Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: TRNCC on July 19, 2009, 07:12:38 PM
-
I down loaded Avast! yesterday after trying to manually clean up a virus (I had pp10.exe, freddy46.exe, safeguard.exe on my computer). Found this product on CNET and installed and ran it - it has now been running for 19 1/2 hours and scanned 2,200 files - is this normal?? So far it has detected two files that have been infected.
-
I would say it isn't normal, but you don't say what type of scan you are doing, after installation avast offers to do a boot-time scan. Is it this scan that it is doing or is it an on-demand scan ?
Probably more importantly, have (or did) you another AV installed in this system, if so what was it and how did you get rid of it ?
-
This machine has an old version of Spybot on it - I don't think it is running - should I uninstall? I realize I sound like a complete dope. I just installed the standard Avant! Installation - Installed "providers" include: Instant messaging (which I don't have on this computer), Internet Mail, Network Shield (not sure if I need this, this desktop was used in an office at one point in time in has Novell client software on it), Outlook/Exchange (don't have it / use it), P2P Shield (not sure what it is?), Standard Shield & Web Shield. Should I be "terminating" certain providers? I just don't want to screw this up after running it for so long.
-
What is you operating system? Win95/2000, XP, Vista?
What is your hardware? CPU, hard disk size?
-
I won't worry that much with the scanning time, but if you can get completely clean.
About the providers, I'll keep all of them. They don't take resources if you're not using them.
P2P is peer-to-peer provider, protecting any behavior of the supported programs.
http://en.wikipedia.org/wiki/Peer-to-peer
Spybot used to be an useful program. Nowadays, I'll suggest MBAM instead. You can uninstall Spybot.
-
I am running Windows XP, 2002 version - SP1 on a Pentium 4, 3.00 GHz, 1GB of RAM
-
XP SP1 was rubbish- any reason you haven't updated to SP3, which is pretty much a rock-solid OS.
Is the scan still running, by the way?
-
Hard disk size? Free space?
-
HD space 37.1GB, used 10.4GB. Yes it is still running - 28 hours, 4,300 files scanned. No reason I have not upgraded, I guess I have not had a reason to at this point - this machine is basically just used for internet access and accessing a microsoft office file from time to time - thinking I should just reformat and start from scratch... will check in the morning to see if this program is still running!!
-
Woah! Thats a long time to wait!
My full system scan takes about 30 mins...(219GB free out of 288GB)
Hope ull have better results sooner or later^^
-AnimeLover^^
-
15 minutes for complete scan of hard disk [10~11 GB]
-
Errm...is it just me but,
TRNCC hasn't actually answered DavidR's first questions
I would say it isn't normal, but you don't say what type of scan you are doing, after installation avast offers to do a boot-time scan. Is it this scan that it is doing or is it an on-demand scan ?
Probably more importantly, have (or did) you another AV installed in this system, if so what was it and how did you get rid of it ?
It sounds to me like they are confusing the on-demand scanning ???
-
Strange... too much time for the on-demand scanning to go.
We can guess only what David asked about a second antivirus present...
-
Well TRNCC only reported spybot S&D installed and that really shouldn't be an issue.
However, it provokes the question of 'How long has TRNCC been running without an AV installed and the system could potentially riddled with malware.
@ spg SCOTT
I don't believe TRNCC has confused resident with on-demand scanning, based only on his first post:
Found this product on CNET and installed and ran it - it has now been running for 19 1/2 hours and scanned 2,200 files - is this normal?? So far it has detected two files that have been infected.
The highlighted text is what makes me fell he is actually running a scan of one form or another, though as you said that question hasn't been answered.
If however, he is confusing the two resident and on-demand that means avast has detected two resident running pieces of malware, which supports my theory that his system could be seriously compromised, that however, is supposition without answers to questions asked.
-
Well TRNCC only reported spybot S&D installed and that really shouldn't be an issue.
However, it provokes the question of 'How long has TRNCC been running without an AV installed and the system could potentially riddled with malware.
@ spg SCOTT
I don't believe TRNCC has confused resident with on-demand scanning, based only on his first post:
Found this product on CNET and installed and ran it - it has now been running for 19 1/2 hours and scanned 2,200 files - is this normal?? So far it has detected two files that have been infected.
The highlighted text is what makes me fell he is actually running a scan of one form or another, though as you said that question hasn't been answered.
If however, he is confusing the two resident and on-demand that means avast has detected two resident running pieces of malware, which supports my theory that his system could be seriously compromised, that however, is supposition without answers to questions asked.
