I have had the home addition for about a year now. It has never found anything until yesterday. in the last 24 hours it has alerted me 3 times that there was a virus and to move it to the chest?

how do I find out what they are and how to get them off my computer?

Thanks!

and, where do I find the chest at?

Hi Andreaeau0101,

Could you tell us the names and locations of the files that avast is alerting to?

Have you sent them to the chest?
If you have they are safe in the chest and can do no harm.

To find the chest:

Right click avast tray Icon–> start avast antivirus → right click scanner interface–> Virus chest

-Scott-

they say:

1. bg-tab-lft-0[1].gif… location as appdata\local.… virus nutcracker family

2. displayad[1].htm … location (same as above)… HTML:Iframe-inf
   and 3 more with the same as the above listed.

Could you look at the avast log viewer to see the full locations of the files as the three dots indicate a longer path, which is useful to know.

Right click avast icon–>click ‘Avast log viewer’–>click ‘warning’ section–>look at the bottom of the log (or click the date time header to bring the most recent to the top)

Also, you didn’t answer the other question about whether it was sent to the chest or not.

-Scott-

Check the source file using notepad C:\Program Files\Alwil Software\Avast4\DATA\log\Warning.log and copy and paste the entry.

sorry about that.

yes they are in the chest.

I looked up the log viewer and it says.

7/14/2009 7:09pm SYSTEM 1604 sign of “HTML:Iframe-inf” has been found in "C:U…
7/15/2009 12:42 pm SYSTEM (same as above)
7/15/2009 12:44 pm “same as above”
7/15/2009 12:45 pm “same as above”

7/14/2009 8:08 PM u… (my last name) sign of “nutcracker family” has been found in "C:/…

I tried to double click on each warning to see the rest of the description but I dont have an option to view it. How do I view the whole thing?

will try the above…

7/14/2009 7:09:54 PM 1247616594 SYSTEM 1604 Sign of “HTML:Iframe-inf” has been found in “C:\Users\upchurch\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F3V16RDC\displayAd[1].htm” file.

7/14/2009 8:08:27 PM 1247620107 upchurch 4672 Sign of “Nutcracker family” has been found in “C:\Users\upchurch\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z19EVGU7\bg-tab-lft-0[1].gif” file.

7/15/2009 12:42:42 PM 1247679762 SYSTEM 1604 Sign of “HTML:Iframe-inf” has been found in “C:\Users\upchurch\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z19EVGU7\displayAd[1].htm” file.

7/15/2009 12:44:12 PM 1247679852 SYSTEM 1604 Sign of “HTML:Iframe-inf” has been found in “C:\Users\upchurch\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VPGVK2GI\displayAd[1].htm” file.

7/15/2009 12:45:41 PM 1247679941 SYSTEM 1604 Sign of “HTML:Iframe-inf” has been found in “C:\Users\upchurch\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F3V16RDC\displayAd[1].htm” file.

Yes, confirms what I thought, they were in the browser cache. This means that some site that you were visiting had some malicious content, and it looks like this was some form of banner ad or the like. Some sites use ads to get revenue and these ads are served up by ad servers and unfortunately some are modified to be malicious as well as being an ad.

So can you recall what site you happened to be browsing when these alerts were displayed ?

I can only assume that they got there because the browser (which is ? ) may not have been monitored by avast’s web shield as I would have expected that to intercept it first. The web shield alert offers only one option, ‘abort Connection,’ that blocks the infected element being saved in the browsers cache.

So I don’t know why you didn’t get this alert, or did you ?

What is your Operating System ?
What is your Browser ?

Im on Vista. and usually we use AOL but over the last few days we have been using both AOL and also internet explorer. I am wondering if it is the internet explorer as we just started using it.

As far as what website we were on, honestly I believe one of us was on Facebook’s “farm town” but I have used it several times before and after that incident. There are ad pop ups on farmtown, if one of us had accidently clicked on one of those could it have come from there?

Well social network sites are a higher risk and there is nothing to stop their ad delivery function being exploited by a malicious ad.

With Vista the IE browser (which version IE7 or IE8 ?) should be using the avast web shields localhost proxy (this scans content in a temporary location, the proxy, before being sent to the browser cache and this should alert and stop the browser running/displaying it.

If using the AOL browser then that level of protection wouldn’t be available and you would effectively be relying on the standard shield as the fall back.

This is the alert you would get if the web shield intercepted it, see image.

Try this harmless link to a test file which all anti-viruses recognise, its purpose it to show your AV is working as it should and what that alert would be. Web Shield Test - http://www.eicar.org/download/eicar.com

Unfortunately I have never used AOL (with a passion ;D) and I don’t use Vista and my browser of choice is Firefox, so I’m not a lot of practical help.