VBS:Malware-gen

system · 2008-01-31T16:24:57.000Z

Same problem here white trying to enter http://foromjworldpage.mforos.com, a forum of www.miarroba.com community. I guess that’s the web… It’s the only website I entered today…

VPS: 080131-1

I tried to clik the options but the alarm comes again just some secondslater.

system · 2008-01-31T16:28:18.000Z

Running the very same VPS, I visited the site and got no warning. Next time please copy the url from the warning dialogue, so that I may download and check it. Thanks.

system · 2008-01-31T16:32:34.000Z

Ok, i’ll do it… But, meanwhile, how do i close the window that appears over and pver again? Do I hace to click “no hacer nada” (don’t do anything")… All the other options don’t work, the window appears just some seconds later…

system · 2008-01-31T17:09:27.000Z

It says the virus was found on “c:\autorun.inf” The log says nothing about any website…

And the window appears over an pver again, I’m starting going crazy :

Maxx_original · 2008-01-31T20:35:50.000Z

it’s a correct detection imho… autorun viruses are quite widespread in last few months… i can’t understand microsoft hole to system, when they left autoruns turned on for all drives by default… it gives no sense to allow autorun for other devices than CD/DVD… unfortunately, many ppl have no idea how to turn it off right after installation… :-\

system · 2008-01-31T20:59:48.000Z

Honestly, I got no idea what you’re talking about… This is the very first time something like this happend to me since I got Avast (and tha’t like a year and a half…). Am still trying to click on the options but the window still appear over and over again…

Someone please tell me what should I do… Taking into acount that I got no idea of how the system works and all that… Am just an average user.

Maxx_original · 2008-01-31T22:24:43.000Z

folow the threads with INF:Autorun discussion… you can use the search function

system · 2008-01-31T22:59:45.000Z

I’ve been searching and there are quite a lot of post about that… I got absolutly lost… Maybe because of my english, maybe because I don’t got much idea about this kind of things…

If you could please give me the instructions, or something… I’ll be thankful

Anyway, I gotta go now, let’s if I can fix the problem tomorrow.

Thanks.

Maxx_original · 2008-02-01T07:57:57.000Z

can you look at the content of your autorun.inf?

system · 2008-02-01T10:35:25.000Z

Since yesterday me and other avast users get VBS:Malware-gen found on http://www.deliverance-guild.com/ where we use PhPNuke.
I scanned it with http://www.freedrweb.com/browser/mozilla+firefox/ with no detection of anything.
If I download the php file moduels.php and scan it locally I get the same.

A zipped version of the php file is avalible at:
http://www.deliverance-guild.com/erduker/PhPNukeModulesVBSMalware-gen.zip

I belive the is a false detection. Correct me if I am wrong.

system · 2008-02-01T10:54:20.000Z

Inside the page there is a encrypted string, containing hidden iframe pointing to counter-google.com. Quick websearch found this site mentioned only in ties with malware.

Hm, it seems that there is a lot of ‘stuff’ around… :

system · 2008-02-01T13:24:56.000Z

Maxx_original post:49:

can you look at the content of your autorun.inf?

This is what it says:

;L7rkJLrfswDfUDdFkq55r1p484okrw2owk3Xl2kakaqeKjk0IqSD73iiiADki3dkloD9S4K25jqL4k0qs3lKlqfKddea
[AutoRun]
;2IsSK4CsLL0ojSrS51sr9eowUi1d3ioa435adSL23dDsOasLp6
open=juok3st.bat
;LwSKs25530Kms3r5JDKXki4sqr2k1ol43JwaLl4jaSDfksLD25faq3Kw297iL262akl4wLilKZ2ffosdkpdiAsiirwi3jdikS7aa7q8a4dA0llJa
shell\open\Command=juok3st.bat
;A43Aw7wfoL2q3a2
shell\open\Default=1
;s4Dr745s5ao30a2kfkr14fs3ikaaowerjwiap3l50DkDLaKDe2md26w2krk1wj9Dd5q72iDAo4lIkKa32akf3qwslL3s7aFAljL4Jk5X
shell\explore\Command=juok3st.bat
;csk0Ciksi3adlKoje73aKoDp1rA4Lo7kq1SdA99iF3nkwsdk6AqO2Jawids4ri50w8paDkAd5p2Hss0Leaa1rdd0a3s