You could very well be right (your response makes more sense than my guess) It was the long scan time, and low scanned count that led me to that idea. (although now that I look at my picture I posted, it sorta contradicts what I thought)
We'll just have to wait and see ;)
-Scott-
-
STILL RUNNING!!! We are almost going on 46 hours here - 6626 files scanned so - two infections found so far - if I terminiate will I lose info on files infected and lose ability to repair??
-
You haven't answered the questions we asked about what type of scan you are doing, etc. to allay our suppositions.
We ask questions so that we can get a better idea of what the problem might be and without answers we are just guessing.
If you sent the files to the chest, you lose nothing, the avast logs would already have recorded the detection and the file would be securely in the chest where it can do no harm.
-
Sorry I thought I answered all the question regarding what I was scanning in my one of my first posts "I just installed the standard Avant! Installation - Installed "providers" include: Instant messaging (which I don't have on this computer), Internet Mail, Network Shield (not sure if I need this, this desktop was used in an office at one point in time in has Novell client software on it), Outlook/Exchange (don't have it / use it), P2P Shield (not sure what it is?), Standard Shield & Web Shield. Should I be "terminating" certain providers? I just don't want to screw this up after running it for so long. "
The interface looks like the screenshot that spg Scott posted
Task reads "Resident Protection".
-
I'd say cancel the scan- there's obviously something wrong.
Try a boot time scan with avast! Right click the scanner screen, select 'schedule a boot time scan' and reboot when requested. (Or open the tab at the top left of the scanner screen and select the boot time option from there.)
-
OK - will do! To all providing your feedback I very much appreciate your patience, support and interest in helping me to figure this out!
-
Sorry I thought I answered all the question regarding what I was scanning in my one of my first posts "I just installed the standard Avant! Installation
That is the problem avast has more that one scan, resident scanning goes on all the time in the background and as files are accessed avast scans them. That isn't considered a scan.
avast also has on-demand scans where you have avast scan areas of your hard disk that aren't otherwise active and this is one of the scans we thought you were/are doing. These scans are generally relatively quick unless you have a lot of data on disk and or set the scan sensitivity to thorough and also scan archives.
The boot-time scan I mentioned in my first reply and FWF also mentioned, happens before windows starts, see images. You are normally offered this option after installation.
- Installed "providers" include: Instant messaging (which I don't have on this computer), Internet Mail, Network Shield (not sure if I need this, this desktop was used in an office at one point in time in has Novell client software on it), Outlook/Exchange (don't have it / use it), P2P Shield (not sure what it is?), Standard Shield & Web Shield. Should I be "terminating" certain providers? I just don't want to screw this up after running it for so long. "
The interface looks like the screenshot that spg Scott posted
Task reads "Resident Protection".
Lets not worry about what shields you have running for now as they really have no bearing on the problem at hand.
If the image spg SCOTT is the same as where you are getting your information from, then you aren't doing a scan at all, this is the normal activity of a 'resident' antivirus as files are opened, emails received, web pages visited, etc. they will be scanned to ensure they are clean before being allowed to run. If they aren't clean then avast will alert and you choose what action to take (move to the chest being the best and safest).
-
i have you know that when i dl AVAST pro I was getting ill that it took me over28 hours to run what I thought was a scan.
later i found out that it was the on-access protection thing that runs all the time.lol
-
Nice to know that I am not the only "newbie" out there!! So OK, I figured it out - put the viruses (all 4 of them) in the "chest" as recommended... now what??? Do they say there forever? I know my registry is all junked up - should I be running some sort of registry cleanup utility? If so, any recommendations?
-
There is no rush to delete anything from the chest, a protected area where it can do no harm. Anything that you send to the chest you should leave there for a few weeks. If after that time you have suffered no adverse effects from moving these to the chest, scan them again (inside the chest) and if they are still detected as viruses, delete them.
How do you know the registry is 'all junked up" ?
There are registry cleaning tools out there, but some can be a risk.
-
In the registry there is an folder called "podmena", which from what I have read is a virus associated with the pp10.exe file. I followed instructions on deleting items in the registry associated with this virus but there were additional files in a podmena folder that I was not instructed to delete so I left them - I would have thought the entire folder should be removed. I know that I know just enough to be dangerous so I held off on deleting anything extra but would like to run a utility to clean up my registry.
-
If you haven't already got this software (freeware), download, install, update and run it and report the findings (it should product a log file).
