Is PBRem.exe in the temp folder malware?

[windowsuser111]

when i signed onto windows 7 a notice came up asking for permission for pbrem.exe to make changes to my computer. it was located in appdata\local\temp, i disallowed it, is it malware?

 

[Golden]

Hi,

What anti-malware software do you have installed on your system?

What size is that file? If its under 20MB, upload it to the online scanner VirusTotal. Post the results here.

Regards,
Golden

 

[windowsuser111]

i have:
mse
avast
malwarebytes
spybot s&d

virustotal results:

Antivirus Version Last Update Result
AhnLab-V3 2011.04.03.01 2011.04.03 -
AntiVir 7.11.5.168 2011.04.01 -
Antiy-AVL 2.0.3.7 2011.04.02 -
Avast 4.8.1351.0 2011.04.02 -
Avast5 5.0.677.0 2011.04.02 -
AVG 10.0.0.1190 2011.04.02 -
BitDefender 7.2 2011.04.03 -
CAT-QuickHeal 11.00 2011.04.02 -
ClamAV 0.97.0.0 2011.04.01 -
Commtouch 5.2.11.5 2011.03.24 -
Comodo 8196 2011.04.02 -
DrWeb 5.0.2.03300 2011.04.03 -
eSafe 7.0.17.0 2011.04.01 -
eTrust-Vet 36.1.8248 2011.04.01 -
F-Prot 4.6.2.117 2011.04.02 -
F-Secure 9.0.16440.0 2011.04.02 -
Fortinet 4.2.254.0 2011.04.02 -
GData 22 2011.04.03 -
Ikarus T3.1.1.103.0 2011.04.02 -
Jiangmin 13.0.900 2011.03.31 -
K7AntiVirus 9.96.4280 2011.04.02 -
McAfee 5.400.0.1158 2011.04.02 -
McAfee-GW-Edition 2010.1C 2011.04.02 -
Microsoft 1.6702 2011.04.02 -
NOD32 6010 2011.04.03 -
Norman 6.07.03 2011.04.02 -
Panda 10.0.3.5 2011.04.02 -
PCTools 7.0.3.5 2011.04.01 -
Prevx 3.0 2011.04.03 -
Rising 23.51.05.05 2011.04.02 -
Sophos 4.64.0 2011.04.02 -
SUPERAntiSpyware 4.40.0.1006 2011.04.03 -
Symantec 20101.3.2.89 2011.04.03 -
TheHacker 6.7.0.1.164 2011.04.02 -
TrendMicro 9.200.0.1012 2011.04.02 -
TrendMicro-HouseCall 9.200.0.1012 2011.04.03 -
VBA32 3.12.14.3 2011.04.01 -
VIPRE 8902 2011.04.03 -
ViRobot 2011.4.2.4390 2011.04.02 -
VirusBuster 13.6.284.0 2011.04.02 -

so i guess it's safe
i had deleted my temp and prefetch files before restarting so that might have something to do with it

 

[Golden]

Mmm...OK. I guess I'm suspicious since the first page of Google with pbrem.exe as the search expression causes WoT to flag every link as malicious.

Did you install any new software to your system recently?

Regards,
Golden

 

[windowsuser111]

i just ran the executable and gave it permission, it said "might not have installed correctly", so i reinstalled it using the prompt option, and nothing has happened so far
i installed some software recently, but it's all innocuous - autograph is the only one i can think of

 

[WindowsUserUK]

not out of the woods yet

I had the same probelm after install Autograph on my Windows 7 pc.
I have not given permissions to pbrem.exe from the temp folder to run, and Autographis working fine so far.

Have you have any recent problems with performance on your PC? other forums suggest that pbrem is worm that may cause performance issues.

 

[Borg 386]

It could depend on where you got the file from. If you d/l a file from a bad site that hosts a modified version, there could well be a virus in there. Some well known files can be modified to contain a virus. If I d/l anything, I try to get it from the source site instead of a general site hosting the file (if possible).

 

[WindowsUserUK]

I downloaded the installation file directly from the source.
many other students have used the same download link (provided by the university) and have not had this problem.
It only seems to happen on windows 7 OS.

 

[seth500]

It could depend on where you got the file from. If you d/l a file from a bad site that hosts a modified version, there could well be a virus in there. Some well known files can be modified to contain a virus. If I d/l anything, I try to get it from the source site instead of a general site hosting the file (if possible).

+1 Me too! I have personally ran into that myself by downloading an executable of well known and popular software and it had been modified with a trojan. So stick with the site that the .exe or .zip is supposed to be from..Good advice!