Solved install.exe found on external drive - how do I find out what it is?

N

Neil2305

New member
Member
VIP
Local time
2:42 AM
Messages
109
Location
London
Can anyone help?

My computer was accessed via remote access scammer 2 nights ago and although my computer has been checked any appears to be safe - (microsoft checked) - my partner has a computer on the same home network and her computer now has (2) 'install.exe' files that have appeared on her external hard drive within folders with names such as 080eb699a612b22018 and f9e359c6c3f913d19353. An additional folder appeared last night They seem to have appeared at about the same time that my computer was remote accessed via the escammer. The files won't allow to be deleted as message saying they can only be deleted with admin access although my partner is the only user and has admin access. Have run Malwarebytes, spybot but files remain. Computer now has Microsoft essential with firewall.

Two questions.

1. How do we know what the install.exe is and if it is malcious hacking or simply system file?
2. How do we remove it if it is malicious?
 

My Computer My Computer

At a glance

Windows 7 32 bit
OS
Windows 7 32 bit

My Computer My Computer

At a glance

Windows 10 Pro x64 ; Xubuntu x64Intel i7 860 @ 2.80 GHz O/C'ed to 4.0GHz16GB Corsair Vengance DDR3 @ 661 MHz Dual Cha...EVGA NVidia GTX 560 1024MB
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Golden Mk. I.4
OS
Windows 10 Pro x64 ; Xubuntu x64
CPU
Intel i7 860 @ 2.80 GHz O/C'ed to 4.0GHz
Motherboard
Gigabyte P55A-UD3R Rev.1. Award BIOS F13
Memory
16GB Corsair Vengance DDR3 @ 661 MHz Dual Channel (9-9-9-24)
Graphics Card(s)
EVGA NVidia GTX 560 1024MB
Sound Card
Realtek Integrated
Monitor(s) Displays
Dual Samsung SyncMaster 2494HS
Screen Resolution
1920*1080 and 1920*1080
Hard Drives
1*Samsung 840 EVO 120GB SSD;
1*OCZ Vertex 2 60GB SSD;
2*Samsung F3 SpinPoint 1TB in RAID0;
1*Samsung F1 SpinPoint 1TB;
2*Western Digital 1TB External USB 3.0
1*Western Digital 500GB External USB 3.0
1*Seagate 500GB External USB 2.0
PSU
Thermaltake ToughPower QFan 750W
Case
Thermaltake Element S VK60001W2Z
Cooling
Corsair H60 Water Cooling, 2*230mm and 2*80mm case fans
Keyboard
Logitech G110
Mouse
Logitech MX518
Thanks for reply so quickly

Thanks for replying so quickly...
 

My Computer My Computer

At a glance

Windows 7 32 bit
OS
Windows 7 32 bit
No worries - let us know if you need more help.
 

My Computer My Computer

At a glance

Windows 10 Pro x64 ; Xubuntu x64Intel i7 860 @ 2.80 GHz O/C'ed to 4.0GHz16GB Corsair Vengance DDR3 @ 661 MHz Dual Cha...EVGA NVidia GTX 560 1024MB
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Golden Mk. I.4
OS
Windows 10 Pro x64 ; Xubuntu x64
CPU
Intel i7 860 @ 2.80 GHz O/C'ed to 4.0GHz
Motherboard
Gigabyte P55A-UD3R Rev.1. Award BIOS F13
Memory
16GB Corsair Vengance DDR3 @ 661 MHz Dual Channel (9-9-9-24)
Graphics Card(s)
EVGA NVidia GTX 560 1024MB
Sound Card
Realtek Integrated
Monitor(s) Displays
Dual Samsung SyncMaster 2494HS
Screen Resolution
1920*1080 and 1920*1080
Hard Drives
1*Samsung 840 EVO 120GB SSD;
1*OCZ Vertex 2 60GB SSD;
2*Samsung F3 SpinPoint 1TB in RAID0;
1*Samsung F1 SpinPoint 1TB;
2*Western Digital 1TB External USB 3.0
1*Western Digital 500GB External USB 3.0
1*Seagate 500GB External USB 2.0
PSU
Thermaltake ToughPower QFan 750W
Case
Thermaltake Element S VK60001W2Z
Cooling
Corsair H60 Water Cooling, 2*230mm and 2*80mm case fans
Keyboard
Logitech G110
Mouse
Logitech MX518
Would a system restore be advisable to a previous date?
 

