Endpoint Protection

Hello, I am a Windows 7 user. Two nights ago, I accidentally clicked on an advertisement while I was browsing on YouTube (Oh why didn't I get adblocker for Firefox?). I did a full scan my computer with Symantec Endpoint Protection and while scanning it paused for a good ten seconds at two strange files named system32/virusremoval.vbs and system32/newvirusremoval.vbs. I looked these files up and learned that these are indeed malicious files of some kind. I believe it is a browser hijacker. However, my computer has not shown any signs of change or slowing down. It's probably because I browse the internet in a non-administrative account, and the malicious programs do not have the ability to make changes to my computer? I'm not very efficient with computers, so I don't know. Anyway SEP scanned right through these files thinking they are harmless. So I downloaded MalwareBytes and ran a full scan. Nothing. I know these files are not good for my computer and they are hiding within my system files. Even though they aren't causing any harm so far, I would still feel better being rid of them. Can anyone give me some advice on how to remove them? By the way, I cannot find these files when I search for them through explorer. Thank you.

These are rootkits and you wont be able to find it in normal view
try running GMER scan once on your machine from gmer.net

However I will first suggest you to run a full scan in safe mode once with up-to-date definitions

Is show hidden files and folders checked?

Try Tizer Rootkit Razor

http://www.tizersecure.com/rootkit.php

I ran a scan on safe mode still nothing. I ran a scan using GMER as you said, but it found nothing. It didn't appear to be working properly since a number of popups came up about the registry (?). Now something interesting has happened. My Proactive Threat Protection is now turned off on SEP because "the definitions are too old." Maybe it's time to reformat my computer? Or is there still hope?

Note: I didn't run GMER on an administrator account, although it did ask for my password.

Proactive threat protection might have turned off because of definition issue..Do you see any abnormalities in your system..
Delete all files in Start --Run -%temp%
and Delete Temporary Internet Files

You can also try running Malwarebytes once..
The VBS files cannot harm your machine..if the threat is still present there would be a dll or exe.

Do you see those  files on your  computer? If SEP is not detecting, it, you can submit them, to the Symantec Security  response team, at https://submit.symantec.com/gold, and they would analyze and tell you, if they are really bad  files  or not...

Hello again,

I do not see any abnormalties in my machine. SEP is running normally again, thank goodness for that! I do not see the files on my computer even after checking "show hidden files." I only see the file names when SEP is scanning. Again, since computers are not my expertise I'm not sure if SEP is saying that I have those files in my computer while it's scanning or if it's just checking to see if I have them. I did a scan with MalwareBytes in safe mode and nothing came up. I'm starting to assume that nothing is in my computer and that SEP is simply just looking for files with VirusRemoval.vbs in the name. Since you say it's a rootkit, maybe I just can't detect it. Since GMER didn't find anything, should I use Microsoft's Rootkit Revealer next?

Rootkit Revealer will show you its there however it wont remove it..SEP is scanning the file because it is there..however that .VBS file itself is not a virus so its not getting detected..

Hi I have the same issue, except I'm running winXP, as I ran a full computer scan I saw the file virusremoval.vbs in the windows/system folder. Looked really weird so I googled it and joined these forums. I just did an update and am running the scan however SEP still hasn't picked it up. My version of SEP is what is offered to me from York University. Please help.

 

note: I remember I was once surfing, and this website opened up what looked like the My Computer folder and started scanning the harddrive and when I tried to close it gave me some message, it definetly looked really weird and so I tried scanning with SEP right away but it picked up nothing, hope this helps.

unlike the original posters computer, I have noticed a slight decrease in PC performance.