Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

msiexec.exe is blocked, potential virus?


  • Please log in to reply
24 replies to this topic

#1 aimanfitri27

aimanfitri27

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:10:49 PM

Posted 09 May 2017 - 11:32 AM

Recently I've just start my 14-days trial for Malwarebytes so that I can use the real-time protection, and a few days ago I've encountered a pop-up message from it with a message saying "Website Blocked". I don't know if it can harm my laptop or if it's just a normal behavior from Microsoft since I do a quick research and it turns out that msiexec.exe belongs to Microsoft itself. Anyone can confirm this?

 

 fiDld2g.png


Edited by aimanfitri27, 09 May 2017 - 11:33 AM.


BC AdBot (Login to Remove)

 


#2 iMacg3

iMacg3

    Bleepin' 68000


  • Malware Study Hall Senior
  • 1,152 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Indiana, USA
  • Local time:10:49 AM

Posted 09 May 2017 - 04:34 PM

It's probably malware under the name of msiexec.exe.

 

Download Farbar MiniToolBox and save the file to your desktop.

  1. Open MiniToolBox by right-clicking it and selecting Run as Administrator.

  2. Make sure the following options are checked and then click Go:

Report IE Proxy Settings

Report FF Proxy Settings

List content of Hosts

List IP configuration

List Winsock Entries

List last 10 Event Viewer log

List Installed Programs

List Devices (Don't change any settings here)

List Users, Partitions and Memory size

List Restore Points

  1. Paste the log file contents into a post.

 

 

 

Download SecurityCheck by screen317.

 

  1. Click on the downloaded file and follow the instructions in the box on the screen.

  2. Paste the log file contents into a post.

  3. Important: If you get an error message, please restart your computer and try again.

 

 

 

 

Download Malwarebytes Anti-Malware from the provided link.

  1. Launch MBAM by clicking the .EXE file you downloaded.

  2. Run the installation wizard.

  3. Once complete, open MBAM and click Scan.

  4. Let the scan complete, then make sure all threats are selected and click Quarantine.

  5. Once done, go to History > Logs. Select the most recent Scan Log and paste its contents into a post.

 

 

 

Download ESET Online Scanner and save it to your desktop

 

  1. Double-click on the ESET Online Scanner icon to launch ESET.

  2. Click through the prompts and select “Enable detection of potentially unwanted applications.”

  3. Click “Scan” and let the tool run.

  4. Once done, click the “Save to text file...” Save the file to your desktop and paste the contents into a post.

 

Download Rkill from one of the below three links. (Use the one that runs on your PC without being blocked).

Link 1

Link 2

Link 3

 

  1. Double-click on the file you downloaded (either rkill.exe, iExplore.exe, or rkill.com) to launch Rkill.

  2. If a black box appears, the program is running correctly. If nothing happens, then try another link.

  3. Let the scan complete, then paste the contents of the text file that pops up at the end into a post.

  4. Important: Do not restart your computer once the scan is done!

 

 

 

Download FSS (Farbar Service Scanner) and save it to your desktop.

 

1. Right-click the program file and select Run as Administrator.

2. Make sure the following options are selected:

 

Internet Services

Windows Firewall

System Restore

Security Center/Action Center

Windows Update

Windows Defender

Other Services


Regards, iMacg3

"Do, or do not. There is no try." - Yoda

#3 aimanfitri27

aimanfitri27
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:10:49 PM

Posted 10 May 2017 - 12:56 AM

Phew that's the longest scan I've ever done. Anyway, here's all the log.

 

Farbar MiniToolBox :

Spoiler

 

SecurityCheck :

Spoiler

 

MalwareBytes Anti-Malware :

Spoiler

 

ESET Online Scanner :

Spoiler

 

Rkill :

Spoiler

 

Farbar Service Scanner :

Spoiler


Edited by aimanfitri27, 10 May 2017 - 12:57 AM.


#4 iMacg3

iMacg3

    Bleepin' 68000


  • Malware Study Hall Senior
  • 1,152 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Indiana, USA
  • Local time:10:49 AM

Posted 10 May 2017 - 11:12 AM

Download Norton Power Eraser from here and read the guide.

Important: Do NOT remove any threats from your computer. Just copy and paste the threats into a post.


Regards, iMacg3

"Do, or do not. There is no try." - Yoda

#5 aimanfitri27

aimanfitri27
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:10:49 PM

Posted 11 May 2017 - 02:46 PM

I can't copy and paste the threats since there's no log. The only available option is to Exit or Fix Now.

 

Here's the screenshot of the scan result :

http://i.imgur.com/PtczFzR.png

http://i.imgur.com/sHkuXZL.png

 

Just to let you know, most of the scan result are programs that I usually use and it's not harmful to my laptop. The only thing that should be removed or repaired is service_kms.exe and the 2 registry since I don't know what they are for.


Edited by aimanfitri27, 11 May 2017 - 02:48 PM.


#6 iMacg3

iMacg3

    Bleepin' 68000


  • Malware Study Hall Senior
  • 1,152 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Indiana, USA
  • Local time:10:49 AM

Posted 11 May 2017 - 03:32 PM

Remove the service_kms.exe file and see if it stops the msiexec prompts.