My Computer My Computer

At a glance

Windows 7 32 bit
OS
Windows 7 32 bit
also.. is it advisable to try to change permissions to try to delete them? AND is it like that these install.exe files already placed spyware etc on the computer?
 

My Computer My Computer

At a glance

Windows 7 32 bit
OS
Windows 7 32 bit
Hi,

These files reside on the external drive correct? I would let Windows Defender Offline do its scan before attempting anything else.

A System Restore would only be good if the system was infected - lets see if that is the case using Windows Defender Offline.

Regards,
Golden
 

My Computer My Computer

At a glance

Windows 10 Pro x64 ; Xubuntu x64Intel i7 860 @ 2.80 GHz O/C'ed to 4.0GHz16GB Corsair Vengance DDR3 @ 661 MHz Dual Cha...EVGA NVidia GTX 560 1024MB
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Golden Mk. I.4
OS
Windows 10 Pro x64 ; Xubuntu x64
CPU
Intel i7 860 @ 2.80 GHz O/C'ed to 4.0GHz
Motherboard
Gigabyte P55A-UD3R Rev.1. Award BIOS F13
Memory
16GB Corsair Vengance DDR3 @ 661 MHz Dual Channel (9-9-9-24)
Graphics Card(s)
EVGA NVidia GTX 560 1024MB
Sound Card
Realtek Integrated
Monitor(s) Displays
Dual Samsung SyncMaster 2494HS
Screen Resolution
1920*1080 and 1920*1080
Hard Drives
1*Samsung 840 EVO 120GB SSD;
1*OCZ Vertex 2 60GB SSD;
2*Samsung F3 SpinPoint 1TB in RAID0;
1*Samsung F1 SpinPoint 1TB;
2*Western Digital 1TB External USB 3.0
1*Western Digital 500GB External USB 3.0
1*Seagate 500GB External USB 2.0
PSU
Thermaltake ToughPower QFan 750W
Case
Thermaltake Element S VK60001W2Z
Cooling
Corsair H60 Water Cooling, 2*230mm and 2*80mm case fans
Keyboard
Logitech G110
Mouse
Logitech MX518
The offline version boots and runs from a DVD without requiring a boot into Windows - this way it is immune from any smart malware that that tries to inhibit scanning from within the Windows environment.
 

My Computer My Computer

At a glance

Windows 10 Pro x64 ; Xubuntu x64Intel i7 860 @ 2.80 GHz O/C'ed to 4.0GHz16GB Corsair Vengance DDR3 @ 661 MHz Dual Cha...EVGA NVidia GTX 560 1024MB
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Golden Mk. I.4
OS
Windows 10 Pro x64 ; Xubuntu x64
CPU
Intel i7 860 @ 2.80 GHz O/C'ed to 4.0GHz
Motherboard
Gigabyte P55A-UD3R Rev.1. Award BIOS F13
Memory
16GB Corsair Vengance DDR3 @ 661 MHz Dual Channel (9-9-9-24)
Graphics Card(s)
EVGA NVidia GTX 560 1024MB
Sound Card
Realtek Integrated
Monitor(s) Displays
Dual Samsung SyncMaster 2494HS
Screen Resolution
1920*1080 and 1920*1080
Hard Drives
1*Samsung 840 EVO 120GB SSD;
1*OCZ Vertex 2 60GB SSD;
2*Samsung F3 SpinPoint 1TB in RAID0;
1*Samsung F1 SpinPoint 1TB;
2*Western Digital 1TB External USB 3.0
1*Western Digital 500GB External USB 3.0
1*Seagate 500GB External USB 2.0
PSU
Thermaltake ToughPower QFan 750W
Case
Thermaltake Element S VK60001W2Z
Cooling
Corsair H60 Water Cooling, 2*230mm and 2*80mm case fans
Keyboard
Logitech G110
Mouse
Logitech MX518
final question.. does the defender HAVE to be saved to a CD/USB or can it be run from being installed on the computer itself?
 

