Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Question about task manager activity.


  • Please log in to reply
11 replies to this topic

#1 Phade102

Phade102

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:11:39 PM

Posted 28 June 2014 - 11:04 AM

Hi all, Just wanted to do a quick check, I find Msiexec.exe running sometimes when I leave my computer idle. Is this normal? I cant figure out what its installing, or even what Msiexec actually does. does it only effect windows files?


Edited by hamluis, 28 June 2014 - 11:16 AM.
Moved from Win 7 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 56,577 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:04:39 PM

Posted 28 June 2014 - 11:17 AM

Possible malware, from what I read, topic moved to Am I Infected forum.

 

Louis



#3 metalupyourmax

metalupyourmax

  • Members
  • 90 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Illinois
  • Local time:04:39 PM

Posted 28 June 2014 - 11:35 AM

If it is a legitmate one, don't worry about it and leave it. That one would be located in System32 folder. If its a fake one, which is a trojan, look in C:\Users\[UserName]\msiexec.exe or C:\Users\[UserName]\AppData\Local\Temp and see if you can find that file. You can delete it manually but it most likely will reappear on reboot. If it is a fake, follow these steps to remove it.

 

1. Download Malwarebytes' Anti-Malware to your desktop. 1208__malwarebytes.png

  • Rename the file to firefox.exe BEFORE downloading
  • Double-click firefox.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
     
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.

     
  • Be sure that everything is Checked (ticked) and click on Remove Selected.
  • Reboot your computer if prompted.

Malwarebytes should detect and remove this problem if you have it. If it founds anything else that is irrelevant but not msiexec.exe, you are ok.



#4 Phade102

Phade102
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:11:39 PM

Posted 28 June 2014 - 12:02 PM

I have malwarebytes already, and the only msiexec.exe I find is indeed in the system32 folder. I was just wondering if it can install non windows programs.

EDIT: Just checked both filepaths you suggestions, nothing in either. if It pops up again ill check the file path and report back, I didn't think to do that last time.

Edit again: Sorry, forgot to mention that when I checked /go to services it went to the windows installer service. Sorry, I am new, I was nervous and I didn't even think.

PS: I have windows updates on install only when I permit, but could they be doing that while the computer is idle?

Edited by Phade102, 28 June 2014 - 12:07 PM.


#5 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,815 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:02:39 PM

Posted 28 June 2014 - 12:15 PM

This could be an MS update being downloaded.

 

Do the following to see if the file path is correct.

 

In the Search programs and files box type regedit

 

When the registry opens follow the filepath.  Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSIServer.

 

Double click on MSISever and the file path will be displayed in the pane to the right.  

 

It should be %systemroot%\system32\msiexec.exe /v


Edited by dc3, 28 June 2014 - 12:17 PM.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#6 Phade102

Phade102
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:11:39 PM

Posted 28 June 2014 - 12:17 PM

Yes, I can confirm that is the filepath. So am I safe? Just a bit paranoid about viruses, OCD you could say, and I know I can trust you guys.

#7 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,815 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:02:39 PM

Posted 28 June 2014 - 12:24 PM

Just to be sure, please do the following.

Please run the ESET OnlineScan

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

 

Please download Malwarebytes Anti-Malware.  After clicking on the link the download will start automatically.
 
1)  Double-click on mbam-setup.exe, then click on Run to install the application, follow the prompts through the installation.
 
2)  Malwarebytes will automatically open.  If this is the first time you have run this version of Malwarbytes you will see an image like the one below.
 
mbam1_zps95cc812c.png
 
Click on Update Now, after Malwarebytes is updated click on Scan.
 
If this isn't the first time you have run this version, then you will see an image like the one below.  Click on Scan
 
mbam1_zps98e7fba9.png
 
You will be prompted to update Malwarebytes, to do so click on Update Now.
 
 mbam2_zps85f38f0c.png
 
3)  The scan will automatically run now.
 
mbamreplace_zps3ead4824.png
 
 
4)  When the scan is complete the results will be displayed.  Click on Quarantine All, then click on Apply Actions
 
mbam4_zps23e52ad4.png
 
 
5)  To complete any actions taken you will be asked if you want to restart your computer, click on Yes
 
 mbam4_zps490948cc.png
 
6)  Please post the Malwarebytes log.
 
To find your Malwarebytes log,download mbam-check.exe from here and save it to your desktop.
 
To open the log double click on mbam-check.exe on your desktop.  When the log opens, scroll down toward the bottom of the log to Quarantined Items.  Copy and paste this in your next post.
 
 
Please download AdwCleaner and run it.
 
An image like the one below will open, click on Scan.
 
adwcleaner11_zps48314883.png
 
Once the search is complete a list of the pending items will be displayed.  If you see any which you do not want removed, remove the check mark next to it.  
 
Click on Clean to remove the selected items.  
 
You will receive a message telling you that all programs will be close so that the infections can be removed.  Click on Ok.
 
When the cleaning process is complete a log of what was removed will be presented.  Please copy and the paste this log in your next post.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#8 Phade102

Phade102
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:11:39 PM

Posted 28 June 2014 - 12:25 PM

Will do all that now. thanks for the help!

#9 Phade102

Phade102
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:11:39 PM

Posted 28 June 2014 - 12:41 PM

Scans are ongoing, but just wondering, I have a task scheduler task called regidlebackup that matches pretty much to the second to the exes popup time. does this take use it?

#10 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,815 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:02:39 PM

Posted 28 June 2014 - 01:01 PM

That would be my guess.  If this occurs again open the task manager and see if the regidlebackup is running.


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#11 Phade102

Phade102
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:11:39 PM

Posted 28 June 2014 - 02:26 PM

I will do so, scans are done and none of em picked anything up, so I'm going to assume its just me being a bit paranoid. Thank you so much dc3 and Hamilus, Because of guys like you, people can always feel safer on their computers =)

#12 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,815 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:02:39 PM

Posted 28 June 2014 - 03:02 PM

Please post the logs in your topic.


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users