Jump to content

Install.exe F/P?

calintexas

By calintexas
in File Detections

 Share

Recommended Posts

calintexas

calintexas

Posted
Posted

Install.exe shown as tojan.agent. I looks legit. developer log follows:

Malwarebytes' Anti-Malware 1.41

Database version: 2854

Windows 5.1.2600 Service Pack 3

9/23/2009 10:13:26 PM

mbam-log-2009-09-23 (22-13-13).txt

Scan type: Quick Scan

Objects scanned: 110670

Time elapsed: 6 minute(s), 44 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe (Trojan.Agent) -> No action taken. [3857535134305383807566791534727079851301065148485337514255380661747984856677771

5708970]

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\install.exe (Trojan.Agent) -> No action taken. [3857535134305383807566791534727079851301065148485337514255380661747984856677771

5708970]

The VirusTotal scan was clean: Scan Results

Please advise.

Link to post
Share on other sites
calintexas

calintexas

Posted
  • Author
Posted

I was puzzled that no one had responded to this, and decided to do a board search. I found this thread from a couple of weeks ago (http://www.malwarebytes.org/forums/index.p...;hl=install.exe) which is on the same issue and never really was resolved as a copy of the file was never provided. Well, it's attached here. I think I may know where it came from. I recenty got an insecure message from Secunia PSI on an element of Eraser called Microsoft Visual C++ 2008 Redistributable. I had to get a patch from Microsoft. I think that's when install.exe appeared in the root drive. MS put it there, I didn't. My guess is that the file has done it's job and can be deleted. Please advise.

For further amusement, the MS patch caused problems with right click lockup on some computers (including mine). I ended up going through a Rube Goldberg patch install method to solve the issue. Here's a link to the Heidi (Eraser) thread; http://bbs.heidi.ie/viewtopic.php?f=2&...16&start=30 for those that might be interested.

install_exe.zip

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.