Author Topic: win32:downloader-NZI  (Read 13402 times)

0 Members and 1 Guest are viewing this topic.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: win32:downloader-NZI
« Reply #15 on: April 27, 2012, 11:04:25 PM »
CA seems to be history, only run the fixit if you still get windows installer popping up

How is the computer behaving now ? 

demontosome26

  • Guest
Re: win32:downloader-NZI
« Reply #16 on: April 27, 2012, 11:27:27 PM »
Everything seems to be running perfectly now and that also includes no Windows Installer pop-up.  THANK YOU VERY MUCH! 

I usually run a Boot Time Scan on a daily basis, so can I start doing that again?  I also wanted to mention that I will continue recommending Avast! to everyone I know.  Thanks again!

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: win32:downloader-NZI
« Reply #17 on: April 27, 2012, 11:31:19 PM »
To be honest I can see no real need for a bootscan on a daily basis, I do one once or twice a year just for the fun of it 

Subject to no further problems   :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems 

Now the best part of the day ----- Your log now appears clean  :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset  System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Quote
    :Commands
    [resethosts]
    [emptytemp]
    [CLEARALLRESTOREPOINTS]
     [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
Run OTL and hit the cleanup button.  It will remove all the programmes we have used plus itself. 

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.
Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit To learn more about how to protect yourself while on the internet read our little guide  How did I get infected in the first place ?Keep safe  :wave:

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48524
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: win32:downloader-NZI
« Reply #18 on: April 27, 2012, 11:31:36 PM »
Quote
I usually run a Boot Time Scan on a daily basis

May I ask why since that makes no sense. ???
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

demontosome26

  • Guest
Re: win32:downloader-NZI
« Reply #19 on: April 27, 2012, 11:54:10 PM »
I ran that last fix and I also checked the "Hidden Files and Folders Section" and they're already set to be hidden.  The reason I do a Boot-Time Scan over a regular scan is because I've had the understanding that it's more of a deep rooted scan, so I would assume that's better to use.  I also don't mind waiting a bit longer for it to run it's process.  Would you not recommend doing this?

I will also come back within 24 hours if I notice any kinds of issues.  Again I want to say thank you!  All of you take time out of your day to help people out on here, so it should be recognized. 

iroc9555

  • Guest
Re: win32:downloader-NZI
« Reply #20 on: April 28, 2012, 12:31:39 AM »
...The reason I do a Boot-Time Scan over a regular scan is because I've had the understanding that it's more of a deep rooted scan, so I would assume that's better to use.  I also don't mind waiting a bit longer for it to run it's process.  Would you not recommend doing this?

Boot-Time scan is a specialized tool to remove infections before they have time to run making it easier to remove them. Also it should be ran when Avast! itself ask you to do so ( When Avast! detects suspicious programs that can not be completely remove after a regular scan ) or when it is suspected that your comp has a virus that the regular scans can not detect.

Remember that Avast! is continuously scanning any file you, the system, or by itself run in your comp making a daily scan unnecessary. Myself I run a quick scan weekly and a full scan every month or so.

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48524
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: win32:downloader-NZI
« Reply #21 on: April 28, 2012, 01:00:11 AM »
Once the boot time scan has finished running, you've scanned as many files as are possible.

As already stated, any files added, changed or accessed, are automatically scanned by avast!.
Why would you repeat scanning something that has already been confirmed as clean ???
Once the boot time scan has confirmed your system as clean, additional scans are really not needed. IMHO.
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

demontosome26

  • Guest
Re: win32:downloader-NZI
« Reply #22 on: May 04, 2012, 12:47:44 AM »
I finally got around to doing a new scan and it still picked up an infection in the form of umxattachment.exe (win32 downloader nzi trojan).  However the laptop seems to be running quite smoothly, so what would you recommend from here, Essex? 

demontosome26

  • Guest
Re: win32:downloader-NZI
« Reply #23 on: May 06, 2012, 02:04:19 AM »
Any update yet?

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48524
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: win32:downloader-NZI
« Reply #24 on: May 06, 2012, 02:17:19 AM »
Any update yet?
He's probably sleeping.  ;D
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: win32:downloader-NZI
« Reply #25 on: May 06, 2012, 02:01:17 PM »
Sorry missed the reply

What is the location of umxattachment.exe and is Avast not deleting it ?

demontosome26

  • Guest
Re: win32:downloader-NZI
« Reply #26 on: May 07, 2012, 09:43:37 AM »
We all get busy, so no worries.  I wasn't able to copy and paste the exact location of the virus, so I just did a print screen of the location instead.  You can find it in the attachment.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: win32:downloader-NZI
« Reply #27 on: May 07, 2012, 05:10:27 PM »
OK that is within the Computerr Associates firewall installation package

Now I can delete the entire MSI package but it means that you will not be able to uninstall CA firewall

Do you wish me to do that ?

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48524
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: win32:downloader-NZI
« Reply #28 on: May 07, 2012, 05:19:05 PM »
OK that is within the Computerr Associates firewall installation package

Now I can delete the entire MSI package but it means that you will not be able to uninstall CA firewall

Do you wish me to do that ?
@essexboy,
Can he uninstall CA first, then have you do the fix and he can then do a fresh install if CA ???
That way CA can still be uninstalled at a later time ???
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: win32:downloader-NZI
« Reply #29 on: May 07, 2012, 05:25:21 PM »
I believe this is the last bit of CA left on the system - we had tried to remove it earlier