Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Installer folder viruses-What to do if I need to remove important file

24 Oct 2014   #1
NED11WILS

Windows 7 Starter x32
 
 
Installer folder viruses-What to do if I need to remove important file

I have found files in the Windows 7 Installer Folder that are infected. Ok remove the bad files. But what if they are important. How to repair the folder? Below are the scan results from ClamWin. From what I have read in google searches it is very likely that these particular files are no longer of importance. But 1) How do I know? 2) Once again, what to do when it is an important file. 3) For that matter what does one do if they need to remove infected necessary files in any system folder?

Scan results. Thank you for any assistance.




My System SpecsSystem Spec
.
24 Oct 2014   #2
maxie

windows 7 home 64bit
 
 

Hi Welcome to Seven Forums ... Did Norton find any Problems .. You could always check with Virus Total ....
My System SpecsSystem Spec
24 Oct 2014   #3
NED11WILS

Windows 7 Starter x32
 
 

Quote   Quote: Originally Posted by maxie View Post
Hi Welcome to Seven Forums ... Did Norton find any Problems .. You could always check with Virus Total ....
MAXIE,

Thank you for responding. Actually I am gaining more faith in ClamWin than Norton. Norton passes right over infected files that ClamWin detects. Click directly on the bad file and "Scan now" with Norton and it finally sees it.

But that is besides the point. Detecting and removing is solved. I am concerned with knowing if the infected file that I remove is important and what to do about replacing it.
My System SpecsSystem Spec
.

24 Oct 2014   #4
maxie

windows 7 home 64bit
 
 

I understand your concern .. You are convinced that you are Infected .. To answer your Question will the files be Replaced .. Tbh I have no idea the point is though what choices do you have ...
My System SpecsSystem Spec
24 Oct 2014   #5
Tookeri

Windows 7 Pro 32
 
 

That folder is a cache of installed applications/updates using the Windows Installer, so you might get problems when or if you try to uninstall these 3 applications. You could try Revo Uninstaller in that case.

Since you found infections in windows installer packages, logically these infections should also have been found in other places: you have 3 installed applications/updates whose setup programs were infected. Or maybe these files were infected after the programs were installed.
I would scan with several other products as well, for example Malwarebytes Anti-malware and ESET Online Scanner.

If you hadn't deleted these files you could have figured out what programs it is. Maybe a log file can help if they have more information than just the file names. Any way, scan with the previous mentioned products, is my advice.
My System SpecsSystem Spec
24 Oct 2014   #6
oneeyed

Windows 8
 
 

I'm sorry to say it, but you acted rather harshly. Wondering afterwards if the files are important to the system or not is what you should have done BEFORE "cleaning" them.

Files in the Windows\Installer folder are associated with any application that you have installed at some point. They are used when you want to update/uninstall them. Some of them might be from older programs you have already uninstalled. If it's the case for the ones you "cleaned" then you're in luck. If not then you'll have problems when update/uninstalling...

Here's a tip though if you encounter a similar situation in the future...

If your AV detects something malicious :

* If a malware is detected when first launching/executing/downloading a file (the AV blocked an attachment in an email, blocked a download in your browser, gave a warning when trying to install an application)...
Feel free to clean it/block it/whatever the AV recommends.

* If the file has already been installed on your PC (the AV detected it during a scheduled system scan or a manual scan)
NEVER delete the file immediately.
I can't stress this enough : Do not erase/clean the file immediately ! Maybe you can quarantine it, but I don't recommend it either, just let it alone for the time being.
Reason : the file has been present on your system for a while, a few hours won't change anything at this point so take your time and don't do anything in a panicked/"I am doomed" state of mind. This might be one of countless false positives that show up in any AV (and Clamwin is reputed to have more of them than other AV). Relax. Breathe.

Launch your favorite search engine in your browser, and search for the specific malware that your AV detected to get more info. Check if the symptoms associated with this malware are effectively present on your PC.

Get a second opinion from other AVs, I suggest using an online service like VirusTotal (https://www.virustotal.com/) or Jotti (Jotti's malware scan) and either upload the suspicious files or send their hashes. In the case of VirusTotal, it will check your files with 50+ Anti-Viruses (Clamwin included) at their latest versions... It makes the detection of false postives THAT much easier.

If you do get confirmation from other AVs, then and only then can you proceed to clean your PC.

Depending on the type of malware I'm also a proponent of using the "nuke from orbit" option rather than any automatic AV cleaning : Restore from a previous image (you've backed up right ?? if not check this : Imaging with free Macrium ) or do a clean install.
My System SpecsSystem Spec
25 Oct 2014   #7
maxie

windows 7 home 64bit
 
 

If you have already Removed the Files .. Run a full System Scan ...


SFC /SCANNOW Command - System File Checker
My System SpecsSystem Spec
Reply

 Installer folder viruses-What to do if I need to remove important file




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Remove "Create Shortcut" from file and folder context menu?
Hi Shawn, is there a way to remove "Create Shortcut" from the right-click context menu on a file/folder?
Customization
How do I remove network path? (network file and folder settings)
After reinstalling OS, I was fiddling around to change the name of the user folder until I accidentally added network path from folder sharing option as you can see from the screenshot below: http://i.imgur.com/JlJI78c.png Is there a way to remove such path or make that space "not shared" like...
Network & Sharing
Help help help its urgent ... Lost an important hidden folder
I installed Tuneup utilities software yesterday, it asked me to Optimize my system . But today as i checked for my hidden folder in windows Drive (c) ,it had disappeared. Now can u please help me out as to how i can restore that folder as it contained important data including photos,files,videos. I...
Backup and Restore
Remove viruses and now windows won't boot regular or in safe mode
Have a laptop here that was virus infected. AVG pro removed 157 viruses including trojans. Now windows crashes after windows 7 icon. Restore last setting just runs and runs with no completion. Safe mode gets only so far in loading drivers and then reboots (suspiciously stops at the AVG driver,...
BSOD Help and Support
Need Help finding a system32 folder to delete all viruses found.
So... My Laptop is loaded with viruses I need help to something suitable to delete my viruses and I don't want to do any further downloads. Also, how do I find my system32 folder? I can't seem to find it. And I've been told that by deleting it I can get rid of ALOT of viruses. I just really...
System Security
windows.old folder and viruses
Just had a question that I thought was interesting lets say i got a virus today and reinstalled my windows seven tomorrow not useing a clean install would the virus then be moved to my windows.old folder? And would it be possible to just delete my windows old folder to get rid of it. This had not...
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 09:37.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App