Don’t worry too much about that detection, yet.
Best to do one thing at a time. No need to keep doing thorough scans with Avast, until we have determined what is at play, and is it still at play, and what needs to be done with it.

It is quite possible it was a temporary file created by SAS, that contains information resembling malware, without being malware itself.
(Or maybe not.)

Now. Why can’t you read the SAS logfile? Is it in some kind of code, like crypted? (Sample below, if it attaches/displays correctly.)
It should be a simple text file that opens in notepad, if it’s not, please advise, also advise the full path and file name, including the suffix.

Attaching it should be a simple process using the “additional options” button to the lower left of the forum reply window. It is size limited, but a scan log should not exceed that limit.

If you don’t want to faff around downloading Ccleaner, try ATF Cleaner, from MajorGeeks, by Atribune. (I include the second link just so you can, if you want, check the pedigree of the program.)
This one is downloaded by clicking on one of the links immediately below the animated “downloads” chevron. It will run from the download location - might as well save it to your desktop. When it is opened, tick the boxes as per my picture, click on “empty selected”, it will take a few seconds then let you know how much space has been freed.

What we are doing should not hurt your computer. If there is malware present, that could be doing some harm, which is what I’m trying to find out, and if possible fix.
Once we are at a certain point, I’ll ask for help from one of the forums malware experts, because there are a few here who know a bit more about it than yours truly! But I know enough to be helping you through these stages.

Re SAS file I found it in Logfile -as you attach - but was heaps of words but not intelligent. cannot find that now.
Have looked hard but cant get it.
Found notepad but dont know haw to attach it as my system doesnt give me close enough options without attaching the whole SAS file
have figured out how to look at repairs log
It is within SAS scan log main file and cannot attach it, cause simply cannot get to that file.
Sorry It is probably easy to find but cant do it.
Have done the Ccleaner as you sugestted the other day.
did all the files and ticks as you said but was a bit concerene to clean the “cookies files” Will I be able to access the sites where these cookies have been enabled if I clean them? especially some main pages I use.

Sorry I took so long to reply but took Sat off just needed something else to worry about other than this computer ;D

..but was a bit concerene to clean the "cookies files" Will I be able to access the sites where these cookies have been enabled if I clean them? especially some main pages I use.

See the below picture for how to manage the cookies you want kept vs those you don't. You click on the cookie/s you want to keep, to highlight them, then click the right arrow. The right hand pane is the whitelist (cookies to keep). The left pane is those that will be deleted. Works, too!

If the wrong cookies are deleted, you can still access the sites concerned, but your preferences and any auto- login will be gone, until you log in again.

Don’t worry any more about attaching the SAS log. Sounds like it’s going to be too major a hassle to work out, especially as I can’t coach you - I don’t have SAS installed.

If you navigate to the folder/file “C/Documents and Settings/User/Local Settings/Temp/WER354c.d” (if it is still there) what happens if you try and delete the file? It’s a temp file, so no harm should come of it (especially if it’s a baddy.)
Once this is done just don’t delete the recycle bin for a few days until you see how the computer is working.

I’d do another scan with SAS or MBAM, just to be sure.
If the same thing keeps coming back we’ll need to do something else, but I wouldn’t be surprised if all is well.
If something else is found, sent it to quarantine, reboot, do another scan.
At some poing you might want to defrag your drive. Good maintenance. (Start>all programs>accessories>system tools>disk defragmenter.) Takes about 5-10 minutes, depending on the space occupied on the hard drive.

Hi Tarq,
went looking for that file my computer searched everywhere and the file is not there cant be found . I assume that is a good thing?
Re the SAS file ( I want to follow through with it mainly for my learning Im a bit stubborn like that) On an earlier post you gave me an address C:\Documents and Settings (your username) Application Data\Superantispyware - I have tried searching for this address and I get told this is an invalid file no can do infact. The user name is that what I use as on my computor acct? as I have no user name for SAS.
Will have a look at the "cookies " thing tomorrow as a bit late
Thanks for all your help
I am starting to think that just maybe I can turn on my Laptop and not get anymore Alerts !!! would be nice.

Try browsing your computer for the SAS file. Open “my computer” then "C:" then “Documents and settings” and there will be quite a few folders in there to choose from. My one has my name on it, followed by a string of eight alphanumerics. It is the name I registered the computer as when activating the installation. (See the “general” tab in “system”.)
Once you’ve found that folder, open it up, see if you can find what you’re looking for.
Probably the reason you couldn’t find it by typing in the address bar was that you had the wrong username?

Anyway, I’m starting to think that you are probably correct. The malware is probably gone. Further research is just making sure (as we do.)
If you still are getting alerts when running your computer, though, further action is definitely needed. How long since you got an alert?

You’re welcome for the help.