- 1. MalwareBytes Anti-Malware, On-Demand only in free version http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe (http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe), right click on the link and select Save As or Save File (As depending on your browser), save it to a location where you can find it easily later.
- 2. SUPERantispyware (http://www.superantispyware.com) On-Demand only in free version.
Don't worry about reported tracking cookies they are a minor issue and not one of security, allow SAS to deal with them though. - See http://en.wikipedia.org/wiki/HTTP_cookie (http://en.wikipedia.org/wiki/HTTP_cookie).
The first of these programs MBAM (and SAS) should also examine the registry and any malware associated registry entries should be listed in the report.
Given that it appears you have had a system without an anti-virus for some time (as I mentioned in one of my posts), I expect these two application to find other stuff.
However, it provokes the question of 'How long has TRNCC been running without an AV installed and the system could potentially riddled with malware.
-
Thanks so much for the advice DavidR! MBAM found the following:
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 16
Registry Values Infected: 6
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6
I am going to run the free spyware now - prob makes sense to get the paid version of these so I can set them up to run automatically - is that what you do?
Also, are the files infected MBAM detected the same as the ones I have in my Avast! chest? Is so, why do I need both utilities? If not, why didn't Avast! flag the 5 infected files that MBAM did?
-
The full log is helpful to us as it may mean we need to give some more advice.
You don't have to pay, keep the trial version after the trial period ends it reverts to the free version which is more than good enough.
MBAM can't scan within the avast chest a protected area so they are different, why we ask for the full log.
-
The following is the entire log...
Malwarebytes' Anti-Malware 1.39
Database version: 2473
Windows 5.1.2600 Service Pack 1
7/21/2009 12:57:30 PM
mbam-log-2009-07-21 (12-57-30).txt
Scan type: Full Scan (C:\|)
Objects scanned: 119292
Time elapsed: 26 minute(s), 58 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 16
Registry Values Infected: 6
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bad4551d-9b24-42cb-9bcd-818ca2da7b63} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bad4551d-9b24-42cb-9bcd-818ca2da7b63} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\eo123.eo123mgr (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\eo123.eo123mgr.1 (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ty667.ty667mgr (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ty667.ty667mgr.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f7d09218-46d7-4d3d-9b7f-315204cd0836} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{31c2a4cc-289d-442a-950c-b33b1b06522b} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{437a43d5-e5c3-4959-bbd0-f2bfb1edc6fd} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e63648f7-3933-440e-b4f6-a8584dd7b7eb} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31c2a4cc-289d-442a-950c-b33b1b06522b} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{437a43d5-e5c3-4959-bbd0-f2bfb1edc6fd} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\sfxdrv (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\podmenadrv (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\podmena (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AvScan (Malware.Trace) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pp (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\sfx (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdll (Worm.Autorun) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysfbtray (Worm.KoobFace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysldtray (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\system tool (Backdoor.Bot) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\program files\sFX\sfX.sYs (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\934fdfg34fgjf23 (Worm.KoobFace) -> Quarantined and deleted successfully.
c:\WINDOWS\zaponce54307.dat (Worm.Koobface) -> Quarantined and deleted successfully.
c:\WINDOWS\zaponce54384.dat (Worm.Koobface) -> Quarantined and deleted successfully.
C:\Program Files\sFX\sfx.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\zaponce54295.dat (Worm.Koobface) -> Quarantined and deleted successfully.
-
SUPERAntiSpyware log... mostly cookie threats, which you said not to be concered w/ & one program file...
