Avast says c:\hiberfil.sys infected by VBS:Gascript?

Question:

Chris W

2009-02-07 14:47:25 UTC

then says, Share access flags are incompatible. I have been trying to remove the red circle with the white x in the system tray. I have scanned using Malware Bytes, SUPER antispy, Smitfraud, and lastly Avast. The "x" is gone from the sys tray (for now, it has come back before) yet, i still occasionally get the pop-up security warnings. I have checked the "turn off system restore" box in control panel. Cleaned and scanned then recleaned and rescanned. I am so frustrated. Then I reboot. Then I uncheck the "turn off system restore" box. Yet I stilll get the annoying security pop-ups. I dont really want to go to firefox if i can help it. What is hiberfil.sys? What is VBS:GAscript? Why after scanning for malware using 4 different removal programs am i still getting these popups? GRRR! I dont know what to do. Ive read forums. Will someone please help me?

Five answers:

2009-02-07 15:04:05 UTC

Do everything that follows !

An affirmation to start: 1) NEVER run an online scan when you are already infested - It's like poking a hole in your already weakened protection to let in more Malware, do NOT copy your documents elsewhere as this will only spread the Malware, do NOT use your Email until this is cleaned and DO NOT REFORMAT unless it is your last resort.

Now for the main part: Malware is one of the worst kind of viral infection, deeply rooting itself in your system (some even hide in your router's firmware). Virus scanners (which are mostly blind to it) and the Restore Point Utility are not good things to use against such invasion for this reason alone.

So DON'T take chances with it !!!

Get the programs I listed from another computer (Internet Café, Public Library or friend's computer) onto a USB stick as Malware blocks you from downloading protection. A word of caution, be sure to read all programs help files completely before using them. If you still cannot use MBAM, rename it Alteregobytes to confuse the Malware (but be sure to keep the .exe extension on it) and use it as alternative for part A of the following solution.

TRYING MBAM ALONE IS NOT ENOUGH AS YOU NEED A COMPLETE SOLUTION, here is one (use programs in the order stated):

A) Download MBAM (MalwareBytes' Anti-Malware): http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?part=dl-10804572&subj=dl&tag=button - Install the application and make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish ( If an update is found, it will download and install the latest version ).

Once the program has loaded, select "Perform Quick Scan", then click Scan ( The scan may take some time,so please be patient ). When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected ( When disinfection is completed, a log will open in Notepad and you may be prompted to Restart ).

B) Try the tricks and free programs I use: 1) Clean browsers junk.

Method One (now): In Internet Explorer (IE), click the Tools menu, then Delete Browsing History and in the box, click the Delete all button (bottom left) and Yes.

In Firefox (FF), go to tools, clear private data, make sure all boxes are checked and then click on the clear private data now button.

Method Two (Normal use: Every 14 days - Heavy use: Every 7 days): In IE, click the Tools menu, Delete Browsing History and in the box that opens, do these: a) click the button near Temporary Internet Files, click Yes and wait for the box that opens to close.

b) click the button near History, click Yes and wait for the box that opens to close and finally, click the close button (bottom right) to finish.

In FF, Go to tools, clear private data and uncheck all except Browsing History, Cache and Authenticated Sessions boxes then click on the clear private data now button.

Note: Close browser when done to clear cookies still in memory. For other browsers or versions of the programs, check help files for guidance on doing cleanup.

2) Turn off the restore point utility ( Guide for XP: http://support.microsoft.com/kb/310405 and Vista: http://windowshelp.microsoft.com/Windows/en-US/Help/9f6d755a-74bb-4a7d-a625-d762dd8e79e51033.mspx )

3) Use this free cleaner: http://www.glaryutilities.com/gu.html to remove junk and remnants files.

4) Use a "Disk defragmenter".

5) Turn restore point utility back on. (see part 2)

6) Do not use toolbars (spyware).

7) Persisting problem after this, make sure your virus scanner database is updated.

8) If the problem is very stubborn and you have a router, visit its web site and check for firmware that is more recent than your version. If FOUND, download and install, if NOT, use the router's reset switch, both methods return it to factory settings. "WARNING": Gather router install CDs, guides, passwords before doing this as you will need to do all connections again.

By doing so, you are on your way to being well protected BUT never relax your guard !

And as a bonus, your computer will be cleaner and probably a bit zippier ( all that for free ! )

2016-08-23 23:48:25 UTC

2016-02-27 07:09:46 UTC

Delete the beasts - but they are likely to come back because they are in System Restore. If so , right click on My Computer > properties. Now open the System Restore tab. Tick 'Turn Off System Restore'. Click Apply, click ok. Now run your anti malware programs again. If now clean turn on System Restore. wdw

2009-02-07 15:04:02 UTC

Easy. Just manually delete that C:\hiberfil.sys file.

It is not even needed unless you use your computers Hibernate or Sleep feature. Just takes up space. A lot of space.

Here's how (WinXP):

http://www.softwarepatch.com/tips/hiberfil-sys-xp.html

golfer2

2009-02-07 14:53:04 UTC

Restart your computer,press F8 when you see your screen, choose safe mode and then run a full scan with malwarebytes.

ⓘ

This content was originally posted on Y! Answers, a Q&A website that shut down in 2021.

about - legalese