Has anyone had Avast find a Trojen called <Win32:VBCrypt-AFM(trj) ?.
Yes, usually I have this signature for Zbot samples.
How new is this one?.
well here is AZG variant…first seen at VT 6months ago, so AFM variant should be older
https://www.virustotal.com/file/68831dee13f5c6505de29ce0d0ec904ab93fc01188654c03b5ac8079e0f1c932/analysis/
: Then the fact that this has been around and is a varient tells me it’s possible
it is a current infection . Despite showing up as blocked,
is a reinstall of the operating system the best solution for this Trojen-Horse?.
is a reinstall of the operating system the best solution for this Trojen-Horse?.dont think so....but lets here what the malware experts have to say first ;)
follow this guide and attach the logs…not copy and paste http://forum.avast.com/index.php?topic=53253.0
AdwCleaner
Malwarebytes
OTL
aswMBR
when done the malware removers will be notified, it may take hours before one arrive so be patient
Info on your malware…Microsoft call it Dorkbot
http://www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Win32%2FDorkbot
Win32/Dorkbot is a family of IRC-based worms that spreads via removable drives, instant messaging programs, and social networks. Variants of Win32/Dorkbot may capture user names and passwords by monitoring network communication, and may block websites that are related to security updates. It may also launch a limited denial of service (DoS) attack.
Recomended program to use alongside avast. MCShield special protection for removable drives http://amf.mycity.rs/mcshield/
Thanks Pondus , I’ll take heed your suggestions,
commentary , no reinstall for now and I will learn, watch
and spell variants in the future with diligence.