In the
last few weeks we've heard numerous cases of people getting User Account
Control (UAC) notifications asking them to allow msiexec.exe tu run. When we got the first e-mail, we thought
that the user is experiencing system error but after quite a bit of research we
found out that it was a Trojan horse masquerading as msiexec.exe. The Trojan
was located in Users directory: C:\Users\[UserName]\msiexec.exe.
User Account Control
Do you want to allow the following program from an
unknown publisher to make changes to this computer?
Program name: msiexec.exe
Publisher: Unknown
File origin: Hard drive on this computer
The legitimate msiexec.exe program that interprets packages and installs
products is located inC:\Windows\System32 folder. But the
problem is that cyber criminals try to avoid antivirus detections and confuse
users by giving a malicious program the same name of some other legit programs.
And when you do a Google search on the word 'msiexec.exe', you're presented
with a list of results saying that it's a legitimate Windows program. In this
case, the file location of the malicious msiexec.exe program
(C:\Users\[UserName]\msiexec.exe) clearly indicates that it pretends to be
something it's not. You can upload suspicious files to VirusTotal or Jotti to see if your
suspicions were correct.
The malicious msiexec.exe downloads additional
malware onto your computer. Even if you delete it manually, it may reappear
after you reboot your computer. That's why we strongly recommend you to scan
your computer with anti-malware software.
Download recommended anti-malware software (Spyware Doctor) and run a full
system scan to remove this virus from your computer.
NOTE: in some cases the rogue program may block
anti-malware software. Before saving the selected program onto your computer,
you may have to rename the installer to iexplore.exe or winlogon.exe With all of these tools, if running Windows 7 or
Vista they MUST be run as administrator. Launch the program and follow the
prompts. Don't forget to update the installed program before scanning.
Read More...
No comments:
Post a Comment