Avast! Deletions Shutdown IE7 in VISTA - Explanation Please?

Hello All! :smiley:

New to Avast! (just 2 wks or so - replaced AVG on my VISTA laptop; using Windows Defender) - seemed to be working well until the last few days; returned from a short vacation & turned on the computer - immediate Avast! warnings about malware; in my haste, I just deleted the files in question (not sure ‘why’ these were detected then unless the issue related to updating the database) - after these deletions, IE7 would not open (could not initialize w/ an error code) - well, going through a few ‘safe’ reboots, and finally using the ‘previous good configuration’ I was able to ‘recover’ the function of IE7 - not really sure why?

Tonight, I ran Windows Defender (no problems found) & Avast! (two more additional files found which I added to the ‘Chest’) - attached is a pic of the current ‘Chest’ contents - I would appreciate advice: 1) Why did these files ‘bring down’ IE7 in VISTA?; 2) What are these quarantined files?; 3) Can I safely delete these w/o disrupting my VISTA/IE7 OS?; and 4) Are some of these warnings really major issues, ‘false positives’, or other? I was really liking this AV program until yesterday when I thought my whole VISTA/IE7 installation was ruined! Please advise as to these questions & any suggestions that might minimize these warnings, if not really that important - just curious ‘why’ my Defender program & Avast! seems to be conflicting - thanks all - ???

Did you deliberately install the “Mywebsearch” toolbar? This is fairly widely considered as adware-low risk. There have also been reports of it installing without consent. It is often bundle with other items.
Probably the reason IE7 crashed was associated with Avast quarantining the toolbar, which installs onto the browser.
See if it exists in “add/remove programs”.

Tarq57 - thanks for looking @ my pic & observing the multiple entries related to the ‘Mywebsearch’ toolbar - YES, this was present - believe that my DIL sent us some pics through ‘Smiley Central’ and not through my wanting this toolbar, it was loaded on to my IE7 (GOD, this is irritating!) - at any rate, the program was present in the ‘Add/Remove Programs’ - I uninstalled & rebooted - now the toolbar is gone! Thanks!

In rechecking the Avast! Chest, these listings are still present - do I need to recheck their folder locations or can these just be deleted from the ‘Chest’ w/o a problem? - :smiley:

Reinfection or replication is a well-know way of malware to survive…
I suggest:

  1. Disable System Restore and reenable it after step 3.
  2. Clean your temporary files.
  3. Schedule a boot time scanning with avast with archive scanning turned on.
  4. Use SUPERantispyware, MBAM or Spyware Terminator to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.
  5. Test your machine with anti-rootkit applications. I suggest avast! antirootkit or Trend Micro RootkitBuster.
  6. Make a HijackThis log to post here or, better, submit the RunScanner log to to on-line analysis.
  7. Immunize your system with SpywareBlaster or Windows Advanced Care.
  8. Check if you have insecure applications with Secunia Software Inspector.

Infected ones…

Leave them in the chest (they can’t do any harm there) for a week or two so as to ensure that there are no harmful effects from them having been moved there (incorrect detection, etc.). This gives you time to investigate if at all possible (google search, ask here, etc.) to confirm.

Well, you could extract the files to a safe place (new folder) and send them to www.virustotal.com for analysis… but they seem to be infected files.
The .vir file is a ‘moved’ and ‘renamed’ file by avast.

Why do you think so?

There is no rush to delete anything from the chest, a protected area where it can do no harm. Anything that you send to the chest you should leave there for a few weeks. If after that time you have suffered no adverse effects from moving these to the chest, scan them again (inside the chest) and if they are still detected as viruses, delete them.

Tech - thanks for your excellent posts & help! :slight_smile:

As mentioned, I was able to remove the toolbar as described - on reboot, I checked Windows Explorer and the ‘Mysearch toolbar’ folder was still present but there were none of the files left as I posted in my pic, so I simply deleted the folder; in addition, I went to the Avast! ‘Chest’ and deleted the entries related to that toolbar since the files no longer existed on my hard drive - seemed logical to me (but HEY I’ve been wrong in the past! :wink: :D) - closing & reopening IE7 seems to work fine at the moment.

Do I really need to go through all of the steps in your first post in this thread - this computer is mainly used via a Linksys router - doubt there are any major infections, but will certainly heed any advice recommended; again, thanks for all of your prompt responses - glad I was able to ‘recover’ my function & eliminate some potential problems - :slight_smile:

It won’t harm, on contrary, you’ll have a more secure computer imho :wink:

Sonicman, I agree with Tech. (I’d be treading very unwise ground not to…)
After any infection it’s wise to give things a spring clean, to be sure.
What’s been done may well have removed all traces, but with dodgy installations you can never be too sure.
Just my 2c worth. At least run the boot time scan, and another scan with, say, Superantispyware. It does nobody any harm to install SAS. It’s reputation as a scanner and cleaner is starting to become unrivaled.

Thanks Guys! :smiley: I really appreciate your input & concern - great & quickly reponsive forum!

Did a Hijack This log & loaded it to ‘Cybertech Help Forum’ - I’ve been pretty active there & the experts know me, so that will help - after a response, I’ll certainly consider your other recommendations - :slight_smile: