Warning coming up every 5 minutes--- VBS:Small AY in outgoing message...

I’m a new AVAST user and not very technically savvy. Since I installed AVAST (Home edition) earlier this month a warning has come up about every 5 minutes. It says:

Sign of “VBS:Small AY” has been found in "Outgoing email ‘Personal Information Error’ From: "Service@Paypal.com"service@paypal.com, To: "file.

I have been choosing the Abort Connection, but the warning comes up again in about 5 minutes. I also did a boot-time scan (nothing found), but the warning continues to come up.

What does this mean and how do I fix it?

Thank you.

VBS:Small AY

This VBScript file is usually imbedded into HTML file and uploaded into remote sites.

Once a webpage is accessed that has this script, it downloads a malicious Trojan Spyware file from this site.

* http://www.{BLOCKED}.com/bbs/dsgdfhr.exe

It uses the following vulnerability.

* http://www.microsoft.com/technet/security/Bulletin/MS06-014.mspx

now how do you fix it
I Don’t know never heard of this one edit actually I had but not under that name, and not for awhile

It seems all Av’s target it

I’d start by downloading, MAlware Bytes Anti Malware, (free) bypass the please buy screen) or go to the download page not the “product” page install, update scan
check any hits and then
click REMOVE CHECKED- not to worry a backup will be made

I’d also download update and scan with Super Anti Spyware send any hits to quarantine

post the logs
If you have spybot search and destroy installed turn off t-timer for awhile
do you happen to have Windows Defender installed

do you use firefox ? you might want to install the NOSCRIPT plug in for awhile

also Tuesday was monthly patch day
go to SECUNIA
and download and run Secunia Software Inspector

Thank you for your response. Could you post a link to site(s) where I can download the programs you referred to?
Thanks again

google is your friend :slight_smile: but there are a lot of look alike scams out there so it’s ok to ask

  1. Disable System Restore and then reenable it again.

  2. Clean your temporary files. Use ATF cleaner or Ccleaner- but post up any relevant AV logs first

  3. Schedule a boot time scanning with avast with archive scanning turned on.
    rt click on the ball and update>programs
    then open avast and schedule boot time scan- reboot and send any hits to chest, do not remove/delete
    did you quarantine or send to chest any previous AV scans? what was there (ignore cookies)

you can try DrWeb CureIT!
http://www.freedrweb.com/cureit/

  1. Use SUPERantispyware,
    http://www.superantispyware.com/
    update quarantine post logs

MBAM
http://malwarebytes.org/mbam.php
put a check mark next to any baddies and the click REMOVE CHECKED- a backup will be made

secunia.com/vulnerability_scanning/online/


Sometimes, we forget that those we are trying to help do not always understand without the little details we become use to doing automatically.

1. Disable System Restore and then reenable it again.

Should this not be …

1. Disable System Restore, reboot the computer, and then reenable it again.

Please correct me if I am wrong. :slight_smile:


There isn’t any need to reboot in XP. Turning system restore off will remove all restore points. This should be done after the machine is clean.

Actually I agree with oldman
I had copied the instructions from another thread as I was late for dinner
actually a link to Disable/ Restore instructions such as those at Major Geeks would help

Select Start > All Programs > Accessories > System tools > System Restore.
On the dialogue box that appears select Create a Restore Point
Click NEXT
Enter a name e.g. Clean
Click CREATE

You now have a clean restore point, to get rid of the bad ones:

Select Start > All Programs > Accessories > System tools > Disk Cleanup.
In the Drop down box that appears select your main drive e.g. C
Click OK
The System will do some calculation and the display a dialogue box with TABS
Select the More Options Tab.
At the bottom will be a system restore box with a CLEANUP button click this
Accept the Warning and select OK again, the program will close and you are done

This will remove all old restore posts except the last one created, which if done after the machine was cleaned, will be an uninfected one.


Thanks oldman & wyrmrider … I asked because I wanted to be sure. :slight_smile:


You’re welcome CharleyO. Not 100% certain, but I believe the turn off, boot, turn on, is a throw back to ME. Haven’t upgraded this one to ME yet, so can’t test the theory. ::slight_smile: