Hi,
Avast! 6.0.1125 (engine and definitions are completely up-to-date)
I just ran a routine (Full) scan… And Avast! found 1 infected file (a .dll file) from an card maker program (which I never used) (MyFunCards.exe)
(BTW, the calendar and card Web sites are often infected or cause warnings)…
Avast! moved the file (program?) to the “virus chest”
Here is the info from the virus chest:
00000010
1318883639
MyFunCards.exe
C:\frDLoads2Check\mom 95 birthday
Win32:FunWeb [PUP]
Vir
yes
1320595134
149048
(It stated low severity and action successful)
I am going to run a boot scan - I cannot find the program now (which I never executed)
Is there anything else I should do (assuming the boot scan is negative?)
Thanks!
The engine/definitions might be up to date but your version of avast certainly isn’t. The latest version is 6.0.1289, so I would suggest that you do a program update.
You have elected to scan for PUPs (Potentially Unwanted Programs) and this Fun Web stuff certainly falls into that category, with many considering it adware.
You say there was a detection on a .dll file yet this MyFunCards.exe isn’t a dll file (so what was this dll) ?
I don’t believe you need to run a boot-time scan.
A scan by MBAM would be another option as the fun web type of adware is something it is likely to pull up and there may well be other funweb references.
MalwareBytes Anti-Malware (MBAM), On-Demand only in free version http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe, right click on the link and select Save As or Save File (As depending on your browser), save it to a location where you can find it easily later. Install, Update, Run and post the contents of the log file.
You say there was a detection on a .dll file yet this MyFunCards.exe isn't a dll file (so what was this dll) ?
It was a .dll
(Below)
I did run a boot scan (Right after original post) and it came up positive for PUP also
Here are the 2 virus chest content entries:
Full system scan: 6/11/11
C:\frDLoads2Check\mom 95 birthday\MyFunCards.exe|>f3EzSetp.MyFunCards.dll
Severity Low
Status: PUP:Win32:FunWeb[PUP]
Action: Moved to Chest
Result: Action successful
Boot scan: (11/6/11)
C:\System Volume Information_restore{2AE71B63-8EBA-4589-AE91-A44E35F6B5ED}\RP1007\A0100148.exe|>f3EzSetp.MyFunCards.dll
Severity Low
Status: PUP:Win32:FunWeb[PUP]
Action: Moved to Chest
Result: Action successful
A scan by MBAM would be another option as the fun web type of adware is something it is likely to pull up and there may well be other funweb references.
MalwareBytes Anti-Malware (MBAM), On-Demand only in free version http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe, right click on the link and select Save As or Save File (As depending on your browser), save it to a location where you can find it easily later.
I have this: Malwarebytes’ Anti-Malware (I’ll see if there’s a later version - and run the full scan)
Install, Update, Run and post the contents of the log file.
The dll file is actually inside the MyFunCards.exe file that is indicated by the the |> everything after that is contained inside the first file name.
The second detection is the same but this is a copy of the MyFunCards.exe file saved as a system restore point (which changed the original file name) and avast is able to fine the copy there.
So other than some judicious updating I don’t think you have anything else to do:
I would also suggest a visit to this site, which scans your system for out of date programs that have patches to close vulnerabilities, http://secunia.com/software_inspector/.
It won’t hurt and it is always best to keep your system as up to date as possible and as IE is the basis of all Windows then it is best to have its latest version.
