Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Innosetupregfile


  • Please log in to reply
6 replies to this topic

#1 Blazey

Blazey

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:20 AM

Posted 12 June 2007 - 09:00 PM

Hello,

I have a question, which might be a problem on my pc. Or not. I ran HiJackThis a couple of weeks (if not a month) ago and deleted this file..

[codebox]HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\InnoSetupRegFile.0000000001="C:\Windows\is-KKTQQ.exe"[/codebox]

But when I deleted it, it came back again after reboot. So I had Spybot Search and Destroy block it. But now everytime I reboot, after entering my password, before my window starts loading up, I get an error message saying that file I deleted could not be found. Then I have to click "Ok" so my window can finish loading up. Then when the window is almost finished loading, I see the deleted file trying to load up but being blocked by Spybot. And those little Spybot Search and Destroy pop up messages that show up on the bottom right of the screen to remind you of what's going on or happened keeps coming up. Like 10-15 of them. Non-Stop. This also happens when I switch over from the Guest Window to My Window.

It is really annoying and has been going on for a while now. I have searched yahoo and google (even though they return the same results) but nothing came up about "is-KKTQQ.exe". Only information I found, which was on this site was about "InnoSetupRegFile.0000000001".

I would really appreciate it if anybody with adept knowledge on Windows could assist me in getting rid of this thing. The file might not be a virus but since I can't find any information on it, I have to leave it blocked. Help :thumbsup:


-Blazey-

BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • BC Advisor
  • 5,552 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:11:20 PM

Posted 12 June 2007 - 09:33 PM

Did you read the comments here?
http://www.bleepingcomputer.com/startups/I...0001-16618.html

Edited by buddy215, 12 June 2007 - 09:33 PM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”
Lawrence M. Krauss


#3 Blazey

Blazey
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:20 AM

Posted 12 June 2007 - 09:46 PM

Yes. That was the information I meant when I said...


"I have searched yahoo and google (even though they return the same results) but nothing came up about "is-KKTQQ.exe". Only information I found, which was on this site was about "InnoSetupRegFile.0000000001"."


Forgot to add the file name. Sorry. The problem is, I didn't find anything on "is-KKTQQ.exe". Or does it not matter what kind of file it is? As long as it is associated with "InnoSetupRegFile.0000000001", it is fine?

That's why I have it blocked. Nothing on "is-KKTQQ.exe" was found


-Blazey-

#4 buddy215

buddy215

  • BC Advisor
  • 5,552 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:11:20 PM

Posted 12 June 2007 - 10:47 PM

If you can find that file on your computer, submit it to Jottie and see what they can find. Since there is no reference on Google it is likely malware.
http://virusscan.jotti.org/

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”
Lawrence M. Krauss


#5 Blazey

Blazey
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:20 AM

Posted 12 June 2007 - 11:22 PM

I can't find the file on my pc. Even though it still comes up as being blocked by Spybot Search and Destroy.


-Blazey-

#6 buddy215

buddy215

  • BC Advisor
  • 5,552 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:11:20 PM

Posted 13 June 2007 - 08:19 AM

Install Super Antispyware. Run it in safe mode. Allow it to quarantine whatever it finds.
http://www.superantispyware.com/

Run the online scan for Bit Defender in normal mode. Allow it to quarantine whatever it finds.
http://www.bitdefender.com/scan8/ie.html

--------------------------------------------------------------------------------

Post a Hijack This log in the Hijack This Forum by following the directions in the link below if the programs above have not removed ALL malware. DO NOT post the log in this forum.
http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/
--------------------------------------------------------------------------------

How To start Windows in Safe Mode
http://www.bleepingcomputer.com/tutorials/how-to-start-windows-in-safe-mode/

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”
Lawrence M. Krauss


#7 Peter Blaise

Peter Blaise

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:12:20 AM

Posted 07 May 2010 - 06:15 AM

It's a little late in the game to inspect the original environment in which you found "is-KKTQQ.exe" and "InnoSetupRegFile.0000000001", but they are InstallShield components.

They were put there probably by some program you had recently installed, designed to register something on next boot.

The program probably was seeking to bypass restricted privileges by inserting something into the system early during reboot and DOS level access before full Windows administrative rights load and clamp down.

Also, such permission may be needed if a newly installed file is supposed to replace a previous file that is still in memory, that can't easily be removed from memory dynamically, so sneaking underneath it during reboot before the previous file has a chance to load is the only way to replace it or to change registry references to the new file replacement.

It may have been legitimate, or it may have been a co-opted and illegitimate use of Install Shield program features.

If you search your system for other programs dated at the same time as this occurrence, you may find a correlation.

Let us know.

