Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I may have run a bad .exe file: Can I prevent it from finishing the installation


  • Please log in to reply
5 replies to this topic

#1 Alyab123

Alyab123

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:45 PM

Posted 27 May 2014 - 04:47 AM

I am feeling really stupid.

 

I have Windows XP pro, on a Dell Dimension E521. I've been trying to figure out why I can't seem to make a rescue disk with a PE environment (Using Macrium Reflect FREE edition).

 

It may be that I may need some Windows 7 compatible drivers. Dell doesn't provide any, so I went looking on the web, based on my specific hardware. I was very frustrated at not being able to find what I needed to make a rescue disk work. I found a .zip file for a driver for my exact model of DVD rw -+. I don't remember where I got it from. I must have considered it a safe place at the time - I'm pretty careful about such things. The zipped file was on my pc for a while, and I just decided to extract the files. Which was probably dumb, since I don't remember where I got the file from.

 

I extracted the zip file to a new folder on my desktop. It created an .exe file. My firewall expressed a warning about an unknown executable, but I am so tired, that I went in to the firewall settings, and set it to allow it to run. Well, I ran the .exe file, and an installer opened up complete with a cute little gui.... which I thought was strange for just installing an updated driver. I should have trusted my suspicions and cancelled until I could research the source of this file. Instead, I let it run, and it installed something (hopefully genuine driver installation files) somewhere. It said the installation will finish when I restart windows.

 

Now that I'm thinking about it, I am really worried that it could be malware. I am afraid to restart my PC! Is there any way to prevent this from becoming a nightmare if it is malware? I do have a restore point, from before I installed Macrium Reflect at least 10 hours before this incident. But I'm not sure that is the best way to go. If I restore to before that program install, it's going to leave documents and settings and some other types of folders around my pc, related to Macrium Reflect.

 

Can somebody help me think this through?



BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:45 AM

Posted 27 May 2014 - 05:50 PM

Hello -

Well, I ran the .exe file, and an installer opened up complete with a cute little gui....

Did the GUI give you any name on it that indicates it is a Fake or Rogue program ??

If so, there are ways to remove these programs and clean out any remains .......

 

Your first step is usually Malwarebytes Anti-Malware, and then  follow with another program.

 

I am still not sure if you just want to clean up any infection, update to Windows 7, or reinstall your current system ??



#3 Alyab123

Alyab123
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:45 PM

Posted 28 May 2014 - 02:48 AM

Thank you so much for your response.  In answer to some of your questions: (not in order)

 

I'm not trying to update to Windows 7. I am trying to create a rescue disk and image my system. The program I'm using installs WindowsPE on the rescue disk. Apparently Windows PE uses Windows 7 drivers, and that's why I was poking around for drivers online. That was just a bit of background - to explain why I downloaded a driver installation file.

 

My pc anti-malware scans (AVAST free and Malwarebytes free) haven't indicated any problems, so no, I'm not trying to clean up an infected PC. I'm trying to prevent a possible infection. Maybe my concern doesn't make sense - if it doesn't please excuse my ignorance/paranoia.

 

The reason I posted here is because when the .exe driver installation file opened up this installer GUI I got spooked. It doesn't look like something a reputable firmware company would create just to install a driver. I know I'm sounding paranoid... but I think that installer GUI is weird - and I don't know who made it. There is nothing specifically on it that indicates it is a rogue or fake program. I am normally careful about downloading stuff only from sites that have been deemed legit either in a forum such as this one, or just by doing a web search of the site's reputation. The cutesy little installer thing is what got me concerned, and self-doubting about where I downloaded the .zip file from, and whether something else is going on besides installing a driver. I have no data to tell me if my gut reaction is simply wrong, and I'm being unreasonably cautious.

 

After your post, I went back and looked at the extracted .exe file again, to describe this better.

Here is a screenshot:

 

installer_zps89cc15ed.jpg

 

 

"H-L data storage" IS the name of the company that made my dvd optical drive. The properties of the .exe file say it is copyrighted by Hitachi LG data storage. A google search found an identically named .zip file for this driver on the dell website, but I also see it on a number of random driver download websites.

 

I ran malwarebytes, and avast on the .exe file, and it came up clean.

 

Please clarify: if the .exe file was rendered "clean" by malwarebytes and avast, does that mean that anything it does won't be malicious?

 

I am in the middle of the installation: restarting my pc will complete the installation and whatever instructions are in that executable file. Is there a valid concern here? If there is, is there anything I should do to prevent possible infection when I restart? Or should I just assume this is fine, and move on with the restart?


Edited by Alyab123, 28 May 2014 - 03:10 AM.


#4 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:45 AM

Posted 28 May 2014 - 07:50 AM

From that shot and your post, all seems to be OK now -

 

 

If you want further PE type information, please post in an Operating System area, as this is not an infection.

It may be a surprising download, but please read all of the information prior to attempting this again -

 

That is my take on the post here -



#5 Alyab123

Alyab123
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:45 PM

Posted 28 May 2014 - 07:18 PM

OK, thank you. I was worried that it might be, and that is why I posted here.



#6 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:45 AM

Posted 28 May 2014 - 07:33 PM

No problem.

 

It is always better to ask and be sure all is OK -






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users