Im running Windows XP Home, SP2, fully updated with a firewall and 2 antispyware programs & of course avast professional, well this morning my avast screen saver scanner alerted me that something like a VBS:Trojano-472 [Wrm] was in my memory at some 0x###### location, the only options I were given for dealing with it was pressing “Ok” and doing nothing or scheduling a boot time scan so i did a boot time scan the first time and “Ok” the second with no success… I googled “VBS:Trojano-472 [Wrm]” to find nothing about removing it only references to it in avast vps records and websites in other languages… my memory has seemed to be lacking for quite awhile, if ive had this infection all this time I would really appreciate any help in removing it… preferebly without reformatting or buying hardware… help please!?
It could be a false positive…
Better if you update your virus database and test again.
To be sure, the better will be test the system with on-line scanners.
Try scans with Ewido and a-Squared: both do memory scans. As Tech said, do a few online tests to be sure: remember Panda and Trend Micro use unencrypted signatures, so turn off avast! during a scan if you use them. F-Secure is another option. The Kaspersky scanner has an excellent detection rate but won’t remove anything, if you just want to confirm that there’s nothing there.
Good luck!
On-line Virus Scanners and other useful Links Security-Ops.eu.tt
I have never had a problem with Trend Micro’s online scan only Panda’s. Also if you could locate the file that is being detected try a Jotti scan by clicking the link.
I ran ewidos online scanner and downloaded a trial version of a-squared personal and only found what looked like a few minimal threat registry values and one tracking cookie so this is all a false alarm??
The best way to determine this is by testing against a multi engine on-line scanner, such as Jotti that Justin posted.
If you are getting a virus warning that you believe is a false positive, then if you can zip and password protect (‘virus’, will do) the suspect file and send it to virus @ avast.com (no spaces), or send from the chest.
Give a brief outline of the problem (possibly a link to this thread), the fact that you believe it to be a false positive and include the password in the body of the email. Some info on the avast version and VPS number (see about avast {right click avast icon}) will also help.
If it is indeed a false positive, add it to the exclusions lists (Standard Shield, Customize, Advanced and Program Settings, Exclusions) and check scan it periodically using the ashQuick scan (right click scan), when it is no longer detected then remove it from the exclusions.
Also see (Mini Sticky) False Positives
I cannot test a specific file in an online scanner and I cannt zip it… I have no file location!! Avast only tells me that its at a Hexidecimal (I think) location in the memory… its not an open running process that I can find in a process manager or in any folder its somehow in the memory 24/7 Im experienced enough at file trojans / viruses but ive never had one that just sat in the memory eating it up… help please??
Hi AT :
Perhaps this "trojan/worm" is "linked" to some hidden
rootkit !? To check such a possibility, I recommend you
run "RootkitRevealer" from :
www.sysinternals.com/Utilities/rootkitrevealer.html .
This FREE, highly regarded, program can find, but does
NOT remove any rootkit; its scan should be done just
AFTER emptying your Temp Internet Files to reduce the
chance of false-positives .
You are saying that screen-saver reported this virus… so, you editted the Screen-saver task (in Enhanced User Interface) and set “Memory” as the area to scan?