New Avast user / found 1 infected file

[madhattah]

Hi all 
New Avast user as of just a few hours ago.

Have done an initial scan and found 1 file that I have moved to the Virus chest.

I have a question or two.

In local Settings/Temp there is a file OpenIE_W.exe at least that is what it is called in the Vchest. Double click tells me it is Win32:Adware-gen (Adw)

last modified on 2.19.2007.
size is 32768

I am a Firefox user. Haven't used IE (my version is 7) in a long time.

So... If it is mal-ware/adware/virus why has it been there since 2007 without doing anything?

If it is in Local settings/Temp can't I just delete it?

Or is it something previously de-fanged by Norton/AVG and it still has a ghost hanging around?

I don't understand what a false positive actually is... except that I do understand what the words mean if you understand me...iow I really don't know what to apply it to.

Other than that if it is apt to eat my computer HELP!
 

[DavidR]

1. New and updated signatures are constantly added/updated so it is possible that what was in temp, etc. is now detected.

2. If you aren't using IE I can't see how this file is in local settings Temp, if you meant the location for temporary internet files.

The file has a last modified date, no doubt doesn't match the creation date ?
So the file actually might ne new to the system although it is old.

3. Of course you can delete files in the Temp locations, but avast doesn't make that decision for you. Its object is to neutralise the malware, whilst doing the least harm, e.g. move to the chest so you have options left.

