I have had Avast on my computer for months. I have a lot of excel files that I have created on my computer and stored in folders on my desktop. Last month, out of the blue, Avast quarantines all my folders into the virus chest, and relabeled them “original folder name”.exe… It says they have a Win32:VB-AGWV[Trj] virus. Avast phone support wants me to buy some $180 outside software support service to “clean” my computer from this virus. I hesitate, because I don’t know if cleaning my computer means deleting all the files or if cleaning means removing the virus and returning my original files. Phone support will not elaborate on what would/could be done. I can “Restore and add to exclusions”, take individual files out of the folder, scan them with Avast and other anti-virus programs and the files come up “no threat found.” If I then change the file name and leave both on my desktop, the next time I run Avast, it is likely to take the file and quarantine it again. My question is: can files be “scrubbed” of this Win32:VB-AGWV[Trj] virus?
My question is: can files be “scrubbed” of this Win32:VB-AGWV[Trj] virus?we need some logs to see whats in there first .... it looks as you may have used a infected USB stick ?
attach Malwarebytes / OTL / aswMBR. http://forum.avast.com/index.php?topic=53253.0
Do you have a flash drive?
Check USB storage devices / removable drives
Download MCShield from one of the following links:
MyCity - Official download link
Softpedija - Mirror download link
[*] Double click MCShield-Setup to install the application.
[*] Wait a few seconds to MCShield finish initial scan.
Recommendation to under General and Scanner tab you click on Defaults button to choose recommended options.
[*] Connect your USB storage devices to the computer one at a time. Scanning will be done automatically.
When all scanning is done, you need to attach a logreport that MCShield has created.
Start → All Programs → MCShield → Logs
Attach here → AllScans.txt
Explanation: USB storage devices are all the USB devices that get their own partition letter at connecting to the PC,
e.g. flash drives (thumb/pen drives, USB sticks), external HDDs, MP3/MP4 players, digital cameras,
memory cards (SD cards, Sony Memory Stick, MultiMedia Cards etc.), some mobile phones, some GPS navigation devices etc.
.
Next →
Please download Farbar Recovery Scan Tool (
http://www.mcshield.net/personal/magna86/Images/FRST_canned.png
) by Farbar and save it to your desktop.
Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.
[*]Double-click to run it. When the tool opens click Yes to disclaimer.
[*]Under Optional Scan ensure “Driver MD5” are ticked.
[*]Press Scan button.
[*]It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
[*]The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
sorry for the delay… I work two jobs and can’t get to my computer as much as I like… plus, I hate going to it in this wounded state…
but here is the Malware Log…
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2013.12.20.02
Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
ed :: ED-PC [administrator]
12/20/2013 1:16:59 AM
MBAM-log-2013-12-20 (07-19-23).txt
Scan type: Full scan (C:|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 408288
Time elapsed: 1 hour(s), 6 minute(s), 11 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Microsoft (Worm.AutoRun) → Data: C:\Program File\Microsoft\WindowsDefend.exe → No action taken.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 2
C:\Users\ed\AppData\Local\Temp\CT3317209 (PUP.Optional.Conduit.A) → No action taken.
C:\Program Files (x86)\SweetPacks (PUP.Optional.Sweetpacks) → No action taken.
Files Detected: 3
C:\Users\ed\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9YZIEJ7D\spstub[1].exe (PUP.Optional.Conduit.A) → No action taken.
C:\Users\ed\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9YZIEJ7D\Video_Converter_brie.exe (PUP.Optional.Conduit.A) → No action taken.
C:\Users\ed\AppData\Local\Temp\CT3317209\ddt.csf (PUP.Optional.Conduit.A) → No action taken.
(end)
plus, the next responder said something about running a scan with MCSHIELD and here is the log from that scan:
MCShield ::Anti-Malware Tool:: http://www.mcshield.net/
v 2.8.3.24 / DB: 2013.12.14.1 / Windows Vista <<<
12/19/2013 7:42:25 AM > Drive C: - scan started (HP ~685 GB, NTFS HDD )…
C:\C0MM\C0MM
C:\C0MM\C0MM - Malware (folder) > Deleted. (13.12.19. 07.42 C0MM.929516)
=> Malicious folders : 1/1 deleted.
::::: Scan duration: 1sec ::::::::::::::::::
12/19/2013 7:42:25 AM > Drive D: - scan started (FACTORY_IMAGE ~14 GB, NTFS HDD )…
D:\autorun.inf > Suspicious > Renamed. (MD5: a58e87ffeec377bdfe74aa489e222618)
D:\desktop.ini - Malware > Deleted. (13.12.19. 07.42 desktop.ini.931144; MD5: 12a51a677a89535de21b6127c487eb50)
D:\C0MM\C0MM
D:\C0MM\C0MM - Malware (folder) > Deleted. (13.12.19. 07.42 C0MM.976461)
=> Malicious files : 1/1 deleted.
=> Malicious folders : 1/1 deleted.
=> Suspicious files : 1/1 renamed.
hope I didn’t mess things up by running both. Currently I have AVAST, Malwares, MCShield, and MicroSoft Security Essentials on my computer… MS Security Essentials is turned off, should I turn any others off.
Thanks for your help.
Farbar Recovery Scan Tool?
edit.
MicroSoft Security Essentials you must uninstall.