Jump to content

Blocked Website - Potential Malware - InstallUtil.exe


Recommended Posts

Yesterday I started receiving an alert from Malwarebytes about potential malware from the InstallUtil.exe file inside the Microsoft.NET folder. It says it creates an outbound connection to a random IP address. I scanned my PC multiple times and even scanned the file; nothing returned. I'm trying to figure out whether this is a false positive or something to be worried about. Attached below is the export log.

export.txt

Link to post
Share on other sites

@hacksuation

While you are waiting for the next qualified/approved malware removal expert helper to take on your case, even though you may have run the following Malwarebytes utility or its subsets, please carefully follow these instructions: Do not try any other cleaning of any kind after running the support tool. Use the computer as little as possible, or even better don’t use it at all except to check this topic and follow the instructions given.

Restart the computer.

Then do the following after restart.

WARNING: Do Not click the Repair System under Advanced unless requested by a Malwarebytes support agent or authorized helper

  1. Download the Malwarebytes Support Tool.
  2. In your Downloads folder, open the mb-support-x.x.x.xxx.exe file.
  3. In the User Account Control (UAC) pop-up window, click Yes to continue the installation.
  4. Run the MBST Support Tool.
  5. In the left navigation pane of the Malwarebytes Support Tool, click Advanced.
  6. In the Advanced Options, click only Gather Logs. A status diagram displays the tool is Getting logs from your computer.
  7. A zip file named mbst-grab-results.zip will be saved to the Public desktop, please attach that file in your next reply to this topic. Please do NOT copy and paste.

For the short time between when you post the diagnostic logs, and when your helper weighs in, please take no further self-directed remedial actions that will invalidate the diagnostic logs you will have sent.

Thank you.

Link to post
Share on other sites

  • Root Admin

Before we go on about cleaning the computer @hacksuation

The logs indicate that there is a bad block on one of your drives. We need to determine which drive that is.

Error: (08/26/2023 01:07:59 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk2\DR2, has a bad block.

 

Please save the attached file and extract the batch file from it. Then run that batch file with Admin rights and post back the results

DiskParInfo.zip

Thanks

 

Link to post
Share on other sites

1 minute ago, AdvancedSetup said:

Before we go on about cleaning the computer @hacksuation

The logs indicate that there is a bad block on one of your drives. We need to determine which drive that is.

Error: (08/26/2023 01:07:59 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk2\DR2, has a bad block.

 

Please save the attached file and extract the batch file from it. Then run that batch file with Admin rights and post back the results

DiskParInfo.zip 2.16 kB · 0 downloads

Thanks

DiskParInfo.log

 

Link to post
Share on other sites

  • 2 weeks later...

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Tips to help protect from infection

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.