Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet Explorer setup.exe trojan


  • Please log in to reply
3 replies to this topic

#1 pip22

pip22

  • Banned
  • 341 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:01 PM

Posted 17 November 2004 - 10:53 AM

My AV program warned me that 'C:\program files\internet explorer\setup.exe' was infected by a trojan. couldn't clean the file so I allowed it to delete setup.exe instead. A full scan shows no other infections. Was 'setup.exe' planted there as a trojan or is it in fact a genuine microsoft file which got infected? Does anyone else have 'setup.exe' in C:\program files\internet explorer? Oh, and I'm running XP Pro SP1, though I doubt if that's relevant to the question. Thanks in advance.

BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,543 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:01 PM

Posted 18 November 2004 - 08:53 PM

Its not a genuine file, so you should be ok

#3 pip22

pip22
  • Topic Starter

  • Banned
  • 341 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:01 PM

Posted 19 November 2004 - 04:43 AM

Thanks for that, Grinler. One thing about it though. I didn't download any files on the morning I got the warning that setup.exe was a trojan (or at least I didn't give my consent to download anything that morning). A download box popped up automatically when I went to a website, with the usual 'save' 'open' or 'cancel'. I clicked 'cancel'. Shortly after that I got the trojan warning. Could the dialog-box have been rigged to start a stealth download even if you cancel it?

#4 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,543 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:01 PM

Posted 19 November 2004 - 10:31 AM

Yes its always possible for that to happen with these scumbags. You may want to do this:

Create a directory on your hardrive, to save HijackThis.exe, called c:\hijackthis. This is a mandatory step, for the backup and restore functions, of HijackThis, to be able to work.

Download the latest version, from here.

Read the pinned post in the HJT forum, here

Then, run a log, and post it in the HJT forum. Do not fix anything, yet.
A member, of the HJT Team, will help you out.
Please, be patient, these people are volunteers. They will help you out, as soon as possible.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users