|
|
|||||||
|
|
Thread Tools | Search this Thread |
|
#1
July 31st, 2007, 09:08 PM
|
||||
|
||||
Avast warns of VBS Malware [html] but SAS doesn't detect it. Help needed!
Hi
Today for the first time my Avast Home kicked into life telling me I have a VBS Malware [html] worm in C\windows\options\cabs\win98_49cab\tiki.html Tiki lounge stationery I assume. I have both quarantined this file and tried to delete it but Avast Home says the operation is not supported for this type of file and will not delete. I am confused because SAS does not detect this file as malware, although shortly after infection WinPatrol did detect and delete an attempt to change to the wininit file What can I do to a. delete this file manually from the CAB file - is there a removal tool out there. b. establish whether it's a false alarm - I have sent the file of Avast and await reply. I guess it's not false, or else WinPatrol would not have reported it's change - so I suppose I've answered my own question there. Furthermore I am concerned because since my infection I have noted icons OE for one have disappeared from icon tray. and my display seems to have changed a little ie when a file box opens in FF there are no icons next to the file names. I run windows 98se I can preform a system file restore (but I'm not sure what that wins me for this) and have Acronis backups - can I replace the cab file from there? Any help gratefully received. Thanks.
__________________
Do you use Firefox? - try CO LO RFU L T ABS as it makes tab browsing easier. For safer surfing use FF LinkExtend Site Advisor - it's FREE! |
|
#2
July 31st, 2007, 11:42 PM
|
|||
|
|||
|
Re: Avast warns of VBS Malware [html] but SAS doesn't detect it. Help needed!
Tiki.htm is one of the files found in Win98_49.cab. Unless it's been replaced by malware, it's clean.
The MD5 signature of the Win98_49.cab is 3d6e4419a9c5130618f443993b98fc21 It's size is 1.71mb (1,802,240) bytes. Compare the MD5 of yours to these. If the MD5 signatures of the cab matches, it's a false positive. I extracted the copy of Tiki.htm from the cab file for comparison. It's size is 393bytes. MD5 is e870841da13872ccdf5d25d429786da6 You can compare these as well if you want to make doubly sure. If you need an MD5 checker, this one is free and works good. Just unzip and use. A shortcut to it in the C:\windows\SendTo folder makes it very convenient. If the signatures don't match, run a full system scan with both your installed AV and an online scanner. Replace the cab with a new copy from the windows CD. Rick |
|
#4
August 1st, 2007, 07:56 AM
|
||||
|
||||
Re: Avast warns of VBS Malware [html] but SAS doesn't detect it. Help needed!
Quote:
Hi, I sent the whole Cab_49 file to Avast yesterday - the one Avast was trying to tell me was infected. Odd thing was Avast did not specify a virus name - I thought 'VBS Malware [html] worm' seemed a bit vague, but I am a new user so I could be wrong.... It might be a false positive although when I shut down yesterday the system rebooted automatically - at first I wondered whether it was virus activity,  , but now I assume it was Avast dealing with the infection as this morning I was able to boot up fine and scanning CAB_49 manually with updated Avast - I am now told the file is clean. I compared the CAB file size and the tiki file with the Win98 CD and they were the same size. Oddly, I was not able to replace either the single offending tiki file or the whole cab from the CD Rom - I use Powerdesk 4 by Ontrack and all attempts came up with error message 'error occurred in extracting archive'. The file icon was greyed out so I assume it means it was hidden or otherwise no accesible I am a bit puzzled as to what to if I need to replace a CAB file in future - but for now Avast seems to have dealt with the issue or stopped giving a false positive. The alarming thing is that I realise the only way I may have become infected (if indeed I ever was) was via either the Currys or Comet electrical website in the UK. Both FF & McAfee site advisor indicated that site was OK - but if I was infected, it was due to one of those two sites. I wait to hear from Avast and will post their reply..... Thanks for the software recommendation, Rick.
__________________
Do you use Firefox? - try CO LO RFU L T ABS as it makes tab browsing easier. For safer surfing use FF LinkExtend Site Advisor - it's FREE! Last edited by bahjan : August 1st, 2007 at 08:10 AM. |
|
#5
August 1st, 2007, 11:23 AM
|
||||
|
||||
|
Re: Avast warns of VBS Malware [html] but SAS doesn't detect it. Help needed!
Avast Customer Service after examining my CAB file reports this issue as a false positive. Impressed with the swiftness of their reply - within 24hrs.
Other odd issues re - IMAP email pick up failure and missing task bar icons FF, OE, IE, & Desktop which also materialised yesterday were all solved by using Ontrack's Fix it utilities 4.0 Backup restore. Proving it's worth yet again!! These issues were probably associated with the wininit message I got via WinPatrol - I opted to delete the files attempting to re-write, (possibly the wrong choice on my part - but I'm a newbie with Scotty so that's my excuse!) Still a bit confused as to whether I was infected or whether it was an attempt at hijack, or whether it to was a false positive. As far as I know I have all MS patches installed. Maybe the reboot was something odd after all. Still, all's well that end's well, as everything seems back to normal again.
__________________
Do you use Firefox? - try CO LO RFU L T ABS as it makes tab browsing easier. For safer surfing use FF LinkExtend Site Advisor - it's FREE! Last edited by bahjan : August 1st, 2007 at 11:30 AM. |
| « Previous Thread | Next Thread » |
| Thread Tools | Search this Thread |
|
|
