Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected msiexec.exe file found in system32? could it be a false positive?


  • Please log in to reply
1 reply to this topic

#1 zetsubouEden

zetsubouEden

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 08 December 2014 - 01:51 AM

hello, i am very new to this site and i've been having this problem for a while. i tried to re-download MSVCP110.dll, but the installer could not run correctly, so after running avast antivirus, my msiexec.exe file turned out to be infected. i've read that these win32:evo-gen [susp] warnings are false reports, but i've gone to the system32 folder and clicked on the file, causing windows to abort the process because "the file contains a virus." (also, after running some scans, avast says i am infected with a rootkit of some sorts, so to delete it, i restart my computer. it's still there, but i am not 100% positive that it is a "real alarm."  i then downloaded malwarebytes and ran multiple scans, resulting in nothing being detected, causing my doubts.) please, help me!  

Attached File  what happened here..PNG   12.86KB   0 downloads

Edited by Queen-Evie, 08 December 2014 - 02:15 AM.
moved from Windows 7 to the appropriate forum


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,756 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:05 PM

Posted 08 December 2014 - 06:35 AM

Anytime you come across a suspicious file for which you cannot find any information about, a file with a legitimate name but is not located where it is supposed to be or you want a second opinion, submit it to one of the online services that analyzes suspicious files:--In the "File to Scan" (Upload or Submit) box, browse to the location of the suspicious file(s) and submit (upload) it for scanning/analysis. If you get a message saying "File has already been analyzed", click Reanalyze or Scan again.

Determining whether a file is malware or a legitimate process usually depends on the location (path) it is running from. One of the ways that malware tries to hide is to give itself the same name as a critical system file. However, it then places itself in a different location (folder) than where the legitimate file resides and runs from there.

The legitimate msiexec.exe program belongs to the Windows Installer Component and is located in C:\Windows\System32
The 'fake' msiexec.exe is a malicious program and is typically located in C:\Users\[UserName]\msiexec.exe or C:\Users\[UserName]\AppData\Local\Temp
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users