Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus Vbs/agent


  • Please log in to reply
3 replies to this topic

#1 tee6

tee6

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:12 AM

Posted 28 August 2008 - 10:13 PM

Hi everyone. I hope someone can help me with problem.

AVG keeps telling me VBS/Agent virus found.


C:\WINDOWS\system32\shell32.dll Change Changed


Virus found VBS/Agent Infected, Embedded object, Deleted

C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\SupportSoft\medicsp2\HP_Administrator\data\sprt_actionlight\7c9ba4d3-63fb-4526-985e-8ec5e3c53623.2\View\3\SupportAction.cab:\default.vbs



Virus found VBS/Agent Moved to Vault

C:\Documents and Settings\NetworkService\Local Settings\Application Data\SupportSoft\medicsp2\HP_Administrator\data\sprt_actionlight\60de1996-a378-4675-8646-182b939807a9.1\script.htm



Virus found VBS/Agent Moved to Vault

C:\Documents and Settings\NetworkService\Local Settings\Application Data\SupportSoft\medicsp2\HP_Administrator\data\sprt_actionlight\7c9ba4d3-63fb-4526-985e-8ec5e3c53623.2\script.htm



These are the results I get after I scan. Any help would be very appreciated.


Thanks,
Tee6

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:12 AM

Posted 28 August 2008 - 10:45 PM

AVG keeps telling me VBS/Agent virus found.

Is it telling you this after moving the files to the vault? If so, try scanning in "Safe Mode".

C:\WINDOWS\system32\shell32.dll Change Changed

Reported changes in system files such as kernel32.dll, wsock32.dll, user32.dll, shell32.dll and ntosknrl.exe are normal for AVG and not a cause for alarm.

There are many valid reasons for those files to show changed, a Windows update, file system check that replaced them if corrupted, and others. As long as AVG doesn't say they are infected it is ok. If it continues to show changed, delete the following file(s) in the C:\ directory and AVG will create a new one(s)...AVG7DB_F.DAT, AVG7QT.DAT

kernel32.dll, wsock32.dll, user32.dll, shell32.dll and ntosknrl.exe have "changed"

It is normal that AVG shows that files, the MBR or Boot record to have changed. These are done during normal maintainance, when you or windows updates files or have had to correct errors on the drive. The only time that you should worry is if they also show as infected.

To get AVG to quit showing them as changed...

Changed File Alerts
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 tee6

tee6
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:12 AM

Posted 31 August 2008 - 11:26 PM

Hi Quietman7,

Thanks for your reply. I followed your instructions and scanned in safe mode unfortunately it did not work. :thumbsup:

Here are my results from my scan today. Also AVG says object located inside of archives and cannot be healed. Is there something I can do about that?


Item Name Item Value
General properties
Report name Complete Test
Start time 8/31/2008 8:00:10 AM
End time 8/31/2008 9:17:12 AM (total: 1:17:01.5 hrs)
Launch method Scanning launched by scheduler
Scanning result Threats found
Report status Scanning completed successfully

Object summary
Scanned 147800
Threats Found 4
Cleaned 0
Moved to vault 2
Deleted 0
Errors 0
Object Result Status
C:\WINDOWS\system32\shell32.dll Change Changed
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\SupportSoft\medicsp2\HP_Administrator\data\sprt_actionlight\60de1996-a378-4675-8646-182b939807a9.1\composite.cab:\default.vbs Virus found VBS/Agent Infected, Embedded object, Deleted
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\SupportSoft\medicsp2\HP_Administrator\data\sprt_actionlight\60de1996-a378-4675-8646-182b939807a9.1\script.htm Virus found VBS/Agent Infected
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\SupportSoft\medicsp2\HP_Administrator\data\sprt_actionlight\7c9ba4d3-63fb-4526-985e-8ec5e3c53623.2\composite.cab:\default.vbs Virus found VBS/Agent Infected, Embedded object, Deleted
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\SupportSoft\medicsp2\HP_Administrator\data\sprt_actionlight\7c9ba4d3-63fb-4526-985e-8ec5e3c53623.2\script.htm Virus found VBS/Agent Infected
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\SupportSoft\medicsp2\HP_Administrator\data\sprt_actionlight\60de1996-a378-4675-8646-182b939807a9.1\composite.cab Moved to Vault, Archive
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\SupportSoft\medicsp2\HP_Administrator\data\sprt_actionlight\7c9ba4d3-63fb-4526-985e-8ec5e3c53623.2\composite.cab Moved to Vault, Archive



Thanks again for any help you can give me.

Tee6

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:12 AM

Posted 01 September 2008 - 06:57 AM

"Healing" a file is the attempt to repair or return the infected file to its original state.
"Disinfecting" a file is the attempt to remove the virus from the infected file, leaving it clean again.

If the anti-virus cannot determine the file's original state, it cannot heal the file and sends it to the vault for quarantine. If the anti-virus cannot remove the virus from the infected file, it sends it to the vault for quarantine.

When an anti-virus quarantines a file by moving it into a virus vault (chest), that file is essentially disabled and prevented from causing any harm to your system. The quarantined file is safely held there and no longer a threat until you take action to delete it. One reason for doing this is to prevent deletion of a crucial file that may have been flagged as a "false positive". If that is the case, then you can restore the file and add it to the exclusion or ignore list. Doing this also allows you to view and investigate the files while keeping them from harming your computer. Quarantine is just an added safety measure. When the quarantined file is known to be bad, you can delete it at any time.

Keep in mind, however, that if these files are left in quarantine, other scanning programs and security tools may flag them while in the quarantined area.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users