Further Steps? (1 infected dll file) Avast! 6.0.1125

[YXtanyaXY]

Hi,
Avast! 6.0.1125 (engine and definitions are completely up-to-date)
I just ran a routine (Full) scan... And Avast! found 1 infected file (a .dll file) from an card maker program (which I never used) (MyFunCards.exe)
(BTW, the calendar and card Web sites are often infected or cause warnings)...
Avast! moved the file (program?) to the "virus chest"
Here is the info from the virus chest:
   <ChestId>00000010</ChestId>
      <FileTime>1318883639</FileTime>
      <OrigFileName>MyFunCards.exe</OrigFileName>
      <OrigFolder>C:\frDLoads2Check\mom 95 birthday</OrigFolder>
      <Comment></Comment>
      <Virus>Win32:FunWeb [PUP]</Virus>
      <Category>Vir</Category>
      <Restore>yes</Restore>
      <TransferTime>1320595134</TransferTime>
      <FileSize>149048</FileSize>
   </ChestEntry>
(It stated low severity and action successful)
I am going to run a boot scan - I cannot find the program now (which I never executed)

Is there anything else I should do (assuming the boot scan is negative?)
Thanks!

[DavidR]

The engine/definitions might be up to date but your version of avast certainly isn't. The latest version is 6.0.1289, so I would suggest that you do a program update.

You have elected to scan for PUPs (Potentially Unwanted Programs) and this Fun Web stuff certainly falls into that category, with many considering it adware.

You say there was a detection on a .dll file yet this MyFunCards.exe isn't a dll file (so what was this dll) ?

I don't believe you need to run a boot-time scan.

A scan by MBAM would be another option as the fun web type of adware is something it is likely to pull up and there may well be other funweb references.

MalwareBytes Anti-Malware (MBAM), On-Demand only in free version http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe, right click on the link and select Save As or Save File (As depending on your browser), save it to a location where you can find it easily later. Install, Update, Run and post the contents of the log file.

[YXtanyaXY]

Hi and thank you
Inline below

[...]
You have elected to scan for PUPs (Potentially Unwanted Programs) and this Fun Web stuff certainly falls into that category, with many considering it adware.

That's good and as mentioned I never ran it...

You say there was a detection on a .dll file yet this MyFunCards.exe isn't a dll file (so what was this dll) ?

It was a .dll
(Below)
I did run a boot scan (Right after original post) and it came up positive for PUP also

Here are the 2 virus chest content entries:

Full system scan: 6/11/11
C:\frDLoads2Check\mom 95 birthday\MyFunCards.exe|>f3EzSetp.MyFunCards.dll
      Severity Low
Status: PUP:Win32:FunWeb[PUP]
Action: Moved to Chest
Result: Action successful

Boot scan: (11/6/11)
C:\System Volume Information\_restore{2AE71B63-8EBA-4589-AE91-A44E35F6B5ED}\RP1007\A0100148.exe|>f3EzSetp.MyFunCards.dll
Severity Low
Status: PUP:Win32:FunWeb[PUP]
Action: Moved to Chest
Result: Action successful

A scan by MBAM would be another option as the fun web type of adware is something it is likely to pull up and there may well be other funweb references.

MalwareBytes Anti-Malware (MBAM), On-Demand only in free version http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe, right click on the link and select Save As or Save File (As depending on your browser), save it to a location where you can find it easily later.

I have this: Malwarebytes' Anti-Malware (I'll see if there's a later version - and run the full scan)

Install, Update, Run and post the contents of the log file.

Thanks I'll post back MBAM results

[Asyn]

The most important message in Dave's post is: Update your avast..!!

[YXtanyaXY]

Hi and thanks for the pointer...

The most important message in Dave's post is: Update your avast..!!

I just did so and ran MBAM
Here is the log from MBAM (updated upgraded full scan) (Clean)

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8097

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

11/6/2011 1:39:54 PM
mbam-log-2011-11-06 (13-39-54).txt

Scan type: Full scan (C:\|)
Objects scanned: 224033
Time elapsed: 24 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Thanks!

[YoKenny]

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

Why not upgrade to Internet Explorer 8

[Asyn]

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

Why not upgrade to Internet Explorer 8

Good question Kenny..!
It seems the system doesn't get any/(many) updates at all.

[YXtanyaXY]

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

Why not upgrade to Internet Explorer 8

Thanks for the advice...
Is this related to my original question?
For example would IE 8.x guard (warn) against downloading PUPs?
Thanks

[DavidR]

Hi and thank you
Inline below
<snip>

You say there was a detection on a .dll file yet this MyFunCards.exe isn't a dll file (so what was this dll) ?

It was a .dll
(Below)
<snip>
Full system scan: 6/11/11
C:\frDLoads2Check\mom 95 birthday\MyFunCards.exe|>f3EzSetp.MyFunCards.dll
      Severity Low
Status: PUP:Win32:FunWeb[PUP]
Action: Moved to Chest
Result: Action successful

Boot scan: (11/6/11)
C:\System Volume Information\_restore{2AE71B63-8EBA-4589-AE91-A44E35F6B5ED}\RP1007\A0100148.exe|>f3EzSetp.MyFunCards.dll
<snip>

The dll file is actually inside the MyFunCards.exe file that is indicated by the the |> everything after that is contained inside the first file name.

The second detection is the same but this is a copy of the MyFunCards.exe file saved as a system restore point (which changed the original file name) and avast is able to fine the copy there.

So other than some judicious updating I don't think you have anything else to do:
- I would also suggest a visit to this site, which scans your system for out of date programs that have patches to close vulnerabilities, http://secunia.com/software_inspector/.

[YoKenny]

Is this related to my original question?
For example would IE 8.x guard (warn) against downloading PUPs?

It won't hurt and it is always best to keep your system as up to date as possible and as IE is the basis of all Windows then it is best to have its latest version.

Do what DavidR suggests.  

[YXtanyaXY]

So other than some judicious updating I don't think you have anything else to do:
- I would also suggest a visit to this site, which scans your system for out of date programs that have patches to close vulnerabilities, http://secunia.com/software_inspector/.

Many thanks

[DavidR]

You're welcome.

[YXtanyaXY]

Is this related to my original question?
For example would IE 8.x guard (warn) against downloading PUPs?

It won't hurt and it is always best to keep your system as up to date as possible and as IE is the basis of all Windows then it is best to have its latest version.

Do what DavidR suggests.  

Makes sense
Thank you.