My Computer My Computer

At a glance

Windows 7 32 bit
OS
Windows 7 32 bit
Only from a DVD/USB - its specifically designed this way to outsmart malware that requires booting into Windows to become 'aware' and then avoid detection, or hamper the malware detection process.
 

My Computer My Computer

At a glance

Windows 10 Pro x64 ; Xubuntu x64Intel i7 860 @ 2.80 GHz O/C'ed to 4.0GHz16GB Corsair Vengance DDR3 @ 661 MHz Dual Cha...EVGA NVidia GTX 560 1024MB
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Golden Mk. I.4
OS
Windows 10 Pro x64 ; Xubuntu x64
CPU
Intel i7 860 @ 2.80 GHz O/C'ed to 4.0GHz
Motherboard
Gigabyte P55A-UD3R Rev.1. Award BIOS F13
Memory
16GB Corsair Vengance DDR3 @ 661 MHz Dual Channel (9-9-9-24)
Graphics Card(s)
EVGA NVidia GTX 560 1024MB
Sound Card
Realtek Integrated
Monitor(s) Displays
Dual Samsung SyncMaster 2494HS
Screen Resolution
1920*1080 and 1920*1080
Hard Drives
1*Samsung 840 EVO 120GB SSD;
1*OCZ Vertex 2 60GB SSD;
2*Samsung F3 SpinPoint 1TB in RAID0;
1*Samsung F1 SpinPoint 1TB;
2*Western Digital 1TB External USB 3.0
1*Western Digital 500GB External USB 3.0
1*Seagate 500GB External USB 2.0
PSU
Thermaltake ToughPower QFan 750W
Case
Thermaltake Element S VK60001W2Z
Cooling
Corsair H60 Water Cooling, 2*230mm and 2*80mm case fans
Keyboard
Logitech G110
Mouse
Logitech MX518
Okay... have run Quick Scan.... (full scan to follow ) Trojan found Win32/Sirefef

BUT... is not able to be removed with this message: Windows defender offline encountered an error: Error code Ox800704ec "This program is blocked by group policy. For more information contact your system administrator.

So.. how do I remove this file and what is it?
 

My Computer My Computer

At a glance

Windows 7 32 bit
OS
Windows 7 32 bit
You can upload the install.exe file to VirusTotal
https://www.virustotal.com/
It will scan it and you may find more info on what malware is found in the file.
 

My Computer My Computer

At a glance

Multi-Boot W7_Pro_x64 W8.1_Pro_x64 W10_Pro_x6...AMD Athlon II x4 6206GB GSkill DDR2 800AMD 4670 GPU + AMD 4200 IGP
Computer type
PC/Desktop
Computer Manufacturer/Model Number
home built
OS
Multi-Boot W7_Pro_x64 W8.1_Pro_x64 W10_Pro_x64 +Linux_VMs +Chromium_VM
CPU
AMD Athlon II x4 620
Motherboard
Gigabyte GA-MA785G-UD3H
Memory
6GB GSkill DDR2 800
Graphics Card(s)
AMD 4670 GPU + AMD 4200 IGP
Sound Card
on board Realtek ALC889A
Monitor(s) Displays
RCA 40" LCD TV, Insignia 32" LCD TV, HP 15" LCD monitor
Screen Resolution
1680 x 1050
Hard Drives
OCZ Vertex 3 120GB,
Samsung F3 1TB (3),
Several others - WD, Seagate, Hitachi, ...
PSU
Corsair 500 W
Case
Rosewill mid tower
Cooling
CM 90mm rifle
Keyboard
Gyration wireless, Logitech wireless, Dell USB wired
Mouse
Gyration wireless, Logitech wireless, V7 USB wired
Internet Speed
Spectrum - 100Mbps D / 10Mbps U
Antivirus
Avast, MBAM3, EMET, WinPatrol
Browser
Pale Moon, Firefox, IE
Other Info
2 multi-boot PC's
Mainly HTPC/Office/Gen purpose (no gaming).
Trendnet USB KVM.
LG DVD burner/Blue Ray Player.
Tray system for removable SATA backup drives.

