My Avast say "A threat has been detected"

Whenever I start my computer, Avast opens a red and says “A threat has been detected” and shows this:
URL: http://copertps.com/k/
evil
C :confused: System32/wscript.exe

I’ve tried cleaning with CCleaner and install Malwarebytes Anti-Malware as a solution, but Avast blocks them and they do not open, because even with the full scan does not detect the malware, what do I do? I need to send a technician to clean my PC, I really want to fix this without sending a technician,

Post in english. :wink:

Or use none english forum zone http://forum.avast.com/index.php?board=21.0

start a new topic in the virus and worms forum section, follow guide and attach the requested logs

http://forum.avast.com/index.php?topic=53253.0

AdwCleaner
Malwarebytes
OTL
aswMBR

when done the removal experts will be notified and help you

He’s not infected Pondus. Just click on it. Avast blocks the URL.

it is not normal to happen everytime you turn on your comp…
seems like something try to phone home

Well his English is poor so maybe he means every time he clicks on that page. Not sure I could be wrong. But your right. Something could be calling home.

I think it is quite obvious that there is definitely something on the OP’s system that is calling home and the OP should follow the instructions that Pondus has laid out in reply 2.

You only have to look at the avast alert information to see that the OP isn’t clicking on that website. The process responsible for trying to connect to a malicious site is c:/ System32/wscript.exe and that is highly unusual/suspicious.

So the OP should do as suggested in Reply #2.

C :/ System32/[b]wscript.exe[/b]

http://www.file.net/process/wscript.exe.html

Some malware camouflages itself as wscript.exe, particularly when located in the c:\windows or c:\windows\system32 folder. Therefore, you should check the wscript.exe process on your PC to see if it is a threat.

Threatexpert.
http://www.threatexpert.com/files/wscript.exe.html

He is infected, it is a java script which probably came from a USB stick

Please attach the OTL log

Yes, I think the virus was passed on to my computer by a digital camera from a friend of mine … but as this retreat Malware from my computer? For the winscript.exe is a trustworthy file from Windows, but it is infected, how to remove this malware?

Follow the instructions in reply2 by Pondus and attach the logs back here in this thread for one of the malware specialists to help you ( essexboy probably since he has now noticed this thread :slight_smile: ).

but it is infected, how to remove this malware?
adjunte los registros solicitados en respuesta # 2 anexar os registros solicitados na resposta n #2

But the problem is that I think Avast is preventing you from installing these programs …

have you tried?
all of them?

Well thousands before you have been able to download/run these tools, if you are experiencing a problem downloading and running these then post the error/alert that you are receiving.

Yes, all of them, I turn off the computer and turn on again, then the programs work correctly, but after a few minutes, appears “The threat has been detected”, and there’s more to use porgramas, they close themselves … and always when I go off is as if open programs, but as they were invisible. Would solve the problem if I did a system restore to another date?

https://fbcdn-sphotos-a-a.akamaihd.net/hphotos-ak-prn1/s480x480/551318_362655180502068_819009872_n.jpg

Hi what operating system do you have ? I.e. XP, Vista, 7 or 8

Vista 7

OK we will need to temporarily delete the wscript file

Go to C:\Windows\system32

Right click Wscript.exe
Select Properties
Select Security Tab
Select Advanced
Select Owner
Select Edit
Select your account
Click Apply
OK the warning
Click OK
Then delete the file

https://dl.dropbox.com/u/73555776/wscript%20ownership.JPG

Once done reboot the computer, you may well get some warnings at the start, ignore them

Then

Download OTL to your Desktop
Secondary link

[*]Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

https://dl.dropbox.com/u/73555776/OTL_Main_Tutorial.gif

[*]Select All Users
[*]Under the Custom Scan box paste this in

netsvcs
BASESERVICES
%SYSTEMDRIVE%*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
winsock.*
/md5stop
CREATERESTOREPOINT

[*]Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
[*]When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
[*]Post both logs