Win-32 Trojan-gen {other} and VBS Malware [script] on my pc - help please

???

I ran a routine scan of my computer using Avast! Anti Virus Home Edition.

It found the following viruses:

31/07/2007 3:02:37 PM SYSTEM 1412 An error has occured while attempting to update. Please check the logs.
31/07/2007 10:52:15 AM Kovi 2696 Sign of “Win32:Trojan-gen. {Other}” has been found in “C:\System Volume Information_restore{BB621F43-CA7A-4C9A-AB76-1D6268F3831D}\RP76\A0014560.sys” file.
29/07/2007 3:50:39 PM Kovi 2608 Sign of “Win32:Trojan-gen. {Other}” has been found in “C:\System Volume Information_restore{BB621F43-CA7A-4C9A-AB76-1D6268F3831D}\RP50\A0010633.pif” file.
29/07/2007 3:25:02 PM Kovi 2608 Sign of “Win32:Trojan-gen. {Other}” has been found in “C:\Documents and Settings\Dassy\Local Settings\Application Data\Mozilla\Firefox\Profiles\iumqtkw3.default\Cache\67EAED24d01” file.
29/07/2007 3:17:00 PM SYSTEM 1592 Sign of “VBS:Malware [Script]” has been found in “C:\Documents and Settings\Kovi\Local Settings\Application Data\Mozilla\Firefox\Profiles\wpb7eojc.default\Cache\3D12C9F9d01” file.
29/07/2007 3:16:52 PM SYSTEM 1592 Sign of “VBS:Malware [Script]” has been found in “C:\Documents and Settings\Kovi\Local Settings\Application Data\Mozilla\Firefox\Profiles\wpb7eojc.default\Cache\3D12C9F9d01” file.
29/07/2007 3:13:51 PM SYSTEM 1592 Sign of “VBS:Malware [Script]” has been found in “C:\Documents and Settings\Kovi\Local Settings\Temporary Internet Files\Content.IE5\EJYBGLSJ\proddetail[1].htm” file.
29/07/2007 3:12:16 PM SYSTEM 1592 Sign of “VBS:Malware [Script]” has been found in “C:\Documents and Settings\Kovi\Local Settings\Temporary Internet Files\Content.IE5\CHUBS5EN\proddetail[1].htm” file.

I have a hunch no-ne wants to read the descriptions of the viruses like that, so I have attached the Avast! Anti-Virus log file and my HijackThis logfile too.

One of the viruses, the first VBS Malware: [script] one, I was infected with when I was on the internet using IE 6. A dialog box popped up that said the virus had been discovered in Internet Explorer’s temporary internet files.

Is it safe to delete these viruses or do I need to do something else?

Please help me out - thanks for all of your efforts on this forum everyone!

Hi kovi,

You should update IE6 to IE7 to improve system security.

The malware was found in System Restore and browser temp/cache files.

To clean System Restore:

Create a clean restore point:

http://www.bleepingcomputer.com/tutorials/tutorial56.html#manual

Delete all previous infected restore points:

http://www.bleepingcomputer.com/tutorials/tutorial56.html#delete

To clean temp/cache (and other junk files):

Download and run CCleaner:

http://www.ccleaner.com/

The HijackThis! log looks fine.

Always send detected files to the Chest (quarantine) rather than deleting them: this way you can restore them in the event of a false positive.

Also, please scan for out-of-date and insecure software using Secunia Software Inspector and update any vulnerable software: this will help to prevent future infections.

Did you add this file to your startup folder?

O4 - Startup: Progress.txt

Yes mauserme, that is a legitimate file, I added that to startup.

FreewheelinFrank,

Thank you so much for your help, I really respect you and your peers for the help you give on this forum. And yes, I always quarantine discovered viruses instead of deleting them.

And I think I will upgrade to IE7, IE6 is terrible for security.

Thanks so much once again, I hope I don’t have anymore problems. Well, with Avast Anti Virus running on my PC, I’m pretty confident that my PC is safe from viruses! :slight_smile:

You’re welcome. Glad to help.

I have the same problem and read with interest. Trouble is I don’t when I got infected so not sure about how far back to go on the restore point issue.

Any guidance available?

TIA

Snowcat

Hi Snolwcat,

Can you post your avast! log and a HijackThis! log as kovi did?

That would help.

No one used system restore to correct this, what they are talking about it creating a new clean restore point once the infection is cleaned up and then clearing all other restor points other than the new one.

So having followed this topic, what were your results, if you haven’t got any results other than avast detected the malware you will need to run HJT and post the contents of your log.

Program & Tutorial - Also useful as a diagnostic tool - FileHippo Download - HiJackThis - HJT Information HiJackThis Tutorial 1 or HiJackThis Tutorial 2