VBS:Agent-CM [Trj]

Hi all , im a newbie so go easy ;D

Been having a few probs recently, sites loading very slowly or not at all etc. I run my avast maybe once a week, at worst every 2 weeks and its bang up to date. I also use superantispyware ,malawarebytes,advanced systemcare, and eusing registry cleaner. All work fine, no probs BUT my avast the last 2 weeks keeps popping up a virus alert (VBS:Agent-CM [Trj]) and it wont let me remove it, or place it in the chest. Ive done a scan before it boots up also and that hasnt helped.

Any advice would be greatly appreciated.

Cheers in advance

Stu

I suggest:

  1. Clean your temporary files.
  2. Schedule a boot time scanning with avast with archive scanning turned on. If avast does not detect it, you can try DrWeb CureIT! instead.
  3. Use MBAM (or SUPERantispyware or even Spyware Terminator) to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete them.
  4. Test your machine with anti-rootkit applications. I suggest avast! antirootkit or Trend Micro RootkitBuster.
  5. Make a HijackThis log to post here or this analysis site. Or even submit the RunScanner log to to on-line analysis.
  6. Clean your Hosts file (replacing it) with HostsMan tool.
  7. Disable System Restore and then reenable it again.
  8. Immunize your system with SpywareBlaster.
  9. Check if you have insecure applications with Secunia Software Inspector.

dont no if this is any help http://forum.avast.com/index.php?topic=47046.0

C:\Windows\Installer\bd6c50.msi\Binary.vista.vbs

Thats what shows when I do the scan. Nothing else finds it, just avast.

Half of what you just said tech I dont understand ::slight_smile:

So you are saying that you did a boot-time scan but it didn’t find that file ?

You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here the URL in the Address bar of the VT results page. You can’t do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.

Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect. Now exclude that folder in the Standard Shield, Customize, Advanced, Add, type (or copy and paste) C:\Suspect* That will stop the standard shield scanning any file you put in that folder. You should now be able to export any file in the chest to this folder and upload it to VirusTotal without avast alerting.

So did you do that (step 5. in Tech’s post) and if so you should post a link to the results.

I believe the reason avast can’t deal with it is because it is inside an .msi file (bd6c50.msi) and extracting it could corrupt the file. Since it is inside this file bd6c50.msi you personally can’t extract it either, so you would have to upload the bd6c50.msi to VirusTotal (VT). There is a 10MB upload limit at VT, so what is the size of the bd6c50.msi file ?

A google search for bd6c50.msi returns one hit, this topic so that in my eyes is suspect if this was a MicroSoft Installation file I would expect more hits.

I cant get it into the chest though David. It shows up on the avast scan as [u]C:\Windows\Installer\bd6c50.msi\Binary.vista.vbs[/u]

All it allows me to do is just continue. ve no idea how to locate the file to upload it to that Virus Total site as I dont know where it is ? It doesnt show in searches or anything

Im currently running a deep scan on spyware terminator ,as I ran quick scans and it cleared cookies, and a few tracking cookies etc etc but no sign of the trojan .

The deep scan is currently at 62% and shows one found , reading as [u]Trojan.Generic.1442455 : C\Program Files\DNA\btdna.exe[/u]

Dont know if thats the same 1 as avast finds ?

Presumably the error you get (that was what I was trying to drag out ;D) is something along the lions of unsupported archive, etc.

How to find it you can navigate using windows explorer, by following the path that avast gave, C:\ drive, Windows\ folder, Installer\ sub-folder in Windows and locate the bd6c50.msi file. That is the one to copy to the Suspect folder and upload to Virus total.

You have to first create the suspect folder and exclude it as I mentioned before to be able to upload it to VT without avast alerting/blocking the upload.

It isn’t the same file that was found by avast as the path and file name are different, personally I no fan of SpywareTerminator, the two programs before it in Tech list, MBAM and SAS I feel are much better. Now you have to do the same process for what it finds. But based on the generic malware name it give it, I don’t have a high degree of confidence in the detection.

See:

Related to BitTorrent_DNA BitTorrent DNA works with your existing CDN or origin servers, seamlessly accelerating your downloads or HTTP media streams. Note: Located in \%Program Files%\DNA\
and http://www.pcpitstop.com/libraries/process/i/btdna.exe.html.

Sorry for soundingdumb here but I used winows explorer, got through drive and folder , then there was no installer section so im stuck

The Installer sub-folder is a part of the Windows folder it is there by default, it has to be there because that is where avast found the file, see image, click to expand.

So I don’t know where you are looking.

Right heres what I do ???

Tpye windows explorer into the search box, get that open. Then click Computer folder, then click Vista (C:), then click the Windows folder , and I get around 50 folders , none titld Installer or anything remotely similair. Pease bear with me as I am pretty uselesswith this stuff as youve gathered by now :frowning:

managed to find it by typing in windows/installer , but the file in questionisnt there !

It has to be there (unless avast dealt with it and you are saying it didn’t, which I believe) or it wouldn’t be detected in that location, it may be hidden from view.

  • Ensure that you have hidden files and folders enabled and disable hide system files in Windows Explorer, Tools, Folder Options, Hidden files and folders, uncheck Hide extensions for known file types, etc. see image.