Trojan Horse Advanced System Care

[maybeok0]

Hi,
Having the problem of C:\DOCUME~1\Colin\LOCALS~1\Temp\Arabic.bin
Win32:Downloader-CDZ [trj comming up during computer statup with Advanced System Care Ver 3.2.0633
xxxxxxxxxxxxxxx
Yes I found my installed Advanced System Care was not performing correctly. After reving the Virus the compurt would not do the normal scan on startup, This was confrmed by the scan date info was not changing??? So I reinstalled ASC and had during during computer start up the new installed Advanced System Care the Avast Virus Scan box come up again with this Trojan virus. This virus appears may be a part of Advanced System Care programming???
xxxxxxxxxxxxxxxxxxxxxxxx
Plus Spybot Box of ===
Category = System Startup global entry
Change = Value deleted
Entry= TrojanScanner
Old Data C:\Program Files\Trojan Remover\Trjscan.exe [From this line Spybot says "Remover"??]
xxxxxxxxxxxxxxxxxxxx
Avast Info==== All Free Home 4.8 Current Upadtes installed
C:\DOCUME~1\Colin\LOCALS~1\Temp\Arabic.bin
Win32:Downloader-CDZ [trj]
Trojan Horse
090305-0, 05/03/2009
Rec Move to Chest = First time to the Avast Chest = second time Deleted  = third time Renamed = After the rename had no virus shwing, however I found the ASC would not do the setup scan on computer startup.
xxxxxx
Now is the above trogan a part of ASC programming???
Using Widows XP Home

Regards Colin [Australia]

[Lisandro]

Can you inform the file as being a false positive? (click on the bottom right of the virus warning message).

To know if a file is a false positive, please submit it to VirusTotal and let us know the result. VirusTotal has a file size limit of 10Mb. You can use VirScan also.
If it is indeed a false positive, send it in a password protected zip to virus@avast.com. Please, mention in the body of the message why you think it is a false positive and the password used. Thanks.

Maybe you need to disable Hide protected operating system files and enable View hidden files and folders to manage the file(s).

As a workaround, you can add these files to the Standard Shield provider (on-access scanning) exclusion list.
Left click the 'a' blue icon, click on the provider icon at left and then Customize. Go to Advanced tab and click on Add button...
You can use wildcards like * and ?. But be careful, you should 'exclude' that many files that let your system in danger.

[maybeok0]

Hi to TECH
avast! translator
avast! Überevangelist
Advanced System Care Pro Ver. 3.2.0
I found my problem to remove the  Malware/virus named Arabic
The reason I could not locate the Malware/virus related to when I was presented with the Avast  Virus box Avast detailed that it was the best  to remove same to "Chest". and when that did not achieve  the results I "Deleted" same and when that did not remove same from computer I "Moved/Renamed" it.
By doing the above the virus file was not available when I did the search for Arabic
Please Note! I feel I must be showing my age for not accepting if you move same to "Chest/Delete/Move-Rename" you will not find same on your computer!
Now the Virus/malware reactivated it's self again on the  next restart of my computer
Now when in future when I have the same again and at the time when you receive the Avast Virus box you click on the button "No Action" you will find the malware/virus identification  will be available to locate same using "Search" [computer]
I cut and pasted the Arabic Virus/malware into a new folder on my desktop which did remove  the C:\\DOCUME~1\\Colin\\LOCALS~1\\Temp\\Arabic.bin [as shown in Avast Virus/malware box]
 from my computer
I  carried out a new search for Arabic and now can only find 3 Arabic.[langue data files] bin on drive "C" and  3 Arabic.bin .[langue data files] on drive "D"  ["D" drive is my  clone of drive "C"] 
Before I had 4 Arabic.[langue data files] bin on drive "C"

Now all is OK
Thankyou
Colin  [Australia]

[Lisandro]

Now when in future when I have the same again and at the time when you receive the Avast Virus box you click on the button "No Action" you will find the malware/virus identification

No, don't do that. The safer is always send the file to Chest. The original path will be recorded into Chest.