I’ve clearly got infected files but finding it confusing to determine which/where they are.

I’ve attached a screen cap of the Avast alert saying that a threat was secured and moved to virus chest. But as soon as I close this dlg box, it pops back up again. Maybe was NOT moved to the virus chest? The “threat” has a very long name of strange characters and is found in the C:\OneDriveTemp folder.

In Windows (10) Explorer I go to that C:\OneDriveTemp where I see what looks like a system folder with a long name like “S-1-5-21-165484…” etc. There were files in there and I shredded the files and the folder with a utility. But the folder “S-1-5…” keeps coming back. Maybe OneDrive has to keep creating it. It’s empty now.
I’ve also attached screen cap of the virus chest showing many instances of the same viruses. Different names again.

Avast shows 18 notifications. You can see from the attached that it’s the same one repeated numerous times.

Over at Microsoft OneDrive, it’s telling me that a file in a completely different folder is infected. Yet another name: “FoxItReader901_enu_Setup_Prom.exe”. It suggested I delete it, I did. Then I removed it from the OneDrive recycle bin as well.

Along the way, OneDrive kept pointing to a folder to check for the virus. Aside from the aforementioned FoxItReader” there were 2 files I didn’t recognize with an EML extension, and dated 2 days ago. “Order Confirmation” and “Other Stuff”. Deleted them, then removed from recycle bin. No more error messages from OneDrive sync.

I don’t seem to be getting the Avast popups anymore, but how do I make sense of this poop storm and rest assured that my PC isn’t infected?

TIA for any guidance.

[Adw] = Adware, so nothing “serious”

I suggest you run a scan with Malwarebytes, see instructions in step #1 here >> https://forum.avast.com/index.php?topic=194892.0

Thanks for your time Pondus. Is MB a bit better suited for this type of problem?

How does this stuff get on our drives if we don’t open email attachments or download the files from a website?

Cheers.

Is MB a bit better suited for this type of problem?

[b]Malwarebytes gets tougher on PUPs[/b] https://blog.malwarebytes.com/malwarebytes-news/2016/10/malwarebytes-gets-tougher-on-pups/

How does this stuff get on our drives if we don’t open email attachments or download the files from a website?

[b]How do I get adware?[/b] https://www.malwarebytes.com/adware/

================================================================
There are two main ways by which adware sneaks onto your system. In the first one, you download a program—usually freeware or shareware—and it quietly installs adware without your knowledge, or permission.

The second method is just as insidious. You’re visiting a website. Maybe it’s a trusted site; maybe it’s a sketchy one. Either way, it can be infected with adware, which takes advantage of a vulnerability in the user’s web browser to deliver a drive-by download.

Well, adware isn’t bad, well it is bad but it isn’t dangerous. Its just like sort of a ad tracker sort of thing. But yea, I’d recommend you to scan your whole system for any more adware, or malware. It happened to me one time. Actually it was 2 months ago, Avast and OneDrive were confusing each other, and I had to scan my whole system, guess what, it found like 10 of those adware crap.

Some Adware can indeed be malicious, have you heard of malvertising, 3rd party ads taking you to malicious sites.

So some Adware could indeed be dangerous as you have no idea what may lay at the end of any link, etc.

Thanks again, Pondus. Malwarebytes doesn’t turn anything up. I’m still getting the same threat popping up in Avast as soon as I close the dialog box. Could it be a false positive that I should just report?

Sorry for the bump, but I decided to report it as a false positive. How do I stop getting the threat alert? Won’t stop popping up.

Looking at your initial post again, for me it would be to empty your local OneDrive Temp folder, as it isn’t just the same file as your Alerts image shows two different file detections. I suspect that all of the of the detections in the list in the virus chest will also be different, you would need to expand the Infected File column to check that big lone file name string and the last part is likely to differ from the initial part of the file name.

If you do use One Drive then I fear that the temp folder is going to continually get repopulated with these .temp files and get detected.
The only way round that would be to exclude that folder from being scanned, but that drives a massive security hole in your defences as I have no idea why these files are being placed there in the first place.

Personally I don’t like MS OneDrive, I had to remove OneDrive as I didn’t want anything to do with it in my win10 laptop. I don’t use any on-line storage services, any storage as far as I’m concerned I store off-line on an external hard drive.

I happen to think OneDrive is a great addition to Windows 10 especially if you’re using Office 365. To each their own.

I don’t use Office 365, nor do I use any other MS App from the App Store and I have long held the belief of not storing images, media, etc. of any kind on-line. There have been too many instances of changing the rules on storage (as you yourself have suffered). If its off-line it cant be hacked/stolen, etc.