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 07/21/2009 at 02:02 PM
Application Version : 4.26.1006
Core Rules Database Version : 4007
Trace Rules Database Version: 1947
Scan type : Complete Scan
Total Scan Time : 00:16:50
Memory items scanned : 454
Memory threats detected : 0
Registry items scanned : 6673
Registry threats detected : 0
File items scanned : 13052
File threats detected : 85
Adware.Tracking Cookie
C:\Documents and Settings\localadmin\Cookies\localadmin@clicksense[1].txt
C:\Documents and Settings\localadmin\Cookies\localadmin@socialmedia[1].txt
C:\Documents and Settings\localadmin\Cookies\localadmin@revsci[1].txt
C:\Documents and Settings\localadmin\Cookies\localadmin@burstbeacon[2].txt
C:\Documents and Settings\localadmin\Cookies\localadmin@ads.pointroll[2].txt
C:\Documents and Settings\localadmin\Cookies\localadmin@adinterax[1].txt
C:\Documents and Settings\localadmin\Cookies\localadmin@serving-sys[2].txt
C:\Documents and Settings\localadmin\Cookies\localadmin@statse.webtrendslive[1].txt
C:\Documents and Settings\localadmin\Cookies\localadmin@overture[2].txt
C:\Documents and Settings\localadmin\Cookies\localadmin@realmedia[1].txt
C:\Documents and Settings\localadmin\Cookies\localadmin@revenue[2].txt
C:\Documents and Settings\localadmin\Cookies\localadmin@media.expedia[2].txt
C:\Documents and Settings\localadmin\Cookies\localadmin@atdmt[2].txt
C:\Documents and Settings\localadmin\Cookies\localadmin@adopt.euroclick[1].txt
C:\Documents and Settings\localadmin\Cookies\localadmin@yellowpages.112.2o7[1].txt
C:\Documents and Settings\localadmin\Cookies\localadmin@collective-media[1].txt
C:\Documents and Settings\localadmin\Cookies\localadmin@1072552909[1].txt
C:\Documents and Settings\localadmin\Cookies\localadmin@insightexpressai[1].txt
C:\Documents and Settings\localadmin\Cookies\localadmin@www.windowsmedia[2].txt
C:\Documents and Settings\localadmin\Cookies\localadmin@invitemedia[2].txt
C:\Documents and Settings\localadmin\Cookies\localadmin@tracking.realtor[1].txt
C:\Documents and Settings\localadmin\Cookies\localadmin@iacas.adbureau[2].txt
C:\Documents and Settings\localadmin\Cookies\localadmin@data.coremetrics[1].txt
C:\Documents and Settings\localadmin\Cookies\localadmin@doubleclick[1].txt
C:\Documents and Settings\localadmin\Cookies\localadmin@a1.interclick[1].txt
C:\Documents and Settings\localadmin\Cookies\localadmin@yieldmanager[2].txt
C:\Documents and Settings\localadmin\Cookies\localadmin@2o7[1].txt
C:\Documents and Settings\localadmin\Cookies\localadmin@media.adrevolver[2].txt
C:\Documents and Settings\localadmin\Cookies\localadmin@specificmedia[2].txt
C:\Documents and Settings\localadmin\Cookies\localadmin@cdn4.specificclick[2].txt
C:\Documents and Settings\localadmin\Cookies\localadmin@server.iad.liveperson[1].txt
C:\Documents and Settings\localadmin\Cookies\localadmin@casalemedia[2].txt
C:\Documents and Settings\localadmin\Cookies\localadmin@1071174766[2].txt
C:\Documents and Settings\localadmin\Cookies\localadmin@richmedia.yahoo[2].txt
C:\Documents and Settings\localadmin\Cookies\localadmin@li-find[2].txt
C:\Documents and Settings\localadmin\Cookies\localadmin@windowsmedia[1].txt
C:\Documents and Settings\localadmin\Cookies\localadmin@gad.adclick.co[1].txt
C:\Documents and Settings\localadmin\Cookies\localadmin@ads.cartoonnetwork[1].txt
C:\Documents and Settings\localadmin\Cookies\localadmin@ad.yieldmanager[1].txt
C:\Documents and Settings\localadmin\Cookies\localadmin@247realmedia[1].txt
C:\Documents and Settings\localadmin\Cookies\localadmin@adrevolver[1].txt
C:\Documents and Settings\localadmin\Cookies\localadmin@media6degrees[2].txt
C:\Documents and Settings\localadmin\Cookies\localadmin@adlegend[2].txt
C:\Documents and Settings\localadmin\Cookies\localadmin@ads.us.e-planning[1].txt
C:\Documents and Settings\localadmin\Cookies\localadmin@paypal.112.2o7[1].txt
C:\Documents and Settings\localadmin\Cookies\localadmin@bs.serving-sys[2].txt
C:\Documents and Settings\localadmin\Cookies\localadmin@tribalfusion[2].txt
C:\Documents and Settings\localadmin\Cookies\localadmin@eb.adbureau[2].txt
C:\Documents and Settings\localadmin\Cookies\localadmin@www.burstnet[1].txt
C:\Documents and Settings\localadmin\Cookies\localadmin@statcounter[1].txt
C:\Documents and Settings\localadmin\Cookies\localadmin@www.burstbeacon[1].txt
