Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

VBS:Malware-gen in NTUSER.DAT files??? (Windows 7)


  • Please log in to reply
2 replies to this topic

#1 BurnerFriend

BurnerFriend

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:02 PM

Posted 22 February 2017 - 10:52 AM

I run Windows 7 with Avast for my antivirus. 

 

Last night upon booting up my rig Avast alerted me that I had VBS:Malware-Gen, and to run a bootscan.

 

Bootscan quarantined and removed several files, but identified that the NTUSER.DAT files for my only user profile and System32 were infected and could not be deleted due to share flags (and as little as I know about this, I do know removing those files would be BAD).

 

Running bootscan again would find more files each run, suggesting the malware was still active and replicating itself once boot was complete.

 

On the advice of a friend I ran Combofix. After doing so Avast still says I have the VBS:Malware-gen. However, running Bootscan now only finds the infection in three places - the two aforementioned NTUSER.DAT files, and a file the temporary internet files location that it supposedly quarantines each time. Subsequent runs of bootscan finds it only in the same location.

 

I then downloaded and ran MalwareBytes. It finds no infection, even upon full scan including rootkit.

 

Wondering which is wrong - do I still have the malware and MalwareBytes can't see it? Or have I removed it, but the footprints it left behind are triggering false positives in Avast?

 

Any help would be appreciated.



BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,254 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:03:02 PM

Posted 22 February 2017 - 11:03 AM

Another member's Avast reported the same....VBS:Malware-gen

The member checked at Avast forums and that is being reported as possibly a false positive. Suggest you

check at Avast forums for further advice and info.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 buddy215

buddy215

  • Moderator
  • 13,254 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:03:02 PM

Posted 22 February 2017 - 11:06 AM

You can submit files to VirusTotal - Free Online Virus and Malware Scan and allow them to be scanned by numerous security programs

for a better idea as to whether what is being reported by Avast is a false positive finding or not.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users