Long ago I installed “Longman Advanced Students Dictionary” (LASD4). During the installation from CD, some additional software was added to my “Program Files”: QuickTime player and QUICKfind Server.
The last is necessary to use LASD as a pop-up dictionary.
Later I installed Avast 4.7 Home Edition, which found no viruses in my systeme. But two days ago I updated it’s database, and … now it declares that C:\Program Files\TEXTware\QUICKfind\Plugins\IEHelp.dll has Win32.Adware-gen!
I was shocked. I deleted the whole dictionary (QUICKfind was deleted automatically) and reinstalled it (the CD is not infected, I’m sure). The result was the same: virus in IEHelp.dll
Then I downloaded copies of IEHelp.dll from several on-line dll-libraries and tried to replace the one from the CD. But Avast still anounces the existence of the virus. I reinstalled the dictionary for the third time and allowed the file to be moved to the “Chest” (if I delete it, the pop-up dictionary doesn’t work).
I’ve got a question: “Win32.Adware-gen” in IEHelp.dll - is it a mistake?
Thank you for the answer. By the way, neither Spyware Terminator, nor Ad-Aware SE Professional find anything malicious in IEHelp.dll :-\
If I understand it right, QUICKfind Server is usually used by interactive dictionaries to immitate web-search in their pop-up variants and to communicate with their web-sites via Internet Explorer. Thousands of dictionaries with CDs are sold in the world, and almost all of them have QUICKfind. Millions, I believe, copies of e-dictionaries are already installed and widely used. They were “good neighbours” with Avast. And suddenly, Avast finds an infection. ??? It looks like a bad drama.
All you can do is report it as described in DavidR’s post in the other thread I linked to. The avast! team are usually pretty quick at fixing false positives.
Sure. QUICKfind server with its plugins is a very old programme and in my case it was downloaded from an official “virus-free” CD. So, when I saw that Avast found an “infection” just only after a usual update of its virus database, I understood it was a false positive.
P.S.: DrWEB CureIt utility found no infection there too.
That is why we point people in the direction of VirusTotal or Jotti multi-engine scanners for confirmation, so it isn’t only one or two scanners that detect or don’t detect. It gives a result you can have greater confidence in the after the scan.