Click!
Love and hugs,


==========

My example, from moments ago, after installing (the very nicely designed, useful, and powerful) http://www.GlaryUtilities.com/ (v2220896) left similar items in my computer:

HKLM:RunOnce InnoSetupRegFile.0000000001 "C:\WINDOWS\is-AGI2M.exe" /REG

C:\Windows\is-AGI2M.exe
C:\Windows\is-AGI2M.lst
C:\Windows\is-AGI2M.msg

What's in 'em? See below:

========== C:\Windows\is-AGI2M.exe 657 KB (673,280 bytes) contains (culled from the .exe file): ==========

JR.Inno.Setup V51.46.0.0
Setup/Uninstall
Copyright 1997-2007 Jordan Russell. Portions 2000-2007 Martijn Laan


========== C:\Windows\is-AGI2M.lst 166 bytes (166 bytes) contains: ==========

* List of files to be registered on the next reboot. DO NOT EDIT! *

[s.]C:\Program Files\Glary Utilities\ContextHandler.dll
[s.]C:\WINDOWS\system32\msscript.ocx


========== C:\Windows\is-AGI2M.msg 166 bytes (166 bytes) contains (l-o-n-g): ==========

Inno Setup Messages (5.1.11)( T&About Setup...%1 version %2
%3

%1 home page:
%4About SetupYou must be logged in as an administrator when installing this program.Folder names cannot include any of the following characters:

%1The folder name cannot include any of the following characters:

%1Glary UtilitiesSelect a folder in the list below, then click OK.Browse For Folder< &Back&Browse...Cancel&Finish&Install&Make New Folder&Next >&NoN&o to AllOKB&rowse...&YesYes to &AllSetup cannot continue. Please click Cancel to exit.Setup Needs the Next DiskClick Finish to exit Setup.Click Next to continue, or Cancel to exit Setup.Compact installation%1 KB%1 MBCurrent selection requires at least [mb] MB of disk space.The system indicates that the following shared file is no longer in use by any programs. Would you like for Uninstall to remove this shared file?

If any programs are still using this file and it is removed, those programs may not function properly. If you are unsure, choose No. Leaving the file on your system will not cause any harm.Remove Shared File?ConfirmAre you sure you want to completely remove %1 and all of its components?Custom installationThe folder:

%1

does not exist. Would you like the folder to be created?Folder Does Not ExistThe folder:

%1

already exists. Would you like to install to that folder anyway?Folder ExistsThe folder name or path is too long.At least [mb] MB of free disk space is required.Setup requires at least %1 KB of free space to install, but the selected drive only has %2 KB available.

Do you want to continue anyway?Not Enough Disk SpaceClick Retry to try again, Ignore to proceed anyway, or Abort to cancel installation.An error occurred while trying to change the attributes of the existing file:An error occurred while trying to copy a file:Setup was unable to create the directory "%1"An error occurred while trying to create a file in the destination directory:Unable to execute file:
%1%1 failed; code %2%1 failed%1 failed; code %2.
%3Error creating INI entry in file "%1".Internal error: %1An error occurred while trying to open the README file.An error occurred while trying to read the existing file:An error occurred while trying to read the source file:Error creating registry key:
%1\%2Unable to register the DLL/OCX: %1Unable to register the type library: %1Error opening registry key:
%1\%2RegSvr32 failed with exit code %1Error writing to registry key:
%1\%2An error occurred while trying to rename a file in the destination directory:An error occurred while trying to replace the existing file:Setup was unable to restart the computer. Please do this manually.RestartReplace failed:ErrorUnable to create a file in the directory "%1" because it contains too many filesThe existing file is newer than the one Setup is trying to install. It is recommended that you keep the existing file.

Do you want to keep the existing file?The existing file is marked as read-only.

Click Retry to remove the read-only attribute and try again, Ignore to skip this file, or Abort to cancel installation.Setup is not complete. If you exit now, the program will not be installed.

You may run Setup again at another time to complete the installation.

Exit Setup?Exit SetupClick Retry to try again, Ignore to skip this file (not recommended), or Abort to cancel installation.Click Retry to try again, Ignore to proceed anyway (not recommended), or Abort to cancel installation.The file already exists.

Would you like Setup to overwrite it?The file "%1" could not be located in "%2". Please insert the correct disk or select another folder.Completing the [name] Setup WizardSetup has finished installing [name] on your computer. The application may be launched by selecting the installed icons.Setup has finished installing [name] on your computer.To complete the installation of [name], Setup must restart your computer. Would you like to restart now?To complete the installation of [name], Setup must restart your computer.

