Quick question from the noobie

Avast Free Antivirus / Premium Security
1

I just installed Avast Home edition on my PC, and while I was running the first boot scan it found this:

ndnunistalls_64.exe Win 32: Adware-gen [Adw]

I pressed Delete and another message poped up saying this file is part of windows, are you sure? Would you recommend that I delete it or should I ignore it?

Help,

T BAGR 02

2

:slight_smile: Hi “T” :

  Like going to Doctors sometimes, I recommend you get a
 "2nd Opinion" by going to www.ewido.net/en and either
  run its "Online Scanner" or install, update and run its
  "Complete System Scan" ; this program "specializes" in
  detecting and possibly quarantining trojans, etc that
  Avast says you may have .
3

Where was ndnunistalls_64.exe found, e.g. C:\windows\system32\infected-file-name.xxx) ?
What Operating System are you using (is it up to date) ?

Well a google search for ndnunistalls_64.exe returns no hits which in itself is susicious, especially for a system file. For the future deletion isn’t a good first option, you are left with no other options, send it to the chest where it can do no harm (it can be restored if required) and investigate.

You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner
Or Jotti - Multi engine on-line virus scanner if any other scanners here detect them it is less likely to be a false positive. You can’t do this with the file in the chest, you will need to move it out.

Many malware writers try to place their malware in the system folders to cause this kind of confusion. They can only do this if they have admin permissions. Whilst browsing or collecting email, etc. if you get infected then the malware by default inherits the same permissions that you have for your user account. So if the user account has administrator rights, the malware has administrator rights and can reap havoc. With limited rights the malware can’t put files in the system folders, create registry entries, etc. This greatly reduces the potential harm that can be done by an undetected or first day virus, etc.

Check out the link to DropMyRights (in my signature below) - Browsing the Web and Reading E-mail Safely as an Administrator. This obviously applies to those NT based OSes that have administrator settings, winNT, win2k, winXP.

If avast is able to detect it schedule another boot-time scan and move it to the chest.