The threat we are going to write about today is vbs:malware-gen virus. This malware has been bothering mostly Avast and some other antivirus users, mostly when they would visit online shop Amazon web pages or stream videos from Twitch.tv. The notifications of this parasite later become so persistent, claiming that there is a virus and the whole computer needs to be cleaned and would block any further actions online before cleaning PC/Mac. This raised many questions because warning of vbs:malware-gen virus would appear on the websites that are reliable and other antivirus programs would not show any infection.
Vbsmalware Gen quicklinks
- What is vbs:malware-gen virus
- Why is the vbs:malware-gen virus being detected
- How to get rid of vbs:malware-gen virus
- Automatic Malware removal tools
If you’d start looking for answers online, you can find that many cyber enthusiasts claim that vbs:malware-gen is actually a Trojan or a worm that infects systems through corrupted media app updates or web pages, it steals personal data, installs additional malware and completely ruins your computer. But is vbs:malware-gen virus really a malware? Why do only Avast, AVG or Norton users see these notifications? How to get rid of the annoying and scary notifications about vbs:malware-gen infection?
What is vbs:malware-gen virus
There were plenty of speculations that vbs:malware-gen is a Trojan/Worm that infects user computers no matter if it is Windows or Mac OS, steals credentials, social security number, credit card info, logins, and track victim’s activity. However, only Avast, Norton and AVG users would see notifications of this malware on their Mozilla or Chrome browsers. Needless to say, these free antivirus programs are not the most reliable security products online, therefore people started wondering is it really malicious and not the fluke. That is when most forums filled up with questions of concerned users asking for help finding the cause behind it.
Avast representative Martin in one of the Avast forums to calm down the stressed customers:
False positive VBS:Malware-gen detection in VPS 20170221-1 (22.2.2017)
The VPS 20170221-1 contained an invalid script detection that resulted in a significant false positive across the Avast userbase.
How did this happen?
The Threat Labs team deployed a change in detection verification logic which moved the verification to an earlier stage of the detection release process. Multiple factors including deployment of new backend version caused this detection to bypass safety checks that are normally in place resulting in its release.
What are we doing to fix this?
We are implementing additional checks in the detection generation, detection validation and detection testing processes to prevent such errors in the future. On the mitigation side, Avast has the capability to stream updates to select detection containers. However this particular detection type is not included in the streaming updates at this time. We will enable streaming also for this detection type so we can remove these detections much faster in the future.
Conclusion We apologise for the released detection and are working hard to prevent such occurrences in the future.
The vbs:malware-gen virus has been bothering users since 2015 and still has not been fixed yet even after all the updates. Some people claimed that after the new Avast 170225-1 release the issue has finally stopped, yet the majority (even those who had the premium version) left to deal with this problem. Others advised to get the newest antivirus update and clean browser’s history, cookies, clear cache and etc. but still it did not work either and no matter what browser anyone would use the vbs:malware-gen virus message would still pop up.
Knowing how Unreliable free antivirus programs can be, it is no surprise that the threat is only recognized by the above-mentioned products. Furthermore, no other changes were noticed after detecting vbs:malware-gen virus that other Malware demonstrates, such as ads, browser hijacking, slow computer/browser, crashes and etc.
Why is the vbs:malware-gen virus being detected
Amazon, Twitch.tv, Tumblr, Zillow or even Google would trigger one of these antivirus programs to report vbs:malware-gen virus infection for no apparent reason. Vbs:malware-gen refers to something that has features of malware, but does not specify the any particular virus. This could be due to a URL Tracking feature, and code scripts that that most of websites are using. Therefore, not very well developed malware protection will flag them and block the any connection between such sites and the user, because it simply can’t recognize if it is really malicious or not.
How to get rid of vbs:malware-gen virus
Firstly, and most importantly, do not delete files related to this vbs:malware-gen virus that your Avast, AVG or Norton are suggesting because you can end up removing perfectly good files and ruining your system. Some users that trusted these antivirus programs and removed the suggested threats end up having to reinstall their Operating Systems because it was a false positive warning.
The solution to the mysterious vbs:malware-gen threat is pretty simple – getting rid of Avast and actually getting a more reliable antivirus/anti-malware program. Although there is no proof that vbs:malware-gen is not a virus, neither that it is, depending on all the signs and evidence we see, we can assure that in this case vbs:malware-gen is just one of many false positive alerts that Avast hasn’t fixed yet. Moreover, users claimed that by removing the suggested threat they experienced more problems than not reacting to it at all.
We have made reviews of most popular computer security products that you can take a look at here to have a better judgement for choosing your next antivirus or anti-spyware, because Avast has quite an ambiguous reputation judging from the way it is being distributed, recognizing the malware improperly and releasing contradicting software. The best anti-spyware tools that we can recommend in order to make sure that there really are no threats in your PC are Spyhunter or Malwarebytes. They are recognized amongst many other products as one of the most reliable and sophisticated malware removing software which do not show any fake alerts, and would definitely recognize an infection if there is one.
Automatic Malware removal tools