Would you like to restart now?Full installationThe folder name or path is too long.The password you entered is not correct. Please try again.When you are ready to continue with Setup, click Next.Please read the following important information before continuing.When you are ready to continue with Setup, click Next.Please read the following important information before continuing.InformationPlease wait while Setup installs [name] on your computer.The folder name is not valid.The drive or UNC share you selected does not exist or is not accessible. Please select another.The folder name is not valid.You must enter a full path with drive letter; for example:

C:\APP

or a UNC path in the form:

\\server\share%1.

Error %2: %3Unable to create a temporary file. Setup abortedUnable to execute file in the temporary directory. Setup abortedI &accept the agreementPlease read the following important information before continuing.Please read the following License Agreement. You must accept the terms of this agreement before continuing with the installation.I &do not accept the agreementThe version of Windows you are running does not include functionality required by Setup to perform a 64-bit installation. To correct this problem, please install Service Pack %1.You must enter a folder name.New Folder&Don't create a Start Menu folder&No, I will restart the computer laterThis program will not run on %1.Setup has detected that the following components are already installed on your computer:

%1

Deselecting these components will not uninstall them.

Would you like to continue anyway?Components ExistThis installation can only be uninstalled by a user with administrative privileges.This program can only be installed on versions of Windows designed for the following processor architectures:

%1This program must be run on %1.&Password:This installation is password protected.Please provide the password, then click Next to continue. Passwords are case-sensitive.&Path:You must be logged in as an administrator or as a member of the Power Users group when installing this program.Setup is preparing to install [name] on your computer.The installation/removal of a previous program was not completed. You will need to restart your computer to complete that installation.

After restarting your computer, run Setup again to complete the installation of [name].Setup is now ready to begin installing [name] on your computer.Click Install to continue with the installation, or click Back if you want to review or change any settings.Click Install to continue with the installation.Selected components:Destination location:Start Menu folder:Additional tasks:Setup type:User information:Run %1View %1Which components should be installed?Select the components you want to install; clear the components you do not want to install. Click Next when you are ready to continue.To continue, click Next. If you would like to select a different folder, click Browse.Where should [name] be installed?Please specify the location of the next disk.Setup will install [name] into the following folder.Please insert Disk %1 and click OK.

If the files on this disk can be found in a folder other than the one displayed below, enter the correct path or click Browse.Select the language to use during the installation:Select Setup LanguageTo continue, click Next. If you would like to select a different folder, click Browse.Where should Setup place the program's shortcuts?Setup will create the program's shortcuts in the following Start Menu folder.Which additional tasks should be performed?Select the additional tasks you would like Setup to perform while installing [name], then click Next.Setup was not completed.

Please correct the problem and run Setup again.Setup has detected that %1 is currently running.

Please close all instances of it now, then click OK to continue, or Cancel to exit.SetupThe setup files are corrupted. Please obtain a new copy of the program.The setup files are corrupted, or are incompatible with this version of Setup. Please correct the problem or obtain a new copy of the program.The file %1 is missing from the installation directory. Please correct the problem or obtain a new copy of the program.This will install %1. Do you wish to continue?Setup - %1File name:Location:Yes, I would like to view the README fileThe source file "%1" does not existThe source file is corruptedCreating directories...Creating shortcuts...Creating INI entries...Creating registry entries...Extracting files...Registering files...Rolling back changes...Saving uninstall information...Finishing installation...Uninstalling %1...Setup cannot install to a UNC pathname. If you are trying to install to a network, you will need to map a network drive.%1 UninstallUninstall"%1" file is corrupted. Cannot uninstall%1 was successfully removed from your computer.To complete the uninstallation of %1, your computer must be restarted.

Would you like to restart now?%1 uninstall complete.

Some elements could not be removed. These can be removed manually.Uninstall has detected that %1 is currently running.

Please close all instances of it now, then click OK to continue, or Cancel to exit.File "%1" does not exist. Cannot uninstall.This installation can only be uninstalled on 64-bit Windows.File "%1" could not be opened. Cannot uninstallPlease wait while %1 is removed from your computer.An unknown entry (%1) was encountered in the uninstall logThe uninstall log file "%1" is in a format not recognized by this version of the uninstaller. Cannot uninstallPlease enter your information.&User Name:You must enter a name.&Organization:&Serial Number:Welcome to the [name] Setup WizardThis will install [name/ver] on your computer.

It is recommended that you close all other applications before continuing.This program cannot be installed on %1 version %2 or later.This program requires %1 version %2 or later.InformationInformationInstallingLicense AgreementPasswordPreparing to InstallReady to InstallSelect Destination LocationSelect ComponentsSelect Start Menu FolderSelect Additional TasksUninstall StatusUser Information&Yes, restart the computer now

========== end of file quote =====

Edited by boopme, 08 May 2010 - 07:59 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users