I recently purchased new computer - XP Home with SP3 - and after installing Avast! I didn’t initially run a scan, thinking there would be nothing for it to find. 2 days later after running all M/S updates, installing various software, and previously tested back-up files, I ran a boot time scan and it found “VBS:Malaware-gen” in C:\WINDOWS\system32\wbem. I moved it to the virus chest and nothing seemed to be amiss.
A week later SUPERAntiSpyware found:
Trojan.Agent/Gen-TempZ
C:\DOCUMENTS AND SETTINGS\PC-USER\APPLICATION DATA\LINK\WSUS VIEWER.EXE
C:\DOCUMENTS AND SETTINGS\PC-USER\APPLICATION DATA\LINK\WSUS2.EXE
And today:
Trojan.Agent/Gen-TempZ
C:\SYSTEM VOLUME INFORMATION_RESTORE{78351CDB-58DC-4C0B-8FFD-C2864B47CF41}\RP63\A0004972.EXE
C:\SYSTEM VOLUME INFORMATION_RESTORE{78351CDB-58DC-4C0B-8FFD-C2864B47CF41}\RP63\A0004973.EXE
In both cases I allowed it to quarantine them.
I’ve just uploaded the VBS file to Virus Total, and got this result:
File .txt received on 02.08.2009 08:10:51 (CET)
Current status: finished
Result: 30/39 (76.92%)
Compact Compact
Print results Print results
Antivirus Version Last Update Result
a-squared 4.0.0.93 2009.02.08 VBS.Autorun!IK
AhnLab-V3 5.0.0.2 2009.02.07 VBS/Solow.B
AntiVir 7.9.0.76 2009.02.07 VBS/Autorun.VF
Authentium 5.1.0.4 2009.02.07 VBS/Agent.F
Avast 4.8.1335.0 2009.02.07 VBS:Malware-gen
AVG 8.0.0.229 2009.02.07 VBS/Worm.Y
BitDefender 7.2 2009.02.08 Worm.VBS.Autorun.D
CAT-QuickHeal 10.00 2009.02.07 -
ClamAV 0.94.1 2009.02.08 Worm.VBS.Autorun-2
Comodo 969 2009.02.07 Worm.VBS.Autorun.r
DrWeb 4.44.0.09170 2009.02.08 VBS.Autoruner.16
eSafe 7.0.17.0 2009.02.05 -
eTrust-Vet 31.6.6346 2009.02.07 VBS/RaiderVIII.D
F-Prot 4.4.4.56 2009.02.07 -
F-Secure 8.0.14470.0 2009.02.08 Worm.VBS.Autorun.r
Fortinet 3.117.0.0 2009.02.08 VBS/AutoRun.R!worm
GData 19 2009.02.08 Worm.VBS.Autorun.D
Ikarus T3.1.1.45.0 2009.02.08 VBS.Autorun
K7AntiVirus 7.10.623 2009.02.07 -
Kaspersky 7.0.0.125 2009.02.08 Worm.VBS.Autorun.r
McAfee 5518 2009.02.07 W32/Autorun.worm.cg
McAfee+Artemis 5518 2009.02.06 W32/Autorun.worm.cg
Microsoft 1.4306 2009.02.08 Worm:VBS/Autorun.U
NOD32 3836 2009.02.07 -
Norman 6.00.02 2009.02.06 VBS/Autorun.W
nProtect 2009.1.8.0 2009.02.08 Worm.VBS.Autorun.D
Panda 9.5.1.2 2009.02.07 VBS/Autorun.UK.worm
PCTools 4.4.2.0 2009.02.07 -
Prevx1 V2 2009.02.08 Malicious Software
Rising 21.15.50.00 2009.02.07 Trojan.Script.VBS.Agent.ap
SecureWeb-Gateway 6.7.6 2009.02.08 Script.Autorun.VF
Sophos 4.38.0 2009.02.08 VBS/Autorun-EC
Sunbelt 3.2.1847.2 2009.02.07 -
Symantec 10 2009.02.08 VBS.Runauto
TheHacker 6.3.1.5.249 2009.02.08 -
TrendMicro 8.700.0.1004 2009.02.06 VBS_AGENT.AMAF
VBA32 3.12.8.12 2009.02.08 -
ViRobot 2009.2.6.1594 2009.02.06 VBS.Autorun.18217
VirusBuster 4.5.11.0 2009.02.07 Trojan.JS.AutoRun.AYS
Additional information
File size: 18217 bytes
MD5…: 64ea1c0e8f653984f0fde25b77f8494f
SHA1…: 22a82d291900a0071b9ebd7c729078fa5f7d55d6
SHA256: f6b58e00b7a3e40d0ead2dcdfaa0f7f77621462e5b64db377f992629f18ca794
SHA512: 5696136b8d73e3cd2f8c68df0d4079ebb48bdb92c1a71f075f8aef0d43e7cced
8c441ad3b0890247f29dc3a474838348f27f9cb1fa772aafb355b2ec8bf2d533
ssdeep: 192:xW6gaX8uviwXkuvFGsWJ5JcTBxbKDIViOGefqWzDr1AY+xplhPUjpg/mJwJh
XDEm:xWbuqwXkuvFSJ5JcTBJX8Mjp8Xc6Xes
PEiD…: -
TrID…: File type identification
MSX2 ROM Image (100.0%)
PEInfo: -
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=64EA1C0E298F6539478400F0FDE25B0077F8494F
CWSandbox info: http://research.sunbelt-software.com/partnerresource
Spybot & Malwarebytes haven’t found anything, so could I have some advice please?