Jump to content

setup.exe and some 0 byte exe files issue

Recommended Posts


I had a heavily infected win sbs 2003 server, after some cleanup with malwarebytes+ windows defender offline (a live cd to boot from for rootkits), I have left with couple of problems only.

1) Any file named setup.exe can not be run, it loses its tabs in properties section (such as security, compatibilty etc) it cant be deleted or accessed, you get access denied. Lets say you have a functional exe file, you rename it to setup.exe and bang file is dead. Setup.exe files are the only files that I have issues, rest is good. FYI, setup exe files work fine under safe mode!

2) There are 0 byte random named exe files in root of C drive, they cant be deleted (neither mbytes nor win defender offline could resolve this)

You can find hijackthis log attached.

Any insight is appreciated.



Link to post
Share on other sites

  • Staff


Thanks for the update. Do you have proper corporate licensing to be using MBAM? If so, please contact corporate support here:


If not, please know corporate licensing is required for us to help you. It is a violation of our EULA to be using MBAM in a corporate setting without proper licensing. To obtain it, please visit this page:


Link to post
Share on other sites

  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.