4. I rather doubt it is an false positive given its file name and its location (an .exe file in a temp folder tends to get me suspicious).
http://www.threatexpert.com/files/openie_w.exe.html

~~~~
A false positive is a detection on what is a clean file.

[madhattah]

Thanks so much David R for replying.

The entire path is:
C:\Documents and settings\Jean\Local Settings\ Temp

Now I have to tell you. I am not Jean. This lap top belonged to my grandmother and my mother (Jean) had it cleaned back to default for me just about 3 years ago. The reason I tell you this is because the Tech that did it thought it was hers....put her in as admin...and neither she nor I can access ANYTHING that needs a password.

So where do I go from here?
I only know enough to be dangerous when it comes to removing things. 

[DavidR]

If you have allowed avast to send it to the chest (the default action) then there shouldn't be anything else to do.

There is no rush to delete anything from the chest, a protected area where it can do no harm. Anything that you send to the chest you should leave there for a few weeks. If after that time you have suffered no adverse effects from moving these to the chest, scan them again (inside the chest) and if they are still detected as viruses, delete them.

So what user account are you using ?
As in order to be able to install avast you have to be using an account with admin privileges, but not necessarily 'The Administrator' account.

This hand tool should help CCleaner - Temp File Cleaner, etc..

[madhattah]

If you have allowed avast to send it to the chest (the default action) then there shouldn't be anything else to do.

I picked that out of the drop down of options. Didn't know what else to do with it. 

So what user account are you using ?
As in order to be able to install avast you have to be using an account with admin privileges, but not necessarily 'The Administrator' account.

Well now that you ask that. I am not really sure. It let me password protect my log-on when I worked for awhile in real estate. I download and delete stuff. It has been so long since I looked at it all I remember is that there was a folder "jean" and no one could open the thing. It wanted a password. But I opened Local settings\Temp and looked in there tonight.So I guess your right....I'm something just not sure what. 

As to IE. I haven't used anything but Firefox for well over a year maybe more. IE8 was a pain and I rolled back to 7 then someone said I really ought to try fox and it was love at first browse LOL!

If I could take IE out completely I would. I get irritated even seeing it in the task manager/processes eating away at memory.

I noticed when I was looking through the Temp folder that there are folders for applications I have uninstalled...some a long time ago. Is it okay to delete them?

Like I said just enough knowledge to be dangerous.

[madhattah]

My OS is

Windows XP 2002
Home ed.
Service Pack 3
PC/Laptop
Mobile intel (R)
Celeron (R) CPU 200 GHz
1.99 GHz
448 mb RAM

Browser
Firefox 3.6.11
IE7 is there but I don't use it anymore

Mozilla Add-ons

Colorful Tabs
Better Privacy
Lazarus
Ad block Plus
AVG Safe Search (I do not use this)
AVG Security Toolbar (also do not use)
Personas (Firefox: makes your browser bar pretty)


AVG 2011 version 10.0 free edition
AVG Vdb 422/3210

My ISP is Hughs Net wireless when at work .
using a Linksys wireless card ( can't tell you how big without going offline)

At home I have Bee-Line as my broadband provider.

Malwarebytes
HJT

All AVG is gone except what turns up in internal computer search. I had a brief fling with AVG2011 and ran like H*ll! I have used AVG since about 2007.

Just so you know what I'm working with and I should have posted it before.

[YoKenny]

AVG 2011 version 10.0 free edition
AVG Vdb 422/3210

All AVG is gone except what turns up in internal computer search. I had a brief fling with AVG2011 and ran like H*ll! I have used AVG since about 2007.

Just so you know what I'm working with and I should have posted it before.

Get rid of AVG first.

The best thing you can do is to add 512MB RAM as Celeron systems need all the help they can get.

By the way IE is used by Widows Explorer

Windows Explorer is a file manager application that is included with releases of the Microsoft Windows operating system from Windows 95 onwards. It provides a graphical user interface for accessing the file systems. It is also the component of the operating system that presents many user interface items on the monitor such as the taskbar and desktop. Controlling the computer is possible without Windows Explorer running (for example, the File | Run command in Task Manager on NT-derived versions of Windows will function without it, as will commands typed in a command prompt window). It is sometimes referred to as the Windows Shell, explorer.exe, or simply “Explorer”.

http://en.wikipedia.org/wiki/Windows_Explorer

It is best to update IE to IE8 as it provides many system improvements.

[madhattah]

It is best to update IE to IE8 as it provides many system improvements.

So upgrade to IE8 even if I only use Firefox?
I think from your wiki I see what you mean.

Get rid of AVG first.

Everything is gone that the AVG remover took out. But if I search in the computer itself ...search will find files. It seems to have to really dig though. C:Docs and Local Settings\Temp has a folder and I found one or two other places but I worried about just deleting them as I know apps hook into other parts of your system.

DavidR posted the link to a cleaner. Would that do it?

Thanks YoKenny
Believe me AVG is dead in the water as far as I am concerned!

[DavidR]

<snip>
DavidR posted the link to a cleaner. Would that do it?

Thanks YoKenny
Believe me AVG is dead in the water as far as I am concerned!

That is why I gave the link, to make life easy in clearing temp locations

[madhattah]

Okay. So I downloaded and ran CC Cleaner on the first option. Good Job! Now the second option ~ Registry~ I looked at but not feeling particularly brilliant left it until I asked someone about it. Ever box was green checked and assuming CC Cleaner knows what it is doing do I just run it?

Or do I have to have some sort of knowledge about Registry values, etc. I do not. :/

Also YoKenny advises upgrading to IE8 even if I don't use it for a browser as it will help
the system overall. I am under some time constraints where I am now so will do it at home.

If the virus is in what used to be OpenIE_W.exe could I have originally gotten it when I upgraded IE the last time?

Where is a safe download site...Filehippo?

Sorry to be so obtuse. But I lost my big PC lst summer and if I lose this one I am crawlin' into a hole and pulling the hole in after me.

[DavidR]

CCleaner doesn't go into great depths in the registry and they are generally OK to have it deal with them; it also offers to backup any change, so if required it can be reversed. So it should be OK, but like everything in life there is risk, but in this case it is likely to be very limited. Though without seeing exactly what is flagged, I can't give any assurances.

As for IE8, because IE is an integral part of your OS you should have the latest version.

I highly doubt that openie_w.exe came from any IE update, the safest place would be getting it directly from Microsoft and at some point it may have been offered as a windows update. http://www.microsoft.com/windows/internet-explorer/worldwide-sites.aspx

[madhattah]

Thanks DavidR

I do have IE8 in my ignored updates so once I am home again I will upgrade IE.

I will look at CCleaner too and see what the list of checked items are. I had Spybot on my big PC and it used to fix the Registry. But I never knew enough to feel really good about it I just trusted the app.

Once I get this all cleaned up I probably need to defrag as I have uninstalled and shifted things around.

I scanned the Adware thing in the Vchest again and it is still saying that it is what it is. But I haven't noticed any thing running differently so hopefully I don't need it.

Thanks again

[DavidR]

You're welcome, I don't know what defrag you are using, I'm currently using Puran Defrag. I also have defraggler, but I haven't used that for some time certainly since installing Puran Defrag.

[madhattah]

I am just using whatever came with the computer. I my opinion I never thought it did very much. Most of the time it says it doesn't need to be done....

if there is a good free download ?   

[DavidR]

Both of the ones I mentioned have free versions.