Win32:VBCrypt-BKD

AVAST flagged Win32:VBCrypt-BKD[Trj] in

c:\ProgramData\Microsoft\Search\Data\Applications\Windows[b]windows.edb[/b]

At this point I ran Malwarebytes and used online Panda scan with both results negative. I suspected a false positive but to be safe I stopped search indexing via Services and allowed Avast to put the file in the vault.

I restarted indexing and Avast’s next scan flagged the file again. This is a “different” file because it was generated after turning indexing back on. So, I figured I had better pursue and hopefully resolve this.

All my scans are with indexing turned off.

I don’t notice anything amiss other than the Avast scan result.

I’m running Vista Home Premium on a 64-bit machine.

Thanks.

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.08.18.06

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 8.0.6001.19298
Leigh :: HOME-PC [administrator]

8/18/2012 12:06:19 PM
mbam-log-2012-08-18 (12-06-19).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 221287
Time elapsed: 4 minute(s), 39 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

OTL scans attached

have you tested the file at virustotal.com ?

aswMBR scan

No, I was looking for something like that.

Can I use the file that is in the vault or should I turn indexing back on and let it generate the file in it’s normal location and then use that one?

if you use the file in chest…you must restore it to orginal location before you can upload it

OK, thanks. I’ll do it now.

The file is too large. It’s 385,280 KB and Virustotal can’t exceed 32MB.

To me that is a false positive as the logs look good and show no malware traces

Are any problems being experienced ?

No problems. That’s why I assumed false positive also, especially with MBAM and Panda negative.
So I finished some work I needed to do with indexing off and a clean scan. But searching was impeded so I restarted indexing and my next scan flagged the file again.

I also run ZoneAlarm, Supeantispyware, and Spywareblaster. Maybe you see that lol. I like to think I run a tight ship.

I never really looked at the vault and now see I can submit the file to the virus lab. Shall I do that?

try http://www.metascan-online.com/ it can take 40mb

Yes submit to the labs that would be the best option

Thanks…it’s uploading now…I’ll post the result.

Thanks, will do!

Ooops my file is >300 MB :stuck_out_tongue: