I seem to have picked up this WIN32:VBCrypt-CSL [trj] on my laptop and Avast will not move it to the chest or delete the process, Any help with removing this Trojan will be greatly appreciated. Thanks
Before we can help we need some logs http://forum.avast.com/index.php?topic=53253.0
Hello Pondus,
I appreciate your prompt attention to my issue and I just want to apologize for starting a new thread on this topic as I understand there have been many before mine covering the same thing. I just want to make sure i understand, after clicking your link you want me to run Malware Bytes and post the log on this thread to be reviewed correct?
Pondus,
Here is the MBAM Log, for some reason it did not pick up any threats as Avast did, I am moving onto the OTL program.
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2014.01.18.07
Windows 8 x64 NTFS
Internet Explorer 11.0.9600.16476
metal_000 :: CLAPTRAP [administrator]
1/18/2014 5:30:16 PM
mbam-log-2014-01-18 (17-30-16).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 234268
Time elapsed: 3 minute(s), 40 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Now you need some expert assistance from a qualified removal expert here.
Wait for his arrival and then follow all of his instructions to the dot.
The removal of this malware consists of a number of steps like:
deactivating system restore, run computer in safe mode, cleanse temp internet files, delete malware processes and cleanse the malicious registry entries.
This can only be dome under guidance of a qualified removal expert.
polonus
Polonus,
Here is the OTL log. Also I am running Windows 8 and the next step requires another program to be downloaded with a note attached that says the program is not compatible with my version of Windows, what should I do next?
The qualified removal expert will inform you next. Wait for him to enter the thread.
polonus
Can you tell us the name and location of the file detected …full file path?
Now you wait for a malware expert to arrive. Since it is way past midnight here in europe you may not recive a reply tonight
Pondus,
I would be happy to provide that information, however I cant seem to locate the avast log of my last scan, is there any help you can offer in finding this folder or information? Also I appreciate all your help and assistance in these late hours for you.
I have informed a qualified removal expert and he will be in when awake first thing to-morrow.
Pondus and I are late out guys. It is nearing 2.00 AM GMT here in this part of Europe.
So you wait a couple of hours for us to catch up with your malware cleansing routine. 8)
And wish us Europeans a good night’s rest. ;D
polonus
Try avast chest (quarantine)
Night night
Polonus and Pondus,
No problem, I hope you all have a goodnights rest and I look forward to working with you tomorrow, Thanks again for all the assistance and prompt replies 8)
Hi robotdevil,
Posted OTL log looks clean.
This “Win32-VBCrypt-csl” is known as posible False detection. Could you please open your avast AV, seek and show me the full path of detected file.
I do not need the name of detection, I need the file path (e.g: c:\windows\system32\some_folder\some_file.exe )…
ScreenShot will do.
Hello Magna86,
the file path for that avast picked up is C:\Users\metal_000\AppData\Local\Microsoft\Windows\WebCache\V010164F.log
Then this is FP caught by one of avast heuristics. You don’t have anything to worry about, you are clean.
Magna86,
Great news, thanks for your and everyone else’s time and assistance, you all have made this quit painless and informative. have a great week 8)