Might have malware? strange RarSFX0 Temp file with program not listed

[Rokkor]

I might have a malware problem? I bought a reconditioned, used W7 Home Premium machine from a certified computer re-installer company. The machine had a fresh install of W7 and it's legit and Windows is authenticated by by MS. Some time after I bought it I was poking around Windows files and find the machine had Aida64 on it, but it wasn't listed in the start menu under programs, and it doesn't come up under Uninstall Programs, maybe because it's a executable?


Recently I added [FONT=&quot]Simple Software Restriction Policy 2.2 which disallows running of programs from temp folders and cache...OK today I moved Aida64.exe to the programs folder and gave it a shortcut to my Documents. When I try to run it, I get a message that says [/FONT][FONT=&quot][FONT=&quot]Simple Software Restriction Policy 2.2 can't run it because it's Aida64 is in[/FONT] c:\Users\*my name*\AppData\Local\Temp\RarSFX0\aida64.exe When I go look for this RarSFX0 folder it's not there. This all sounds fishy to me, I'd like to make sure it's not malware as I believe Aida64 can download from the internet and make changes to my computer so it could have been installed by a hacker with a backdoor trojan.
[/FONT]

 

[wither 2]

If you want to make sure it's not malware, download and run the free Malwarebytes. You should also run a complete system scan with your anti-virus.

 

[samuria]

It sounds as if the file you have is either zip file which expands to temp which you settings have blocked or its a portable file upload it to virus tool it will tell you if it's legite

 

[badcrc]

SFX means self-extracting. When you download a zip or Rar file, you normally need the associated program installed on your pc eg somefile.zip needs WinZip to unpack it. Some files are distributed as SFX, which means the file will unpack without the need for you to have the Zip or Rar program installed. SFX files are exe executable files, so would be something like myfile.exe.

It sounds like you have a SFX Aida64 - which would need unpacking, and then you run the install file to install as per usual. As has been mentioned - be very wary of unknown exe files, it could be malware named to look like a regular file.

I use Aida64 - here's the desktop gadget on my i7

 

[Rokkor]

Thanks for all the replies!...I ran a scan with both MSE and Malwarebytes and they came up clean. I uploaded the exe file for a virus check and it was clean. So it sounds like it was a self extracting file and not a problem.


If I want to remove aida64 from my system can I just delete the aida.exe file and the associated registry key?
HKEY_USERS\****************************\Software\FinalWire\AIDA64

 

[samuria]

Before deleting anything from the reg first export it to a .reg file that way you can trade if needed then you can delete it