Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Programs being deleted from C:\Program Files (x86)

26 May 2012   #31
Golden
Microsoft MVP

Windows 7 Ult. x64
 
 

Hi,

Its likely the malware was contracted through the VMWare keygen - avoid cracked software if you don't want these problems.

Is malware still flagged on your system, or does it show up clean now?

Regards,
Golden


My System SpecsSystem Spec
.
26 May 2012   #32
Roman5

Windows 7 HP x64 SP1
 
 

Well as far as I know, it should be clean now since I quarantined and deleted the exploits shown up by microsoft security essentials, and deleted VirTool:Win32/DelfInject.gen!X shown up by defender offline. I don't think it was vmware as I haven't used it for a long time, I've been using virtual box since, and this issue has only cropped up over the last few days. I didn't keep my windows XP AV updated and didn't scan on the few times I loaded XP environment within vbox, so I'm wondering whether I let the exploits through because of that.
My System SpecsSystem Spec
26 May 2012   #33
Golden
Microsoft MVP

Windows 7 Ult. x64
 
 

Hi,

Its possible, but I was looking specifically at this item:
Quote:
Resource Path:\$RECYCLE.BIN\S-1-5-21-1716146104-364351621-1683301092-1001\$RYRILHJ\VMWare.Workstation.v6.5.3.185404.Incl.Keygen-DI\keygen.exe
None-the-less you have deleted that. How is the system now?

Regards,
Golden
My System SpecsSystem Spec
.

26 May 2012   #34
Roman5

Windows 7 HP x64 SP1
 
 

Quote   Quote: Originally Posted by Golden View Post
Hi,

Its possible, but I was looking specifically at this item:
Quote:
Resource Path:\$RECYCLE.BIN\S-1-5-21-1716146104-364351621-1683301092-1001\$RYRILHJ\VMWare.Workstation.v6.5.3.185404.Incl.Keygen-DI\keygen.exe
None-the-less you have deleted that. How is the system now?

Regards,
Golden
Well, the only virus flagged by defender offline was the VirTool:Win32/DelfInject.gen!X which is deleted. The keygen files are deleted but they didn't flag a virus. But I won't know how the system is until I reinstall a couple of programs back to c:/program files (x86) and see if they disappear or not.
My System SpecsSystem Spec
26 May 2012   #35
Golden
Microsoft MVP

Windows 7 Ult. x64
 
 

Hi,

Keygens can behave as what are known as 'droppers' - they carry the malware payload, which then typicallly infects other files. So whilst the keygen is strictly speaking not malware, it was in all probability the source of the malware.

Let us know how your system is once you get everything sorted.

Regards,
Golden
My System SpecsSystem Spec
26 May 2012   #36
Roman5

Windows 7 HP x64 SP1
 
 

True, but those keygens have been on my system for years, so unless they were benign lying dormant and suddenly became active and dropping the malware payload, I honestly don't believe they're responsible.
My System SpecsSystem Spec
26 May 2012   #37
Roman5

Windows 7 HP x64 SP1
 
 

To add, the fact that malwarebytes disappeared from both my desktop AND laptop, AND both from program files x86, AND both computers had the same java exploit blacole, that's where I put my money.
My System SpecsSystem Spec
26 May 2012   #38
Golden
Microsoft MVP

Windows 7 Ult. x64
 
 

Quote   Quote: Originally Posted by Roman5 View Post
Tso unless they were benign lying dormant and suddenly became active and dropping the malware payload
Thats exactly how some droppers work.

Regards,
Golden
My System SpecsSystem Spec
26 May 2012   #39
Roman5

Windows 7 HP x64 SP1
 
 

Quote   Quote: Originally Posted by Golden View Post
Quote   Quote: Originally Posted by Roman5 View Post
Tso unless they were benign lying dormant and suddenly became active and dropping the malware payload
Thats exactly how some droppers work.

Regards,
Golden
Ah, well in that case, having deleted them will hopefully stop the exploit returning, if it was the keygens that dropped them. Thanks for the tips, I am learning my lessons the hard way.
My System SpecsSystem Spec
26 May 2012   #40
Golden
Microsoft MVP

Windows 7 Ult. x64
 
 

Its all good

Let us know how you get on and if you need any more help.

regards,
Golden
My System SpecsSystem Spec
Reply

 Programs being deleted from C:\Program Files (x86)




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Win 7 backup program has deleted files
When I performed a routine backup from my hard drive to an external drive which had existing files on it, I found that the backup had deleted all the individual files on that external drive. The folders are still there but there are no files in them. So now I have lost years of data. Does anyone...
Backup and Restore
deleted program called Zoom downloader, now cant download files.
I recently installed a program called zoomdownloader and i decided to uninstall it, instead of using the uninstall.exe I just put all the files in the recycling bin and deleted them there, Now I cant download a single file from any browser( i've tried internet explorer and firefox). when i try to...
Software
My Hardisk is Full even after Files Deleted and Program Uninstalled
Hai guys, sorry, I am using windows 7 32 bit, and my problem is that the hardisk keeps getting full again, even after I have deleted many files and uninstall softwares. I didnt set my hard disk for recovery either. How can I tackle this problem? Sorry if anyone had posted this before and I didnt...
Performance & Maintenance
Win7-deleted Windows Live folder from Program Files(x86) How 2 Replace
Hi there : ) My mom wanted to remove windows live messenger but she couldnt see it on her add/remove list, so she went and deleted the entire windows live folder from the Program Files (x86) I am trying to reinstall windows live essentials with no luck. The first time i tryed it said it was...
Software
temp folder: do not files deleted when exit program
Hi all: I have a bit of an unusual issue. I am trying to prevent Win 7 from deleting files from the temp folder (C:\Users\<NAME>\AppData\Local\Temp) when I close a program (in my case Firefox). I believe it is the OS, and not the program or my AV, which is deleting the files, though if folks...
Performance & Maintenance
Deleted 64 bit program files folder
So apparently I bungled. Upon receiving my new computer, I noticed that there were 2 program files folders. After installing a few programs, I noticed they were all going to X86 folder, so I thought this was an install error on the shipping companies part, and deleted the unnumbered program files...
General Discussion


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 14:07.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App