Virus VBS/ProxyChanger.AG

[Guest JCVP]

My NOD 332 has found VBS/ProxyChanger.AG, and put it in quarentine. But few minutes later this virus appears again. Does anybody know how can I delete this virus?

 

Thanks

[Marcos 5,074]

Please post detailed information from your Threat log (ie. the path to the file, the name of the threat detected, action taken and other additional information).

[Guest JCVP]

Marcos,

 

Object name -> (hxxp://zar.workbest.com:8082/worked.dat)

 

Virus -> VBS/ProxyChanger.AG

 

Action taken -> I have run NOD 32 in windows vista safe mode, but did not work. Everytime I access the internet few minutes later this virus appears again and again and again. And I have scanned all memory computer, NOD 32 don't find nothing.

 

I cleaned my internet temporay files, but did not work.

 

Could you pass more information/tips? 

 

Can we talk in portuguese?

 

Thanks

[Guest JCVP]

Do not enter in this link.

[Marcos 5,074]

The url doesn't work anymore. If it was detected by the http scanner it must have been blocked. Just to make sure, post the appropriate record from your Treat log which should look like as follows:

10. 8. 2013 20:05:30    HTTP filter    file    hxxp://www.eicar.org/download/eicar.com    Eicar test file    connection terminated - quarantined    pc\admin    Threat was detected upon access to web by the application: C:\Program Files (x86)\Opera\opera.exe.

[Guest Guest]

Threat log.

 

10.8.2013 17:32:19 HTTP filter file hxxp://zar.eworkbest.com:8082/worked.bat VBS/ProxyChanger.AG  connection terminated - quarantined HP-PC.

 

I think there is a file or a program (virus, worm and etc) in my PC that it tries to enter in this site. I think NOD32 had to find it. Am I right?

 

Thanks 

[Marcos 5,074]

Not necessarily. Please create a SysInspector log as per the instructions here and submit it to ESET along with a link to this thread as described here.