Regards, iMacg3

"Do, or do not. There is no try." - Yoda

#7 aimanfitri27

aimanfitri27
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:10:49 PM

Posted 11 May 2017 - 11:00 PM

Should I fix the 2 registry too since Norton Power Eraser said they need to be repaired?



#8 iMacg3

iMacg3

    Bleepin' 68000


  • Malware Study Hall Senior
  • 1,152 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Indiana, USA
  • Local time:10:49 AM

Posted 12 May 2017 - 08:03 AM

Unless you want to delete all the threats found by Power Eraser, I wouldn't delete the registry entries.


Regards, iMacg3

"Do, or do not. There is no try." - Yoda

#9 aimanfitri27

aimanfitri27
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:10:49 PM

Posted 12 May 2017 - 02:34 PM

Done. Now I just need to wait and see if I still get the warning, right?



#10 iMacg3

iMacg3

    Bleepin' 68000


  • Malware Study Hall Senior
  • 1,152 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Indiana, USA
  • Local time:10:49 AM

Posted 12 May 2017 - 02:49 PM

Wait for 24 hours to see if you get the warning. Post the results into this forum thread.


Regards, iMacg3

"Do, or do not. There is no try." - Yoda

#11 aimanfitri27

aimanfitri27
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:10:49 PM

Posted 13 May 2017 - 08:54 AM

I still receive Website Blocked warning for msiexec.exe from MalwareBytes..

 

Malwarebytes
www.malwarebytes.com
 
-Log Details-
Protection Event Date: 5/13/17
Protection Event Time: 9:38 PM
Logfile: 
Administrator: Yes
 
-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.75
Update Package Version: 1.0.1907
License: Trial
 
-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: System
 
-Blocked Website Details-
Malicious Website: 1
, , Blocked, [-1], [-1],0.0.0
 
-Website Data-
Domain: d2buh1bf1g584w.cloudfront.net
IP Address: 52.84.50.104
Port: [50193]
Type: Outbound
File: C:\Windows\System32\msiexec.exe
 
 
 
(end)


#12 iMacg3

iMacg3

    Bleepin' 68000


  • Malware Study Hall Senior
  • 1,152 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Indiana, USA
  • Local time:10:49 AM

Posted 13 May 2017 - 09:53 AM

Download Malwarebytes Anti-Rootkit and save it to your desktop.

  1. Double-click on the file and click OK to the self-extracting popup prompt.

  2. Click Next, then click Update to upgrade MBAR to the newest version of malware definitions.

  3. Once the update has been completed click Next, then Scan.

  4. If rootkits were detected, click all the check boxes for each item and select Cleanup. Restart the PC

  5. Open the MBAR folder on your desktop and paste both these logs into a post:

    mbar-log-{date} (xx-xx-xx).txt                     system-log.txt

 

Download Hitman Pro and save it to your desktop.(32 bit)(64 bit)

  1. Double-click on the Hitman Pro EXE file on your desktop.

  2. Once it's open, click Settings, then uncheck Scan for Tracking Cookies. 

  3. Click OK, then click Next.

  4. Select No, I only want to perform a one time scan the click Next.

  5. HitmanPro will start scanning your system. Once done scanning, HitmanPro will display a screen with any threats found. Important: Click on the drop-down tab next to the infection name and then click Apply to All > Ignore. If not, you could cause damage to your operating system! Make sure you choose to Ignore the files and then click next. You will be at the results window. Click "Save Log" and save it to your desktop. Paste its contents into a post.

 

Download Sophos Virus Removal Tool and save it to your desktop.

 

  1. Double-click on the EXE file you downloaded to launch the Installation Wizard.

  2. Follow the Install Wizard prompts to install Sophos.

  3. Once all the virus definitions are done updating, click Start Scanning.

  4. If no threats are found, just close the program. If threats are found, click Details, the View Log File.

  5. Copy and paste the logfile into your reply. Close the threat details screen and then select Start Cleanup.

  6. Click Exit to quit the program.


Regards, iMacg3

"Do, or do not. There is no try." - Yoda

#13 aimanfitri27

aimanfitri27
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:10:49 PM

Posted 15 May 2017 - 08:33 AM

Sorry for the late reply. Here's all the log that you asked.

 

MalwareBytes Anti-Rootkit :

Spoiler
Spoiler
 
Hitman Pro :
Spoiler

 

Sophos Virus Removal Tool :

Spoiler

 

Notes :

- Hitman Pro detected 2 programs that I've used for quite awhile. To be honest, I don't think the 2 programs can be harmful to my laptop so I'd be glad if I don't have to delete them, but I will do so if you ask me to.

- As for Sophos Virus Removal Tool, I've update the program earlier so you don't have to worry about it after going through the log.

 



#14 iMacg3

iMacg3

    Bleepin' 68000


  • Malware Study Hall Senior
  • 1,152 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Indiana, USA
  • Local time:10:49 AM

Posted 15 May 2017 - 10:45 AM

Please remove both programs Hitman Pro detected, as they seem to be pirated. Help with pirated software is against Bleeping Computer's rules.

If you have any other pirated software, delete it immediately, as they may be the cause for the infection.


Regards, iMacg3

"Do, or do not. There is no try." - Yoda

#15 aimanfitri27

aimanfitri27
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:10:49 PM

Posted 15 May 2017 - 02:37 PM

I've removed them from my laptop. What should I do next?


Edited by aimanfitri27, 15 May 2017 - 02:42 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users