win32:downloader-NZI

Boot-Time scan is a specialized tool to remove infections before they have time to run making it easier to remove them. Also it should be ran when Avast! itself ask you to do so ( When Avast! detects suspicious programs that can not be completely remove after a regular scan ) or when it is suspected that your comp has a virus that the regular scans can not detect.

Remember that Avast! is continuously scanning any file you, the system, or by itself run in your comp making a daily scan unnecessary. Myself I run a quick scan weekly and a full scan every month or so.

Once the boot time scan has finished running, you’ve scanned as many files as are possible.

As already stated, any files added, changed or accessed, are automatically scanned by avast!.
Why would you repeat scanning something that has already been confirmed as clean ???
Once the boot time scan has confirmed your system as clean, additional scans are really not needed. IMHO.

I finally got around to doing a new scan and it still picked up an infection in the form of umxattachment.exe (win32 downloader nzi trojan). However the laptop seems to be running quite smoothly, so what would you recommend from here, Essex?

Any update yet?

He’s probably sleeping. ;D

Sorry missed the reply

What is the location of umxattachment.exe and is Avast not deleting it ?

We all get busy, so no worries. I wasn’t able to copy and paste the exact location of the virus, so I just did a print screen of the location instead. You can find it in the attachment.

OK that is within the Computerr Associates firewall installation package

Now I can delete the entire MSI package but it means that you will not be able to uninstall CA firewall

Do you wish me to do that ?

@essexboy,
Can he uninstall CA first, then have you do the fix and he can then do a fresh install if CA ???
That way CA can still be uninstalled at a later time ???

I believe this is the last bit of CA left on the system - we had tried to remove it earlier

Ok since it was to be removed than that should take care of it. :slight_smile:

I’ll do whatever you feel is best to do from this point. I also wanted to mention that the last time I tried to use that uninstall link you sent me from CA it sent me straight into remote assistance and I didn’t know if I should trust them.

OK I will use OTL to delete the installer

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run
To disable MBAM
Open the scanner and select the protection tab
Remove the tick from “Start with Windows”
Reboot and then run OTL

http://i1224.photobucket.com/albums/ee362/Essexboy3/mbamstop.jpg

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

:Files C:\windows\installer\{BDBAAB1B-B364-465E-931D-4E2E2F0E609A}

:Commands
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]


[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Log posted.

How is the computer behaving now ?

The laptop is still running smoothly, but the scan is still picking up a threat. I posted an attachment that lists the threat and it’s whereabouts.

it is located in a restore point…

so should be gone if you delete your restore poinst

As Pondus said - reset the restore points and it will be history ;D

I deleted the restore points and the infection is still there. Attachment posted.

That one is in the OTL quarantine file

Which should have been deleted when you run the OTL cleanup button, did you do that ?