Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Need help with .exe file to see what it's downloading and where

15 Apr 2015   #1
morpheus305

windows 7 64bit professional
 
 
Need help with .exe file to see what it's downloading and where

Hey guys, I was wondering if anyone can help me out with a problem. My son downloaded and ran .exe filed he shouldn't of. It's one of those .exe files that goes and starts downloading files off the internet. I have no idea what files it actually downloaded and installed. I tried running it in sandboxie but i had no luck figuring it out. I really don't know jack about this stuff. Can someone with experience with this stuff run this file in a controlled, safe environment like a sandbox program and tell what it's actually downloading and where too? I know this is asking a lot but I am very worried that it downloaded and installed some malicious software. If anyone can help me out it would be most appreciated.


My System SpecsSystem Spec
.
15 Apr 2015   #2
Tookeri

Windows 7 Pro 32
 
 

Sandboxie is a great program to track these downloads. To make it as easy as possible:

- Delete the sandbox contents
- Open the .exe file in the empty sandbox
- monitor changes in the Sandboxie Control via View menu - "Files and Folders", or from Windows Explorer in folder c:\sandbox

With an empty sandbox and you only launch this .exe file and no other program, you should be able to find the downloads.
My System SpecsSystem Spec
15 Apr 2015   #3
morpheus305

windows 7 64bit professional
 
 

Thank tookeri, I found out about this website which allows you to upload a file and it runs and analyzes it for malicious activity. I have no idea if what I am looking at it is good or bad. https://anubis.iseclab.org/?action=r...2e&format=html
My System SpecsSystem Spec
.

15 Apr 2015   #4
Callender

Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
 
 

Hmm. Well I tried installing it but no luck. On my machine it attempted to download files but something blocked the download. I checked and the domain it communicated with is blocked by my hosts file.

Downloaded the file and ran it. It was immediately blocked by my AV so I chose to unblock it.

Need help with .exe file to see what it's downloading and where-gta-5-setup-wizard.jpg

You can see it tries to download some files.

Also blocked by the following security software and I chose to allow installation.

Need help with .exe file to see what it's downloading and where-sa-alert.jpg

Need help with .exe file to see what it's downloading and where-voodooshield-alert.jpg

It then established a connection:

Need help with .exe file to see what it's downloading and where-netstat.jpg

The ip address resolves to:

Need help with .exe file to see what it's downloading and where-virustotal.jpg

That domain was already blocked in my hosts file so no files were downloaded.

Need help with .exe file to see what it's downloading and where-hosts-emeditor.jpg

Sorry but that's as far as I'm willing to test. I also ran monitors for file and registry changes but nothing was created. I guess because the download was blocked.

Also see: https://malwr.com/analysis/OWIzZGNkN...A3NTI4YjUxNWE/

Does it show up in your installed program list?


My System SpecsSystem Spec
15 Apr 2015   #5
cyrilhubert

Windows 7 Home Premium 64bit
 
 

Hi Callender.
I read the same post in bleepingcomputers.com from the same guy. Thanks for the heads up.
Need help with .exe file to see what it's downloading and where - Am I infected? What do I do?
same guy and name.
Pointing to download some loaded stuff.
My System SpecsSystem Spec
16 Apr 2015   #6
morpheus305

windows 7 64bit professional
 
 

Thanks Callender for the detailed response and thanks for putting in so much effort into helping me out. Looking at the virustotal screenshot of the ip address that you attached it appears that the ip is associated with other malicious software as well. That is really unfortunate to see. May I ask what security software you use?
My System SpecsSystem Spec
16 Apr 2015   #7
Callender

Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
 
 

Well lots. Comodo AV & Firewall, Bitdefender Traffic Light (browser add on), Voodoo Shield Pro, SecureAge Application Whitelisting, Xvirus Web Guard (just testing at the moment), MJ RegWatcher, Threatfire, Spy-The-Spy, MS EMET, Peerblock, Hitman Pro Alert a heavily modified hosts file plus lots of on demand scanners and a few other tools. Also I alternate between Notton Connect Safe DNS and Comodo Secure DNS.
My System SpecsSystem Spec
Reply

 Need help with .exe file to see what it's downloading and where




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Windows 7 freezes after downloading any file
After I download a file - whether it is a JPG image or an Excel table, or anything my PC freezes for 1-2 minutes, and I cannot do anything except moving a mouse (the cursor would turn into green circle). Then after 1-2 minutes in unfreezes and works normal. I have a powerful computer (Intel...
General Discussion
Downloading file from IE8 replaces spaces with underscores
Hi All, When I download a file from IE8, if the file name has spaces, the spaces turn to underscores. IE 8 is fully updated, and so is my Windows 7 Pro. Couldn't find a solution any where, any help would be great. Thanks
Browsers & Mail
Netio.sys BSOD while downloading a file in bit torrent
Hello, I'm new to this forum, i'd like to inquire help for this pertinent problem.... my pc goes into blue screen when i attempt to download files in my bittorrent client this suddenly happened i already updated my network drivers to the latest version and i don't have any McAfee product...
BSOD Help and Support
IE 8 32-bit crashes when downloading any file
Hi guys. I have had this annoying problem for a while on my laptop. Whenever I try to download something from IE 32-bit, and I click on save, a dialog pops up with "Internet Explorer has stopped working. Windows is searching for a solution to the problem." And then it just restarts IE. I don't...
Browsers & Mail
Bsod and freezing when downloading file, defrag is unavailable
1. Fresh win 7(64) 2.trying to download something from chrome - crash ( 60% chance ) 3. Trying to defragment my hdd , it says my schedule service is not ON. 4. Trying to get it on with "services.msc" , it says "error 988, access to memory failed " ( not exactly the words , just don't remember...
BSOD Help and Support
.application file type stops downloading? :/
It stops right there, and doesn't download further. It isn't just this .application installer it is also apps like Seesmic which did this. :(
Software


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 20:11.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App