Does a virus remain after it has been detected?

[overworkedmonkey]

I was attempting to download a file that was detected by avast to be containing a virus. It alerted me and aborted the connection however left a copy of the file in one of my folders. Together with this copy was a *.part file which is a temporary file created by FireFox. Anyhoo, I simply deleted the files and they were moved to the rubbin bin. Now when I ran the weekly scan it detected the same files as viruses in the rubbish bin. I proceeded to allow avast to delete the files and emptied the rubbin bin.

1. If avast aborted the connection when it detected the virus, I take it that the file was not completely downloaded. Is this correct?
2. Seeing that I did not execute the files and simply deleted them, there was no risk of infection? Is this correct?
3. Why is the file allowed to remain if the connection was aborted after the virus was detected?
4. Is there anything I should do? I ran a full scan again and no viruses were detected.

[SafeSurf]

1. If avast aborted the connection when it detected the virus, I take it that the file was not completely downloaded. Is this correct?
2. Seeing that I did not execute the files and simply deleted them, there was no risk of infection? Is this correct?
3. Why is the file allowed to remain if the connection was aborted after the virus was detected?
4. Is there anything I should do? I ran a full scan again and no viruses were detected.

1. Correct.
2. You did not install the file after downloading it.  However there is always a risk for infection just by going online and downloading.
3. Most likely because you were in the process of downloading a file, Avast realized it was infected when you had partially downloaded it.  What kind of alert did you get from Avast?  Did you have an option to put something in the Virus Chest, delete, ignore?  The action you should have taken was to put it in the Virus Chest.  Since it ended up in your Recycle Bin, you should always empty your recycle bin and temporary Internet files and cookies after signing off line as a security measure.  Being that you did not do this, leads me to answering #4.
4. That is good that you ran an Avast Full scan and came out clean.  It is also good that you emptied your Recycle bin, but this should have been done immediately after the partial download.  You should also do the following:
- Run an Avast boot time scan after making sure your virus definitions are up to date.
- Run a cleaner after going online.  Many of us here use CCleaner, a free system optimization, privacy and cleaning tool.  There is a Slim version available as well at http://www.piriform.com/ccleaner/builds – 4th option down.  It removes unused files (cache, temporary Internet files, etc.) from your system, allowing Windows to run faster and freeing up valuable hard disk space.  It also cleans traces of your online activities such as your Internet history. 
- Check your computer for malware with Malwarebytes’ Anti-Malware (MBAM).
http://www.malwarebytes.org/ (the blue button) for an on-demand scanner.  Make sure to UPDATE prior to scanning each time.  Most of us also use this with Avast (no conflicts).
- Download TFC by OldTimer to your desktop.
http://www.geekstogo.com/forum/files/file/187-tfc-temp-file-cleaner-by-oldtimer/
·   Please double-click TFC.exe to run it.  (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
·   It will close all programs when running, so make sure you have saved all your work before you begin.
·   Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.  Let it run uninterrupted to completion.
·   Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

You should have a sparkling clean machine after this.    Let us know if you have any additional questions.  Thank you.

[overworkedmonkey]

1. Correct.
2. You did not install the file after downloading it.  However there is always a risk for infection just by going online and downloading.
3. Most likely because you were in the process of downloading a file, Avast realized it was infected when you had partially downloaded it.  What kind of alert did you get from Avast?  Did you have an option to put something in the Virus Chest, delete, ignore?  The action you should have taken was to put it in the Virus Chest.  Since it ended up in your Recycle Bin, you should always empty your recycle bin and temporary Internet files and cookies after signing off line as a security measure.  Being that you did not do this, leads me to answering #4.
4. That is good that you ran an Avast Full scan and came out clean.  It is also good that you emptied your Recycle bin, but this should have been done immediately after the partial download.  You should also do the following:
- Run an Avast boot time scan after making sure your virus definitions are up to date.
- Run a cleaner after going online.  Many of us here use CCleaner, a free system optimization, privacy and cleaning tool.  There is a Slim version available as well at http://www.piriform.com/ccleaner/builds – 4th option down.  It removes unused files (cache, temporary Internet files, etc.) from your system, allowing Windows to run faster and freeing up valuable hard disk space.  It also cleans traces of your online activities such as your Internet history.
- Check your computer for malware with Malwarebytes’ Anti-Malware (MBAM).
http://www.malwarebytes.org/ (the blue button) for an on-demand scanner.  Make sure to UPDATE prior to scanning each time.  Most of us also use this with Avast (no conflicts).
- Download TFC by OldTimer to your desktop.
http://www.geekstogo.com/forum/files/file/187-tfc-temp-file-cleaner-by-oldtimer/
·   Please double-click TFC.exe to run it.  (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
·   It will close all programs when running, so make sure you have saved all your work before you begin.
·   Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.  Let it run uninterrupted to completion.
·   Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

