First things first. I could afford to lose this PC. It holds a copy of music archive that generates auto playlists to stream constant music in house when I want. Just happens to be in a warm part of house in cold Auckland winter, so I happened to be using it to surf web instead of usual web PC (at reception). But never nice to lose anything, so I should have been more careful. I have learned a few things.
At the time I went to web page link and clicked without first securing page - better to 'Save target as'...then scan target html copy saved to my HDD would have been good option, or perhaps just trying to scan link first.
This is what I think happened. I click Google search link for page, Avast Home 'Abort connection' alert comes up, but I hit to kill page (X at top right corner of page) instead of 'Abort connection' - don't ask me why, I guess I in the mood, PC not my regular. And page does not kill. Instead Avast 'Save to chest' alert comes up on top of 'Abort connection' alert. So now I have to save a download to virus chest, followed by three more before I can finally out of connection kill page. These downloads are inject of malware (so I gather).
So what happen. By hit on page to kill it rather than hit Avast "Abort connection' I have effectively said okay you allowed to download your malware onto my HDD. (I would say many protects like Defender and like have to comply with this okay, so malware is through). SO MALWARE IS THROUGH.
Obviously Avast Home then stepped in with okay you through but you still not permitted on HDD unless you pass through next check which enables user to quarantine you in chest. And this is what happen. The malware was secured in the virus chest and sent off to/picked up by Avast as 'potential malware' and also checked through Virustotal and on Google search.
Now one important question here - would Avast Pro 'Script Blocker' have disallowed the download, stop inject of malware to HDD, and simply left user to 'Abort connection' to alerted page?Next important - was downloader malware instances actually on HDD and try outbound to connect with page? I dont think so, unless they arrived the day before. More likely they were loaded onto web page the day before - drive-by loading of virus on insecure web page.Most important resident Avast Home did everything A1 - even with user faulty practice.These downloaders Win32:Tipa [Cryp] are not accorded a high danger rating by AV agencies. Virustotal did not raise one query on any of the four instances. But you cannot let them inject. Maybe next time more lethal brew malware. And its not nice to lose any PC. I'm using the (dis)infected PC now and a music playlist is running.
I've checked the HDD for inject of any associate entries and I'll keep running tests.