Author Topic: win32:downloader-NZI  (Read 11090 times)

0 Members and 1 Guest are viewing this topic.

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 45955
  • 61 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: win32:downloader-NZI
« Reply #30 on: May 07, 2012, 05:28:43 PM »
I believe this is the last bit of CA left on the system - we had tried to remove it earlier
Ok since it was to be removed than that should take care of it. :)
Free avast! Security Seminar: http://bit.ly/2N1eaR2  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v21H2 64bit, 16 Gig Ram, 1TB SSD, AvastOmni 21.6, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq

Offline demontosome26

  • Jr. Member
  • **
  • Posts: 48
Re: win32:downloader-NZI
« Reply #31 on: May 07, 2012, 06:57:33 PM »
I'll do whatever you feel is best to do from this point.  I also wanted to mention that the last time I tried to use that uninstall link you sent me from CA it sent me straight into remote assistance and I didn't know if I should trust them.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40627
  • Dragons by Sasha
    • Malware fixes
Re: win32:downloader-NZI
« Reply #32 on: May 07, 2012, 07:47:39 PM »
OK I will use OTL to delete the installer

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run
To disable MBAM
Open the scanner and select the protection tab
Remove the tick from "Start with Windows"
Reboot and then run OTL


Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Quote
    :Files
    C:\windows\installer\{BDBAAB1B-B364-465E-931D-4E2E2F0E609A}

    :Commands
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Offline demontosome26

  • Jr. Member
  • **
  • Posts: 48
Re: win32:downloader-NZI
« Reply #33 on: May 08, 2012, 01:48:35 AM »
Log posted.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40627
  • Dragons by Sasha
    • Malware fixes
Re: win32:downloader-NZI
« Reply #34 on: May 08, 2012, 07:25:41 PM »
How is the computer behaving now ?

Offline demontosome26

  • Jr. Member
  • **
  • Posts: 48
Re: win32:downloader-NZI
« Reply #35 on: May 09, 2012, 09:52:36 AM »
The laptop is still running smoothly, but the scan is still picking up a threat.  I posted an attachment that lists the threat and it's whereabouts.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37098
Re: win32:downloader-NZI
« Reply #36 on: May 09, 2012, 09:55:48 AM »
it is located in a restore point..

so should be gone if you delete your restore poinst

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40627
  • Dragons by Sasha
    • Malware fixes
Re: win32:downloader-NZI
« Reply #37 on: May 09, 2012, 09:21:13 PM »
As Pondus said - reset the restore points and it will be history  ;D

Offline demontosome26

  • Jr. Member
  • **
  • Posts: 48
Re: win32:downloader-NZI
« Reply #38 on: May 11, 2012, 04:30:20 AM »
I deleted the restore points and the infection is still there.  Attachment posted.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40627
  • Dragons by Sasha
    • Malware fixes
Re: win32:downloader-NZI
« Reply #39 on: May 11, 2012, 08:22:31 PM »
That one is in the OTL quarantine file

Which should have been deleted when you run the OTL cleanup button, did you do that ? 

Offline demontosome26

  • Jr. Member
  • **
  • Posts: 48
Re: win32:downloader-NZI
« Reply #40 on: May 14, 2012, 03:30:16 AM »
Yes, but after running another scan it once again found an infection, so I decided to completely disable System Restore so it would eliminate all restore points.  From there I ran another scan and it didn't find any infections.  I'll let you know how everything is running within the next couple of days.