Not currently OCd, under-volted.
I use Hybrid sleep, rarely re-boot or shutdown.

Hauppauge HD-PVR, Avermedia PCIe TV Tuner, Hauppauge PCI TV Tuner.
unable to upload the file there...

Hi.. we have tried that but when we try to upload it it says we don't have (administrator) permission to do so....
 

My Computer My Computer

At a glance

Windows 7 32 bit
OS
Windows 7 32 bit
Is this a work computer?
 

My Computer My Computer

At a glance

Windows 10 Pro x64 ; Xubuntu x64Intel i7 860 @ 2.80 GHz O/C'ed to 4.0GHz16GB Corsair Vengance DDR3 @ 661 MHz Dual Cha...EVGA NVidia GTX 560 1024MB
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Golden Mk. I.4
OS
Windows 10 Pro x64 ; Xubuntu x64
CPU
Intel i7 860 @ 2.80 GHz O/C'ed to 4.0GHz
Motherboard
Gigabyte P55A-UD3R Rev.1. Award BIOS F13
Memory
16GB Corsair Vengance DDR3 @ 661 MHz Dual Channel (9-9-9-24)
Graphics Card(s)
EVGA NVidia GTX 560 1024MB
Sound Card
Realtek Integrated
Monitor(s) Displays
Dual Samsung SyncMaster 2494HS
Screen Resolution
1920*1080 and 1920*1080
Hard Drives
1*Samsung 840 EVO 120GB SSD;
1*OCZ Vertex 2 60GB SSD;
2*Samsung F3 SpinPoint 1TB in RAID0;
1*Samsung F1 SpinPoint 1TB;
2*Western Digital 1TB External USB 3.0
1*Western Digital 500GB External USB 3.0
1*Seagate 500GB External USB 2.0
PSU
Thermaltake ToughPower QFan 750W
Case
Thermaltake Element S VK60001W2Z
Cooling
Corsair H60 Water Cooling, 2*230mm and 2*80mm case fans
Keyboard
Logitech G110
Mouse
Logitech MX518
Last edited:

My Computer My Computer

At a glance

Windows 7 32 bit
OS
Windows 7 32 bit

My Computer My Computer

At a glance

Windows 10 Pro x64 ; Xubuntu x64Intel i7 860 @ 2.80 GHz O/C'ed to 4.0GHz16GB Corsair Vengance DDR3 @ 661 MHz Dual Cha...EVGA NVidia GTX 560 1024MB
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Golden Mk. I.4
OS
Windows 10 Pro x64 ; Xubuntu x64
CPU
Intel i7 860 @ 2.80 GHz O/C'ed to 4.0GHz
Motherboard
Gigabyte P55A-UD3R Rev.1. Award BIOS F13
Memory
16GB Corsair Vengance DDR3 @ 661 MHz Dual Channel (9-9-9-24)
Graphics Card(s)
EVGA NVidia GTX 560 1024MB
Sound Card
Realtek Integrated
Monitor(s) Displays
Dual Samsung SyncMaster 2494HS
Screen Resolution
1920*1080 and 1920*1080
Hard Drives
1*Samsung 840 EVO 120GB SSD;
1*OCZ Vertex 2 60GB SSD;
2*Samsung F3 SpinPoint 1TB in RAID0;
1*Samsung F1 SpinPoint 1TB;
2*Western Digital 1TB External USB 3.0
1*Western Digital 500GB External USB 3.0
1*Seagate 500GB External USB 2.0
PSU
Thermaltake ToughPower QFan 750W
Case
Thermaltake Element S VK60001W2Z
Cooling
Corsair H60 Water Cooling, 2*230mm and 2*80mm case fans
Keyboard
Logitech G110
Mouse
Logitech MX518

