Hi…I ran a boot time scan of my laptop using avast & selected the “put in chest” option. There are now 4 items in my virus chest & want to know what I should do with them now if anything. Thanks
Check out the FAQ http://www.avast.com/en-us/faq.php?article=AVKB21#artTitle
Hi Para-Noid & thanks for your reply. I opened the link you supplied & read through it so thanks for that. Just one question, when I did my boot time scan & since I chose the “Move to chest” option, would all the files that are found in that chest have been already tried to fixed & were not able to be fixed so were then sent to the chest? If the answer is no they have not tried to be fixed yet, is there a way I can try to fix them now? When reading through the link you gave me I see how to remove a file in the chest or delete a file in the chest or restore one etc, but I don’t see any way to try to fix one. Thanks
fix can only be done with legit system file(s) that are injected with malicious code like a file infector virus (real virus)
most infections today can not be fixed as the hole file is the infection … so moved to chest or deleted (some AV rename the file so it cant run)
Clean, Quarantine, or Delete? http://antivirus.about.com/b/2007/03/11/clean-quarantine-or-delete.htm
what malware name did avast give the infected files?
OK, so if I’m reading your reply correctly, because I had my boot time scan action set to “Move to Chest” the Avast software first tried to fix the files (5 in total) & because they were not fixable the files were then moved to the Chest?
Since the files in the chest are not fixable should I just delete them?
Name:
blstoolbar.dll
blstoolbar.setup.exe
eDSLoader.exe
iqu_bootstrap.exe
MapsGalaxy.exe
Avast 2015: Scheduling a Boot-time scan http://www.avast.com/en-eu/faq.php?article=AVKB132
again … what malware name was given by avast?
Thanks again for your time. I listed the 5 names in the above post as they show on my screen. I’m guessing from your reply that the 5 names I listed are not what you are asking for so I added a screen shot as an attachment of what I am seeing.
The name you give are the file names and not the malware name given by avast … that you can see at the right side of your pic
W32:Adware-Gen [adw] adware crap
W32:Mindspark [pup] pup = not virus / Possible Unwanted Program … also crap
Pup explained by malwarebytes https://www.malwarebytes.org/pup/
Just crap files, you may delte from chest … i usually let it stay for a week or two before i do, but thats me
You may already know…
Suspicious files can be uploaded and tested here www.virustotal.com / www.metascan-online.com / www.jotti.org
OK got it. Thanks
It appears as if Avast! targeted a Legit Acer file.
Can you post the FULL file path of the Win32:Malware-gen file?
Most files are remnants of tool bars and may be a trojan
http://www.file.net/process/blstoolbar.dll.html
http://systemexplorer.net/file-database/file/mapsgalaxy-exe
http://www.threatexpert.com/files/bootstrap.exe.html
But edsloader has to be checked, as Michael said, it might be an Acer file.
http://www.file.net/process/edsloader.exe.html
eDSLoader ( Empowering Technology ) is part of Acers quick launch button assignment program for things like one touch email and browser access.
Hi & thanks for your time. The full path is C:\Acer\Empowering Technology\eDataSecurity
Explained in detail here http://acer-empowering-technology.software.informer.com/
OK,so it seems like 4 of the files listed above should be deleted but this acer file is safe & maybe needed. This seems logical but I will ask anyway. When I right click on the file in the avast quarantine/chest we are talking about, a box opens with a list of options on actions to take & 1 of those options is “Restore & add to exclusions”. Can I assume that I should be choosing this option? Thanks.
First of all send it to Avast lab ( Same procedure. Right click on the file “Submit to virus lab…” ) as a false/positive detection and then you can choose “Restore & add to exclusions”.
Afterward, go to VirusTotal: https://www.virustotal.com/ and have the file analyzed. Post the address (URL) of the result.
In order to “Submit to virus lab” I am asked for the “Program name” & the “Program publisher” & the “Program version” & I don’t know the answer to any of those questions? As I’m sure you can tell I am not to computer savvy. How do I find the answers to those questions? thx
The program version is hard to tell since the .exe is in the chest so just write you don’t know. The boxes just need to be filled. The program is Acer Empowering Technology.
http://www.file.net/process/edsloader.exe.html
http://acer-empowering-technology.software.informer.com/
You must understand that this kind of programs some companies install in their computers are no necessary to run them. Many power users choose to uninstall these programs all together. Also, some security programs might see them as adware. Now. You must search in the Acer forum how vital and necessary this program is, and if you need it or not.
Thanks for your time but after giving it a go I cannot get the program to work so I will just leave the file in the chest where I assume it will not bother anything. Take care.