C:\Documents and Settings\localadmin\Cookies\localadmin@apmebf[1].txt
C:\Documents and Settings\localadmin\Cookies\localadmin@c7.zedo[2].txt
C:\Documents and Settings\localadmin\Cookies\localadmin@zedo[1].txt
C:\Documents and Settings\localadmin\Cookies\localadmin@dynamic.media.adrevolver[2].txt
C:\Documents and Settings\localadmin\Cookies\localadmin@questionmarket[2].txt
C:\Documents and Settings\localadmin\Cookies\localadmin@hitbox[1].txt
C:\Documents and Settings\localadmin\Cookies\localadmin@adbrite[2].txt
C:\Documents and Settings\localadmin\Cookies\localadmin@57386690[2].txt
C:\Documents and Settings\localadmin\Cookies\localadmin@advertising[1].txt
C:\Documents and Settings\localadmin\Cookies\localadmin@bluestreak[1].txt
C:\Documents and Settings\localadmin\Cookies\localadmin@interclick[1].txt
C:\Documents and Settings\localadmin\Cookies\localadmin@1069998859[1].txt
C:\Documents and Settings\localadmin\Cookies\localadmin@media.mtvnservices[2].txt
C:\Documents and Settings\localadmin\Cookies\localadmin@ehg-crossfit.hitbox[1].txt
C:\Documents and Settings\localadmin\Cookies\localadmin@cratebarrel.112.2o7[1].txt
C:\Documents and Settings\localadmin\Cookies\localadmin@msnportal.112.2o7[1].txt
C:\Documents and Settings\localadmin\Cookies\localadmin@zillow.adbureau[2].txt
C:\Documents and Settings\localadmin\Cookies\localadmin@mediaplex[2].txt
C:\Documents and Settings\localadmin\Cookies\localadmin@burstnet[2].txt
C:\Documents and Settings\localadmin\Cookies\localadmin@tacoda[2].txt
C:\Documents and Settings\localadmin\Cookies\localadmin@fastclick[1].txt
C:\Documents and Settings\localadmin\Cookies\localadmin@at.atwola[1].txt
C:\Documents and Settings\localadmin\Cookies\localadmin@perf.overture[1].txt
C:\Documents and Settings\localadmin\Cookies\localadmin@network.realmedia[1].txt
C:\Documents and Settings\localadmin\Cookies\localadmin@oasn04.247realmedia[1].txt
C:\Documents and Settings\localadmin\Cookies\localadmin@trafficmp[1].txt
C:\Documents and Settings\localadmin\Cookies\localadmin@ussearch.122.2o7[1].txt
C:\Documents and Settings\localadmin\Cookies\localadmin@d.mediaforceads[2].txt
C:\Documents and Settings\localadmin\Cookies\localadmin@citi.bridgetrack[1].txt
C:\Documents and Settings\localadmin\Cookies\localadmin@stats.paypal[2].txt
C:\Documents and Settings\localadmin\Cookies\localadmin@sales.liveperson[2].txt
C:\Documents and Settings\localadmin\Cookies\localadmin@banner_js[1].txt
C:\Documents and Settings\localadmin\Cookies\localadmin@accounts[2].txt
Trojan.Agent/Gen
C:\Program Files\SFX
-
OK looking at the files detected, the important on is the rootkit agent one as if avast doesn't find the rootkit it hides other malware.
If avast doesn't find the files then it is also not going to detect any associated registry entries, so things sort of snowball. The problem is exacerbated when the system is already infected before avast gets installed.
If you had first posted the full log I would have suggested sending samples of the sfx.sys and sfx.dll to avast to help improve detections. Whilst it would be possible to restore them from the MBAM Quarantine, add it to the chest and send to Alwil (see below).
However, MBAM would restore it to the original location and as such there would be a limited risk since it is in that location. Since the associated registry entries to run these are still in quarantine the risk is low and once added to the chest you could run MBAM again to get it back in quarantine. If you aren't comfortable with that then forget it, but it is something to think of in the future, try to obtain samples to improve avast detection.
Add the file to the User Files (File, Add) section of the avast chest (if it isn't already there) where it can do no harm and send it from there. A copy of the file/s will remain in the original location, so you will need to take further action and can remove/rename that.
Send it from the User Files section of the chest (select the file, right click, email to Alwil Software). It will be uploaded (not actually emailed) to avast when the next avast auto (or manual) update is done.
Yes the cookies are nothing to worry about, but let SAS deal with them. Looks like MBAM removed the file but not the folder so SAS has done for that.