My Computer My Computer

At a glance

Windows 10 Pro. 64/ version 1709 Windows 7 Pr...Intel i7-6800K @ 4.3Corsair Platinum 16 gig @2400EVGA GTX 1070 OC
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Home made Desktop
OS
Windows 10 Pro. 64/ version 1709 Windows 7 Pro/64
CPU
Intel i7-6800K @ 4.3
Motherboard
ASUS X-99 Deluxe II
Memory
Corsair Platinum 16 gig @2400
Graphics Card(s)
EVGA GTX 1070 OC
Monitor(s) Displays
Asus 27" LED LCD/VE278Q
Screen Resolution
1920-1080 or 1280-720 HDMI
Hard Drives
INTEL SSD 730-240 Gb Sata 3.0/
PSU
EVGA Platium 1200W
Case
Phanteks Luxe Tempered Glass 8 fans/ one radiator
Cooling
XSPC/ Water Cooled CPU
Keyboard
Das 4 Professional
Mouse
Logitech M705/MX Anywhere 2-S
Internet Speed
100 mbits
Antivirus
Microsoft Security Essentials/ Malwarebytes Premium 3.0/ SAS
Browser
I.E. 11 default/Firefox/ ISP Time Warner Cable/Spectrum
Other Info
LG BluRay Burner/
Sound system-KLipsch-THX/
Icy Dock ssd Hot Swap bays.
Neil3205,

If Sirefef was found on your computer, your interests are well served by running tools that query/diagnose the system prior to Windows starting.

Although some programs may come up clean, malware could still be lurking somewhere, particularly if it is a Rootkit.


So, if you agree, let’s take a look before Windows starts, but, need some info from you:

Do you have the Repair your computer option in the Advanced Boot Options menu?


To find out:

Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until the Advanced Boot Options menu appears.
Is the Repair your computer option listed?


If you do not have the option, do you have your Windows installation CD/DVD available?


And last, do you have a USB flash drive available, and access to a clean computer?
 
 

My Computer My Computer

At a glance

Windows 7 Home Premium
Computer type
PC/Desktop
Computer Manufacturer/Model Number
An ol' eMachines
OS
Windows 7 Home Premium
Internet Speed
Fine for me...I'm retired!
Installed Windows Offline Defender

I am running this on my own computer on our home 'network'... as earlier advice in the thread... I have downloaded Windows Offline Defender on a CD and changed the BIOS to boot via the CD and did the scan by that... (at least a quick scan).... I will run a full scan while I sleep tonight as I fear that might take a few hours... the last re-boot I did the Sirefef wasn't showing.... now running an ESET scan....
 

My Computer My Computer

At a glance

Windows 7 32 bit
OS
Windows 7 32 bit
You must log in or register to reply here.

Similar threads

Solved How do I find out what wattage UPS I need?
Replies
6
Views
2K
HAVOC
HAVOC
Solved Where do I find out what Windows is doing during 10 minute boot?
2
Replies
22
Views
6K
ICIT2LOL
ICIT2LOL
How do I find out what RAM I have?
Replies
5
Views
30K
strido
S
How do I find out what driver is causing the problem?
Replies
1
Views
14K
usasma
usasma
How do I find out what program is using all my CPU?
Replies
2
Views
30K
vpwin7
V
Back
Top