Jump to content

InstallShield Virus keeps on coming back

MatthewCostanilla
 Share

Recommended Posts

MatthewCostanilla

MatthewCostanilla

Posted
Posted

Hi. I have no idea what I have downloaded, but I recently got a virus called setup.exe. It keeps on making my computer freeze and has pop up ads. It is really starting to frustrate me. My computer has never had one of these before.

I ended up finding a way to delete the root file that was causing it by taking ownership, but it just comes back after a few seconds. 

My computer is very important at it has my school work and stuff like that on it. 

I would really appreciate the help

Furthermore I try and get malwarebytes to scan the folder, but it doesnt detect it as a threat:(

Please I really need help

Link to post
Share on other sites
LDTate

LDTate

Posted
Posted

Hello  and :welcome:

Please take your time.

 NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

Download Malwarebytes Support Tool
https://downloads.malwarebytes.com/file/mbst?src=Forums-Reply

    Once the file is downloaded, open your Downloads folder/location of the downloaded file
    Double-click mb-support-X.X.X.XXXX.exe to run the program
        You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
    Place a checkmark next to Accept License Agreement and click Next
    You will be presented with a page stating, "Get Started!"
    Click the Advanced tab

Click the Gather Logs button

A progress bar will appear and the program will proceed with getting logs from your computer

Upon completion, a file named mbst-grab-results.zip will be saved to your Desktop. Click OK

Please attach the file in your next reply.

Link to post
Share on other sites
LDTate

LDTate

Posted
Posted

Windows

8.1 and 10

Restart your computer in Safe Mode.

Step 1: When you hit the power button in Windows 8.1 / 10 (through Charms Bar), hold down the Shift key when clicking the Restart button.

Step 2: The next screen will present you with three options. Click Troubleshoot.

Step 3: Next, hit Advanced options followed by Windows Startup Settings from the next screen.

Step 4: Your PC will now be rebooted to enable the advanced parameters, which include Safe Mode as well. Once it restarts, you’ll get nine options whereby the following commands apply:

F4 for Safe Mode

F5 for Safe Mode with Networking

F6 for Safe Mode with Command Prompt

Based on your selection, Windows 8.1 (or Windows 8 or 10 the method applies to both) will boot accordingly.


F5 for Safe Mode with Networking

Then press the enter key on your keyboard to boot into Windows Safe Mode.

When Windows starts you will be at a typical logon screen. Logon to your computer and Windows will enter Safe mode.


Open Malwarebytes (MBAM), make sure Scan For Rootkits is checked, run a new scan and delete all in Quarantine

**Power Off** (shutdown, the pc.

Wait a few minutes.

Link to post
Share on other sites
LDTate

LDTate

Posted
Posted

I have attached A file I need you to download and save it to the same place that you saved the FRST program

This fix will include removing temp files and emptying the Recycle Bin.

It will also restart the pc in Normal Mode

Download attached **fixlist.txt** and save it to same location where the FRST tool is located.

NOTE: Both FRST.exe and the fixlist.txt must be in the same location or the fix will not work.
Close all browsers before running.

Double click FRST to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
 •Click the **Fix Button**.
 
•If you receive a message that a reboot is required, please make sure you allow it to restart normally.

•The tool will complete its run after restart.

When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please attach the Fixlog.txt in your reply.

Restart the pc and let me know how it's running now.

fixlist.txt

Link to post
Share on other sites
LDTate

LDTate

Posted
Posted

You can ask whatever you need to.

We'll get it down.

 

I want you to download FRST again.

You need the 64 bit version FRST64.exe

https://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/

 

Once you have downloaded it, save the fixlist.txt to the same folder as where it downloaded to and run the fix.

I will add the Fixlist.txt file again

Double click FRST to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
 •Click the **Fix Button**.
 
•If you receive a message that a reboot is required, please make sure you allow it to restart normally.

•The tool will complete its run after restart.

When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please attach the Fixlog.txt in your reply.

Restart the pc and let me know how it's running now.

 

fixlist.txt

Link to post
Share on other sites
MatthewCostanilla

MatthewCostanilla

Posted
  • Author
Posted

I did the fix and when it booted into normal mode it was the same. Anything to do with malwarebytes including the forum freezes my pc and the setup.exe (the virus) in task manager is still there. I have attached the fixlog here. The file which I believe is causing the damage is a file called Installshield in Syswow64 and as I stated it just keeps coming back. 

Fixlog.txt

Link to post
Share on other sites
LDTate

LDTate

Posted
Posted

It shows it was removed but maybe it was recreated.

C:\Windows\SysWOW64\InstallShield\x32\setup.exe => moved successfully

OK. Using the FRST I just had you download can you do this in Normal Mode?

Double-click to run it. When the tool opens, click Yes to disclaimer.
    Press the Scan button.
    It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
    The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here.
    Please attach the Additions.txt log to your reply as well.

Link to post
Share on other sites
LDTate

LDTate

Posted
Posted

C:\Windows\SysWOW64\InstallShield\x32\setup.exe

Please go to  http://www.virustotal.com click on Scan, and upload the following file for analysis:

C:\Windows\SysWOW64\InstallShield\x32\setup.exe

Then click Choose File Tab.  Allow the file to be scanned, and then please copy and paste the link to the results page here for me to see.

 

 

Link to post
Share on other sites
LDTate

LDTate

Posted
Posted

If you can't find SysWOW64, it will be hidden

Windows 10

1.In the search box on the taskbar, type folder, and then select Show hidden files and folders from the search results.
2.Under Advanced settings, select Show hidden files, folders, and drives, and then select OK.

Link to post
Share on other sites
LDTate

LDTate

Posted
Posted

That file looks clean.

Can you run a new FRST scan while in Safe Mode?

Using the FRST I just had you download

Double-click to run it. When the tool opens, click Yes to disclaimer.
    Press the Scan button.
    It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
    The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here.
    Please attach the Additions.txt log to your reply as well.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.