Jump to content

Rogue.Installer, please help.

MistaCrowley
 Share

Recommended Posts

MistaCrowley

MistaCrowley

Posted
Posted

I preformed a Quick Scan with MBAM, and this came up. I don't know if I should delete it seeing how my Registry Keys say this is infected, Could it be a false positive? Here is the log.

Malwarebytes' Anti-Malware 1.43

Database version: 3471

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

1/2/2010 7:05:19 PM

mbam-log-2010-01-02 (19-05-14).txt

Scan type: Quick Scan

Objects scanned: 116036

Time elapsed: 16 minute(s), 21 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe (Rogue.Installer) -> No action taken.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Program Files\Setup.exe (Rogue.Installer) -> No action taken.

Link to post
Share on other sites
noknojon

noknojon

Posted
Posted

Welcome Mista Crowley -

That is a long time for a XP SP3 quick scan - Mine usually only takes 7-8 mins, tops -

This could very well mean an infection or similar problem -

The infection may be in that area - It is not a regestry key you are removing but a problem in there -Also please update again First -

You can select remove then reboot your computer and see if it has gone by doing another quick scan -

If not then read on and follow these instructions to get an expert to inspect your system -

Please read and follow the directions here, skipping any steps you are unable to complete. Then post a NEW topic here.

One of the expert helpers there will give you one-on-one assistance when one becomes available.

Thank you - :welcome:

EdIt - It an expert gives another response please follow it first -

Link to post
Share on other sites
mountaintree16

mountaintree16

Posted
Posted

@ MistaCrowley

Did YOU download a setup.exe file to that location? If not, it is most likely malware and DOES need to be deleted.

Also, please make SURE you read nosirrah's reply below mine.

Please do follow noknojon's directions above if you think you may be infected, reading the directions here and then posting your logs and any other information here.

Also, as a side note, when replying, please use the "Add reply" button or erase what the person you are replying to said, as this makes the forum easier to read. Thank you :)

@ noknojon

Or not clearing out the temp files first :welcome: (for the longer quick scan time). Or a lot of files on the computer :) I've had it take about that long before, it can vary :)

Link to post
Share on other sites
nosirrah

nosirrah

Posted
Posted

C:\Program Files <- this is a root location where program folders go , not files . Heuristic here are more aggressive as muntiple infections are known to launch from this location . The registry key is an auto detection linked from the file . I would bet both are FPs here and detection will vanish if you move this file to a different location .

Link to post
Share on other sites
MistaCrowley

MistaCrowley

Posted
  • Author
Posted
Welcome Mista Crowley -

That is a long time for a XP SP3 quick scan - Mine usually only takes 7-8 mins, tops -

This could very well mean an infection or similar problem -

The infection may be in that area - It is not a regestry key you are removing but a problem in there -Also please update again First -

You can select remove then reboot your computer and see if it has gone by doing another quick scan -

If not then read on and follow these instructions to get an expert to inspect your system -

Please read and follow the directions here, skipping any steps you are unable to complete. Then post a NEW topic here.

One of the expert helpers there will give you one-on-one assistance when one becomes available.

Thank you - :welcome:

EdIt - It an expert gives another response please follow it first -

Yeah my Temporary Internet Files are massive, it's about 20k files big I believe. I should delete it some time. Also the Setup.exe is a Win32 Cabinet Self Extractor

Link to post
Share on other sites
mountaintree16

mountaintree16

Posted
Posted

@ MistaCrowley

To delete your temp files, please download ATF Cleaner by Atribune.

If using Vista, please right click and choose "Run as Administrator".

Click the select all box. If you have items you wish to keep in your Recycle Bin, please uncheck that box. Then, click "Empty Selected".

If you use Firefox or Opera, please click on those names at the top of ATF Cleaner and click the select all button again. If you have saved passwords that you'd like to keep, click NO at the prompt. Again, click "Empty selected".

I recommend running ATF Cleaner at least once a week :welcome:

Link to post
Share on other sites
MistaCrowley

MistaCrowley

Posted
  • Author
Posted
@ MistaCrowley

To delete your temp files, please download ATF Cleaner by Atribune.

If using Vista, please right click and choose "Run as Administrator".

Click the select all box. If you have items you wish to keep in your Recycle Bin, please uncheck that box. Then, click "Empty Selected".

If you use Firefox or Opera, please click on those names at the top of ATF Cleaner and click the select all button again. If you have saved passwords that you'd like to keep, click NO at the prompt. Again, click "Empty selected".

I recommend running ATF Cleaner at least once a week :welcome:

Hey thanks for telling me about the ATF Cleaner, it's really helpfull, Thank-you! :), As for MBAM I'm doing a full system scan as of now, and I'll post the log here again, to see for anymore viruses or anything. :)!

Link to post
Share on other sites
mountaintree16

mountaintree16

Posted
Posted

@ Mista

You are very welcome!! It is a handy tool :welcome: I run it daily but that's probably a bit too often, once a week should be good :)

It sounds like you are probably in the clear - that setup doesn't seem as though it has executed and if you put it there and know what it is, I'm sure that you're safe :)

Please though, in the future, use the "add reply" button at the bottom of the page. Thanks :)

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.