found pup; nsis:adware-cj[pup]

[22nirvOh]

im using the free avast antivirus and it detected 2 infections that it cant remove.
it was pup; nsis:adware-cj [pup]. it is also known as zona.exe. my avast found the infection but could not remove it.
i did a full scan and it found 3 infections which one it successfully removed and 2 others got a yellow postponed to delete upon restart. when it gets the yellow i already know it cant remove it. anyone has a idea how to remove it 

[DavidR]

First - Deletion isn't really a good first option (you have none left), 'first do no harm' don't delete, send virus to the chest (a protected area) and investigate.

PUPS - The regular on-demand scans Quick and Full System Scans don't scan for PUPs (Potentially Unwanted Programs) by default, you have to have elected to scan for them ?

My guess on the reason they aren't scanned for by default is exactly because of what you did here, deleted the file as you feel it is a threat when it might not be. The greatest majority of files scanned in on-demand scans are inert or dormant, so don't present an immediate risk.

The resident scanner (File System Shield) can scan for PUPs (change Expert Settings) if you feel you want to know if one of these is actually run.

What is the full path to these detections ?
Why couldn't avast remove it what errors were displayed ?

What type of scan was this, you say Full scan, do you mean Full System Scan or a boot-time scan ?
The reason I mention it is the Full System Scan doesn't scan for PUPs by default, so you have either changes the settings, but the boot-time scan does look for PUPs.

[22nirvOh]

i used the full system scan i didn't know it doesn't find the pup so i will try to use the resident scanner. but the problem is a couple of shields in avast are turned off so i cannot use it and the file system shield is one of them and i cannot turn it back on. i found a website explaining what this infection is and that a antivirus cannot remove it.

http://www.onlinepcsavior.com/get-rid-of-nsisadware-cj-pup-safely-how-to-remove-nsisadware-cj-pup-infection/

[DavidR]

What about these questions:
What is the full path to these detections ?
Why couldn't avast remove it what errors were displayed ?

Try a repair of avast:
XP - Add Remove programs, select 'avast! Anti-Virus,' click the Change/Remove button and select Repair, click next and follow.

Vista, win7 - Control Panel, Programs & Features, uninstall a program, select 'avast! Anti-Virus,' click the Uninstall/Change and select Repair, click next and follow.

You may need to reboot after the repair.

This has in the past resolved this out of sync issue between reported and actual VPS version.

Have (or did) you another Anti-Virus installed in this system, if so what was it and how did you get rid of it ?

[22nirvOh]

the file path of the detected infections are

2 times  C:\program files (x86)\...|>nsis.hdr. thats how avast displayed it. when i placed the mouse pointer on it it displayed

C:\program files (x86)\zona\zona.exe|>nsis.hdr. thats to your first question.

second one

avast found three infections but it only removed one

pup: nsis:adware-cj [pup] yellow color action postponed until next reboot
threat: js:Iframe-QO [trj] got the green check for deleted successfully
pup: nsis:adware-cj [pup] yellow color action postponed until next reboot.

know when i restarted the computer and opened up avast and clicked delete for the ones that were postponed i got this.
red color, error: the system cannot find the file specified, because i have removed the file i thought that will remove the infection.

whats my options after i deleted the file

[DavidR]

I think that the problem is that the nsis.hdr bit is inside the zona.exe and it can't be extracted from that file.

Now that may be the same for the other two nsis:adware ones, but you don't say what file name and location they were found.

Where are you clicking delete the postponed ones ?
I suspect that you are looking at the Scan Computer, Scan Logs and the last scan. This is historic data, it is just a report it isn't an active scan.

The "postponed until next reboot" should mean that on the next reboot avast should automatically delete them, you shouldn't have to do anything. This could also account for the "error: the system cannot find the file specified" as it would have been removed on the reboot.

[22nirvOh]

i posted the path as it was shown in the avast scan logs, and yes im checking the scan logs.

where should i look for the file name and location it was found? 
 the infection was found in the zona file that was in the C:\program files (x86) zona\zona.exe

i dont know where else to look because i have already deleted its file and if there was a was to restore it i would do it. when it found the viruses and it said postponed until next reboot, when it rebooted i didn't automatically go to the avast and remove it. i mistakenly deleted the file it was in, and now the avast can't find the specified path.

should i rescan the computer, if so the scan wont find the infection because i have deleted its folder, but still the computer still slow at start up and slow at everything else, so the infection is still present and i have no idea how to find it.

[DavidR]

Yes, the nsis.hdr adware [PUP] was to be found inside that zona.exe file if you have deleted the zona.exe file then it too has gone.

Check out this article, http://processchecker.com/file/Zona.exe.html for more information on it, you should be able to uninstall it according to this article. Further info systemexplorer.net/file-database/file/zona-exe.

What you have to remember is the classification of it being adware and a PUP:
PUP = Potentially Unwanted Program - See http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci1066761,00.html. Not included in this definition are tools which can be used for good or evil, some have been legitimately installed for a specifically good purpose, but could have been unknowing installed for a malicious purpose.

For PUPs and what to do about them the user needs to have a good knowledge of what is on their system and what it does, to be able to decide if this really is unwanted.