Virus/malware via Avast SafeZone?

[stardustcollector]

Hello everbdody,

I upgraded my free avast a few days ago because I love the SafeZone feature.
Today I used SafeZone in oder to buy a few items from Ebay. While I was surfing on Ebay, I realized  that something had downloaded itself without prior notification or my consent.
 
The downloaded file was called

eBayISAPI.gz

and was obviously downloaded from the following link:

http://my.ebay.de/ws/eBayISAPI.dll?MyEbay&gbh=1&CurrentPage=MyeBayWon&ssPageName=STRK:ME:LNLK:MEWNX

I could see the file via Safezone in my Downloads folder, however in the normal PC environment I could not see the file in the Downloads folder anymore. I tried to scan it with Avast but failed.
So I tried to delete it on Safezone but Safezone told me that the File was deleted. Maybe I deleted it somehow because I tried several times.
I don't know if this was a simple Ebay bug or some virus or trojan. Neither a full avast scan, nor Malwarebytes found something. My google searches were not very effective also.
I am worried now, if using Safezone is still secure. I am not sure. I am afraid that this could be somekind of a browser hijacker which now hides in the system and will lead me to a fake Ebay page whenever I use Ebay in order to get my Paypal or whatever infos. Or some keylogger, which will record the keys stroked.
Am I just paranoid or is Safezone really as secure as to calm down? Could anybody hep me maybe?

Thanks in advance.

[MAG]

I suspect .gz is an archive file extension.

I don't know what it is  - but why not hit the reset safezone button just in case?

[stardustcollector]

Hi mag,

thanks fr the reply.
If that gz file was a trojan, virus, browser hijacker or whatever, would hitting the reset button be enough to get rid of it?
I don't quite understand the concept of SafeZone. Is it really as independant from the rest of the system so that nothing can download on the actual system?
I wonder anyways why that gz file could download without being noticed by Avast while using the SafeZone browser. I mean the reason why I use SafeZone, is to be safe from such threats and now this. I don't even have a clue if my system is comprimitted now  or not.

[MAG]

I can't answer all your questions, but perhaps I can explain a bit more about safezone.

All your safezone and sandbox stuff lives in a separate virtualised hidden folder on your drive  - avast! sandbox. You can see it if you boot to safe mode (or have another OS loaded).

I know that avast can scan this folder - because I've had false positive detections in it whilst running a full scan - so I think it's safe to assume that avast doesn't think the file is malicious. Try running a full scan anyway though.

Resetting safezone should (I think) delete all its contents other than original - including any downloads - though I can't personally confirm this, because I can't recall trying it.

EDIT - just tried - and reset safezone doesn't clear downloads made in safezone.

The following is from the avast guide - I've italicised the key bit:

Process Virtualization (SafeZone)
The avast! safeZone is an additional security feature that allows you to browse the
web in a private, secure environment, invisible to the rest of your system. For
example, if you do your banking or shopping online, or other security-sensitive
transactions, you can be sure that your personal data cannot be monitored by
spyware or key-logging software.
Unlike the Sandbox, which is intended to keep everything contained inside so that it
cannot harm the rest of your system, the avast! SafeZone is designed to keep
everything else out.
To open the secure SafeZone desktop, just go to the "Tools" tab and click "Switch to
SafeZone".
When you switch to SafeZone, the SafeZone web browser will start automatically. The
SafeZone browser is a special browser without any additional components such as "plug-ins"
which are often used to distribute spyware.
When you are done, click on the orange avast! icon in the bottom left corner and select “Turn
off SafeZone” to close the browser and return to your normal desktop. Your browser
settings and any files that you have downloaded will be saved automatically and will be
there the next time you open it. If you don't want anything to be saved, click the "Reset
SafeZone" button and everything will be deleted. The contents of the SafeZone, including all
browser settings, will be reset to their original state.
Alternatively, you can just click the “Switch back” button on the taskbar (the white
arrow next to the clock) which will return you to your normal desktop without
terminating your web browser, so you can return to it later.

[MAG]

I guess you already found this?
http://answercenter.ebay.com/question/Trust-Safety-Safeharbor/Ebayisapigz/1000332807

[stardustcollector]

Hello Mag,

thank you so much for everything. I hit the reset button several times in the hope that everything will be okay again and scanned my PC with avast and malwarebytes. No infections were found.
I came across the link you gave. Thanks for looking it up for me. Indeed the explanation in the link you gave sounds good however there are several forums, where people expressed that the gz file might be a virus. I don't know it. I wrote to ebay's customer service and they did not really know what it is. It can be due to a broken link however they could not explain the connection to the download link. They told me to uninstall or to ignore it but I cannot find the gz file anymore. Could you kindly tell me where I can find the SafeZone folder on my PC in safe mode, if it's not too much trouble for you? 
I hope it wasn't something harmfull and I can shop online as I am used to do without any bad suprises. Thanks a lot for your help. It's definitely apppreciated.

Have a nice day

[MAG]

Hit F8 while the machine is booting to get into safe mode, and you should then see the avast sandbox folder.

Though if the downloaded file is still present you should be able to see it without doing that - just open the download folder in safezone.