Hi Tarq
Last alert was Fri 27th, 4 days ago. Will def do as you suggest ie SAS scan reboot etc.
As you can see ;D I have been able to find those files and download them.
.I am keeping a note book beside me now and writting down as I go. I forget easy
Actuallly when I worked out how to get it, the address I followed hasn’t been correct, I right clicked on My Documents and went to “Explore” which gave me everything so I followed the address through that and found it.
will do the scan and defrag today,
If all is well here
What happens to the files in chest and SAS Quarantine?
SAS only picked up the “Cookies” files
MAM gave me an all clear all the time
Avast alerted me everytime (could do a poem here{not intentional} ;D
Boot scan missed the last alert ( was that asyou say maybe it was a TEMP file)
So the questions will start with the above re chest etc and was it the type of virus that MAM missed it ?
I have a few more but that will do and what about protection ? should I have something else on from avast
The Avast on access scanner is on High in all of them.

Tarq
There are more files those two are the ones I thought you would like to see since I now know how to get them let me know and will upload the rest.

About yr access scanners - No, you want Normal on your Provider Configuration for now, not High. That is the default Normal, so you don’t want too sensitive. you can modify later if you want, once yr used to the avast program.

Seems you’re doing well, but takes a bit of time learning all the ins and outs. You learn fast, and Tarq keep you on good track.

Are you still getting alerts on avast scan? And is that alert about a detection? Or are the scans coming up clean now?

Hi to another 'Kiwi"-mkis
Have adjusted the access scanners to normal - Thanks for that.
The last Alert on 27th was for a virus detction it was moved to the chest - that was the last one and the scans -I did a thorough scan was good that was done on Sat
As I haven’t had much computer time till today will be scanning in a minute and let you all know the results.
Thanks for your help.
T

Thanks, mkis.

Treesa, well done for working out how to locate/post the logs.
The one I’d really like to see is the one resulting from this scan where you say 1 tracking cookie and 70 infected files were found. (Should be on about that date - around the 19th.)

The files you have attached show no problems at all, as you probably surmised yourself, and I’d cautiously suggest things are looking good.

Files that are in any quarantine stay there. Imprisoned. Alone, bereft of light and comfort, and unable to escape unless the warden (you) releases them. They can stay there indefinitely, although the only reason you’d want to keep them is i case one (or more) of them is a false positive, and later scans clean, and you need to restore it.
The way to know that is to re-scan them periodically from within the chest. A look at the file name and original location will often gove a good idea about what the file was for, and what program used it, if you are concerned it may be a F.P..
(Or you could post the file name/path, detection name, and ask here ;))
There are other tricks, too, but that’s enough for now.

As mkis said, default Avast settings are fine. Setting the provider to high results in it scanning every file, instead of just executable files. (So it will scan dormant files, files that can’t do anything on their own.) This slows things down, sometimes quite a bit.

Same when you do a full scan. Just use the standard settings, don’t worry about scanning inside archives. Archives can’t run by themselves. Nothing wrong with thorough scan/inside archives, it will just take forever. I’d just do that type of scan about once a year. If that. And on first installation of Avast, on a computer that hasn’t previously used it.

Tarq
Thought I had, hope these are correct ones have also added todays results (7 files found and quarantened. Think I might have repeated a file sorry if I have.

I had a thought (have them sometimes)
I had another go finding the C/Documents and Settings/User/Local Settings/Temp /WER354c.d
the way I found Log files and found it, and deleted it to recycle bin, nothing untoward happened except it is now in recycle bin and has 496KB’s and the files in it are "SUPERantispyware.exe.mdmp,appcompat.txt,…
don’t know if you wanted to know rest but there you are. T

Hi Treesa.
You’re all good.
Cookies are a minor and third party privacy issue, they consist of harmless text files that a site may use to track some browsing habits (sometimes). They will not reveal any other information to anyone, such as what files you have stored on your hard drive. And as you know, they can be useful, for site preferences etc.

All three logs contain only cookies. No other nasties, so no worries there.

The deleted temp file contains a SAS minidump, which, unless you are technically minded and want it analysed, can quite happily stay in the recycle bin until deleted. Just to be sure it’s not needed, open SAS, update it, commence (but don’t bother completing) a scan, and if all works Ok, it’s definitely safe to leave that file deleted. I reckon it was possibly detected in the first place, because (1) the sensitivity of Avast scanner may have been set to high, (2) the temp file probably contained information including malware signatures.

Just a disk clean up, defrag, you’re all good.

Any other questions feel free to ask away. And if not Merry Christmas. ;D

Tarq.
I did a derag and was told I had no need to do one after analizing.
I did one about mth ago, so am assuming all is well.

Will have a look at SAS as you advised and things should be ok and Merry Christmas to you to from us we are grateful for this forum and your advise thanks again. T
Nice to be smiling again