You should have a sparkling clean machine after this.  Wink  Let us know if you have any additional questions.  Thank you.

Thanks SafeSurf. I do have a few more questions.

1. If Avast aborted the connection after detecting the virus, how is it possible to still get infected?
2. Seeing that if files are moved to the rubbish bin, can they still infect the system?
3. The alert that popped up was to abort the connection and to close the prompt. I am however wondering why Avast bothers allowing partial downloads to remain when a virus has been detected. Why not simply remove the partial download?
4. I ran Avast after boot time and it came out clean after deleting the viruses from the recycle bin. I also ran MalwareByte and it came out clean.I also ran Microsoft Security Essentials and it came out clean. Should I run a scan each time a new signature has been downloaded?
5. Are there any additional security tools I can use whilst browsing the web?

[CraigB]

You could update to the pro version of MBAM for more protection and get rid of mse as two av's on you system isnt recommended and can reduce your protection level's.
If the files are in the virus chest you are safe but if there in the recycle bin you should delet them, do a cleanup with ccleaner as it's more thorough.

[SafeSurf]

1. If Avast aborted the connection after detecting the virus, how is it possible to still get infected?
2. Seeing that if files are moved to the rubbish bin, can they still infect the system?
3. The alert that popped up was to abort the connection and to close the prompt. I am however wondering why Avast bothers allowing partial downloads to remain when a virus has been detected. Why not simply remove the partial download?
4. I ran Avast after boot time and it came out clean after deleting the viruses from the recycle bin. I also ran MalwareByte and it came out clean.I also ran Microsoft Security Essentials and it came out clean. Should I run a scan each time a new signature has been downloaded?
5. Are there any additional security tools I can use whilst browsing the web?

1. No way to know.  You could have had it there prior to the download, you could have received it during the download from another site or the download file, etc.
2. It is possible.  We recommend cleaning your machine with something like CCleaner after disconnecting from the Internet everytime (see my previous post).  Also, if you got a malware alert, you should also run TFC as well since this will remove additional temp. Internet files (deeper cleaning) than CCleaner as well.  Did you run this tool as I suggested earlier?
3. I do not have an answer for that question other than you already had a partial download.  Or you were in the process of a download and perhaps you migrated to a different web page and this is what set off the alert.
4. Clean boot-time scan and MBAM - great!  Installing MSE was not a good idea as craigb posted.  You now have 2 AV's on the same machine which will create all kinds of problems.  You need to uninstall MSE: http://support.microsoft.com/kb/2435760/ and reboot your machine.  If you have problems with Avast, then you need to do an Avast Repair because of having 2 AV's on your machine could have corrupted drivers.  Let us know if you have Avast problems because of installing MSE.  But uninstall MSE with the link I just gave you.  There is no need to run a scan with every virus definition update.  Avast runs behind the scenes anyway, so you only need to run a Quick scan perhaps once a week or less.  Obviously if you suspect something, you would run a Full scan and a boot scan like you did, and use MBAM as a back up second opinion. 
5. Also as mentioned, you can use MBAM Pro as a resident scanner (running all the time) if want more protection.  Make sure you have add-on's in your browser(s) for additional security features (see mine and others as an example).  You also need a good 2-way firewall.  What is your firewall?

