resolved

Yesterday, Avast picked up the above virus on a system scan. It then reported in the log that the infected file could not be found. I did a MBAM scan but thing was not picked up there. I then did a boot scan with Avast which DID find it. In my haste, I deleted it but guess I should have sent it to virus chest - BTW should they be sent to virus chest rather than deleting?? At any rate, I have a general question about all of this malware we encounter while surfing. Even though Avast says it is gone and deleted, is it really? I have no symptoms of anything happening but I didn’t have any even when the thing was on my system. Also, it seems with so many sites being hacked the risk of being infected is huge anymore. You don’t always get a warning - I don’t go to too many exotic sites but infection still occurred. It seems that after every session on web, you should run a virus scan which seems a bit much but I’m beginning to think this is the only way to avoid long term infection (I run a scan every sat - not too long term). I have all windows updates installed-sp3, virus updates installed, firewall running (OA) and yet it still happened. Basically, just wondering if this thing is truly gone. Any thoughts?

What is the infected file name, where was it found e.g. (C:\windows\system32\infected-file-name.xxx) ?

The boot-time scan in 5.0 has no automated actions it is being considered if this should be reintroduced, as in avast 4.8 where you could set the action to be taken. The problem being if people set the action to delete and that really is a poor first option and probably this function was removed.

Without specific information about any malware encountered I can’t say with certainty. Since the web shield acts as a proxy filtering http port 80 content so it can be scanned, then aborting a connection if malware is found should stop it getting into your system (Web site > web shield proxy > browser).

The avast web shield is very hot on hacked sites better than many other AVs as is seen when we check this out in virustotal scans of what was detected. There is nothing that is going to give 100% protection, but the avast web shield is one of the best; I can’t say the best as I have no comparative data, but based on the avast users anecdotal experience reported in these forums it is extremely effective.

Thanks for reply. Here is info: C:\docs&settings\pc12010\localsettings\tempinetfiles\content.ie5\ME3SY6XZ\index(1). Don’t know what that ie5 is all about. use ie8. So, from your answer I guess it is not good to delete infection. Next time (hopefully won’t be one) I will move to virus chest. PC1 is my admin acct which I use only to download MS security updates which I did last week. I believe Avast to be a very good av program.

You’re welcome.

That is your browser cache (temp internet files) and it looks like an old html page in the cache being detected. the ie5 bit is just historical even though you don’t use ie5 even recent versions of windows still create it for the location of whatever version of IE you are using. It is I guess some sort of backwards compatibility of a previous IE version when you upgrade/update.

In this case deletion isn’t an issue as it is from a temporary location but it isn’t a good habit to get into.

Deletion isn’t really a good first option (you have none left), ‘first do no harm’ don’t delete, send virus to the chest (a protected area) and investigate.

There is no rush to delete anything from the chest, a protected area where it can do no harm. Anything that you send to the chest you should leave there for a few weeks. If after that time you have suffered no adverse effects from moving these to the chest, scan them again (inside the chest) and if they are still detected as viruses, delete them.

Not to be a total pest, but one question remains for me. Can I feel confident that this thing has been removed by Avast? I hear about infections going so deep that they are not detectable by any security software, and so remain to do damage. I don’t wish to be “zombie-ized”. Once again, thanks for all the time & info on this site.

Yes you can be reasonably confident that it has gone, having used both avast and MBAM to scan your system.

Confidence is built through several things a multi-application and multi-layer approach to your security, bit avast and MBAM go some way to achieving that, a browser that allows for additional security measures to be applied (like firefox), a firewall capable of providing outbound protection.

Where possible run using a limited user account as this limits the potential and damage which can be done should something get through your defences.

Add to this a healthy dose of common sense and suspicion and your level of confidence improves. If all else fails then you need a robust back-up and recovery strategy to recover from any disaster not just malware - if you don’t want to lose it back it up.

Wow! - all terrific information. I feel much better now regarding this infection. I would like to mark this thread “resolved”, however, I cannot seem to find that notation to do so. So, thanks again.

You’re welcome.

Go back to your first post, click the Modify button in that post, from that window that pops-up, add [Resolved] to the Topic Title.