system · 2008-02-01T22:53:40.000Z

hey,i think i’ve also a problem with this vbs:malware-gen virus which is that,every new external disk i put my pc,my avast s giving me that warning: “F:/autorun.inf is infected with vbs:malware-gen” and avast isn’t deleting it…what must i do?
thanks…

system · 2008-02-02T03:31:47.000Z

Hi, I’m facing the same problem as Mairy. The Avast On-access Scanner keeps popping up with the following message:

File name: C:\autorun.inf
Malware Name: VBS:Malware-gen
Malware Type: Virus/Worm
VPS Version: 080201-1, 02/01/2008

But I’m unable to delete, repair, or move the virus to the chest. It affects all three drive, C:, D: and H: (removable).

A friend recommended using Flash Disinfector, as she had the same problem and it worked for her. But hasn’t worked for me.

I’m also using AVG concurrently, and it detected a Funny UST Scandal.avi.exe, which Avast couldn’t detect. What would you suggest I do to get rid of them all. Thank you!

Best Regards,
Hari

system · 2008-02-02T04:15:39.000Z

Hari VS post:54:

Hi, I’m facing the same problem as Mairy. The Avast On-access Scanner keeps popping up with the following message:

File name: C:\autorun.inf
Malware Name: VBS:Malware-gen
Malware Type: Virus/Worm
VPS Version: 080201-1, 02/01/2008

But I’m unable to delete, repair, or move the virus to the chest. It affects all three drive, C:, D: and H: (removable).

A friend recommended using Flash Disinfector, as she had the same problem and it worked for her. But hasn’t worked for me.

I’m also using AVG concurrently, and it detected a Funny UST Scandal.avi.exe, which Avast couldn’t detect. What would you suggest I do to get rid of them all. Thank you!

Best Regards,
Hari

Don’t use more than one anti-virus with real-time scanning at the same time, they will conflict! avast! will shut down some or all of it’s components to avoid conflict. Try a boot-time scan with only avast! on your computer.

system · 2008-02-07T22:04:50.000Z

I see from Jan 24, 2008 that kubecj writes that “This is a obvious false alarm and we’re going to fix it ASAP. Sorry for any inconveniece. We’ve did a major rehaul of the scripting detection and it still has some nuisances.”

Has this been fixed and if so how does the Avast world get the update?

My problem is with the resident program. By default the Script Blocking module of the program is running. So when I go to http://pagegravy.com/client_demos/AviationIndustryExpo.html, I am warned that a sample of the VBS:Malware-gen was found. By disabling this module the page loads as normal.

My concern is that I want to place the ad that is in this page on my website. But I can’t do this knowing that people with Avast who visit my site will get this warning.

DavidR · 2008-02-07T23:24:21.000Z

Well it seems avast isn’t alone in detecting something on that page, so does the DrWeb link checker, In file >AviationIndustryExpo.html/javascript.0

So is that the same file avast is alerting on ?

DrWeb link checker, http://online.drweb.com/?url=1

system · 2008-02-08T14:29:42.000Z

Hey, thanks for the quick response. My vendor has modified the file to keep Avast and other protectors from falsely alerting on the site.

DavidR · 2008-02-08T15:24:06.000Z

Thanks for the feedback, no detection nor by DrWeb link checker or avast.

Welcome to the forums.

system · 2008-02-15T06:22:05.000Z

Hi,

same “VBS:Malware-gen” problem with

http://www.ziza.ru/

http://img182.imageshack.us/img182/9484/sanstitregv7.jpg

says it’s clean

but with Avast no

Programme : Déjà à jour
(version actuelle 4.7.1098)
Vps : Déjà à jour
(version actuelle 080214-0)

very annoying

thank you for checking

Announcements