VBCrypt-AGT [Trj]
  • \{ComputerName}*PROCESS\820\explorer.exe\730000\ff000 Infection: ?

And more similar… On next scan there is not any infection {on same computer}, even boot scan not found anything…
Question is should I be worry about it and is there any suggestions?

Upload and check file(s) here >> www.virustotal.com
If you see file as scanned before, click rescan for a fresh result

Hello! Thanks for quick answer!

Where is no files… Nothing in virus chest…

\\{computer name}\*[b]PROCESS[/b]\1bf8\firefox.exe\22810000\13d000
have you changed default scan settings? ... and selected scan memory?

This may give some weird scan results, it used to be an issue with home versions, dont know about endpoint

Yes, as I wrote before where is set to scan “Operating memory of the computer”.

Artus, were you able to get to the bottom of this? I’ve been dealing with the same thing for several months…

Thanks.

I’m getting the same problem on a fairly regular basis. The infected file is always swift-ddmmyyy[nnnn].ace

I’d really like to get to the bottom of this, too.

Cheers

Do you use endpoint / business program? This is the business forum section

If you are a home user, start a topic in Viruses and Worms forum section

attach a screenshot of avast message, we need to see all info avast give