[Daris]

"If Avast aborted the connection, after detecting the virus, how is it possible to still get infected"
   Well It did happen to me awhile back...was on a good safe site, but clicked on a URL to another site cause the picture looked nice and Avast aborted my conection...As soon as I reconnected I got a warning that I have 121 trojans or adware, spyware and a weird scanner started scanning.....To make a long story short...Avast most likely did detect that the site was infected with adware viruses Trojans, etc. and aborted my connection but how many were blocked and how many did get in before the connection was aborted....I guess this depends on a "fraction of a second" and how a code was set up for certain malicious sites, and which Malware  was in the Avast database and which have yet to be put in on the next update on my computer....On other occasions Avast Aborted my connection and after doing a boot scan all was clear...And no isues...Best regards... and Safe Surfing!!!!

[overworkedmonkey]

1. No way to know.  You could have had it there prior to the download, you could have received it during the download from another site or the download file, etc.
2. It is possible.  We recommend cleaning your machine with something like CCleaner after disconnecting from the Internet everytime (see my previous post).  Also, if you got a malware alert, you should also run TFC as well since this will remove additional temp. Internet files (deeper cleaning) than CCleaner as well.  Did you run this tool as I suggested earlier?
3. I do not have an answer for that question other than you already had a partial download.  Or you were in the process of a download and perhaps you migrated to a different web page and this is what set off the alert.
4. Clean boot-time scan and MBAM - great!  Installing MSE was not a good idea as craigb posted.  You now have 2 AV's on the same machine which will create all kinds of problems.  You need to uninstall MSE: http://support.microsoft.com/kb/2435760/ and reboot your machine.  If you have problems with Avast, then you need to do an Avast Repair because of having 2 AV's on your machine could have corrupted drivers.  Let us know if you have Avast problems because of installing MSE.  But uninstall MSE with the link I just gave you.  There is no need to run a scan with every virus definition update.  Avast runs behind the scenes anyway, so you only need to run a Quick scan perhaps once a week or less.  Obviously if you suspect something, you would run a Full scan and a boot scan like you did, and use MBAM as a back up second opinion.
5. Also as mentioned, you can use MBAM Pro as a resident scanner (running all the time) if want more protection.  Make sure you have add-on's in your browser(s) for additional security features (see mine and others as an example).  You also need a good 2-way firewall.  What is your firewall?

1. I only had a single download occurring when Avast aborted the connection. There were no other files nor were there any other websites open. The prompt referred to the file that was being downloaded.

2. I haven't had a chance to run the tool as yet but certainly will and will post my results.

3. Please see 1

4. I can certainly uninstall Microsoft Security Essentials however was curious to know if there had been instances where they have conflicted and if so to what degree?

5. I'm using the firewall that comes stock standard with Windows 7. Do you have any suggestions for a free firewall apart from ZoneAlarm seeing that it causes more headaches than provides solutions?

[doktornotor]

4. I can certainly uninstall Microsoft Security Essentials however was curious to know if there had been instances where they have conflicted and if so to what degree?

You simply cannot use Microsoft Security Essentials and avast! Antivirus at the same time. Yes, having two realtime AVs will cause conflicts.

[overworkedmonkey]

You simply cannot use Microsoft Security Essentials and avast! Antivirus at the same time. Yes, having two realtime AVs will cause conflicts.

Thanks. I am however curious to know what types of conflicts can it cause as well as if I would know if a conflict has occurred.

[doktornotor]

Anything starting with neither of the AVs working correctly and ending with unbootable system. Simply do NOT do this.

http://www.security-faqs.com/why-shouldnt-i-install-more-than-one-antivirus-program-at-a-time.html

[Pondus]

You simply cannot use Microsoft Security Essentials and avast! Antivirus at the same time. Yes, having two realtime AVs will cause conflicts.

Thanks. I am however curious to know what types of conflicts can it cause as well as if I would know if a conflict has occurred.

all kind of mysterious windows errors and False Positive detections.....

see reply from quietman7
http://www.bleepingcomputer.com/forums/index.php?s=7c8217673a726b92cfc91ecfd4294a29&showtopic=260844&view=findpost&p=1441638

[SafeSurf]

I think the above posts should convince you enough that you cannot run 2 AV's at the same time without causing conflicts.

You can run Windows 7 firewall, and I would run this over ZA FW any day.

Keep us posted on your scan.  Thanks.