I was looking for a CD burning program for Windows Me and found ExpressBurn. http://www.nch.com.au/burn/plus.html

When I ran it, it launched Internet Explorer, with the Ask toolbar installed. The ExpressBurn installer never asked if I wanted Ask!

I immediately quit everything and uninstalled ExpressBurn and Ask toolbar, but when I rebooted something kept trying to launch IE. After some digging around I found a folder under Windows that wasn’t supposed to be there. I don’t remember what the filenames were, but a web search showed there were a couple of trojans.

I deleted that folder then deleted all references to the bad files from the Registry. I guess I didn’t get everything or it was one of those things which does a swap of critical system files to hide itself because Windows wouldn’t boot normally or in safe mode.

It was a clean install of WinMe, so it wasn’t too much bother to wipe the drive and start over.

The worst part though is that Avast was installed and updated and didn’t catch the trojans being installed!

NCH Software is on my personal blacklist for this. I won’t trust anything from them. Even if the malware just coincidentally sneaked in some other way at the same time, installing a Browser “Helper” Object without asking permission is extremely nasty.

I’m not sure what exactly was going on on your PC but NCH Software is a trusted software vendor. They wouldn’t be bundling malware with their software.

Isn’t there more info in the avast logs, I mean, about file detected names and paths?
Did you run a full avast scanning?