Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

setup.exe appears in root folder

Started by johnnyt , Nov 23 2006 07:35 AM

  • This topic is locked This topic is locked

#46
johnnyt
Posted 20 December 2006 - 01:20 PM

johnnyt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Phil

Just tried to run it. For some reason anything that runs in a 'command box' doesn't work for me in normal mode. I need to change to safe mode to run it??

Anyways.. I changed to safe mode and ran it, it gave me a message saying Done! and that was that. It didn't delete the setup.exe files from anywhere and so I manually deleted them and I'll see if they return.

Any idea how I get things to run from a command prompt in normal mode. I'm wondering if things like that virus remover might not work in 'safe' mode because the virus would presumably not have been allowed to start up. Therefore it might work in 'normal' mode but I can't run it in this mode because command prompts won't run in this mode??

Any ideas?

Many thanks
  • 0

Advertisements

#47
Crustyoldbloke
Posted 20 December 2006 - 02:51 PM

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
It's a pity that didn't work, but it was a longshot.

It is possible that a virus or a piece of malware has disabled the CMD in windows. I can only suggest two courses of action. The easiest and therefore the first option is to run SFC, and if that fails, reinstall SP2.

Please run System File Checker, to make sure all of your protected files are not corrupt. The scan will automatically replace any corrupt files that it finds.

Click Start
Select Run
At the prompt type sfc /scannow Please note that there is a single space between sfc and /scannow.

Typing this will start the programme, and a box should appear telling you how much longer the process should take.

Sometimes the scan will prompt you for your Windows XP disc upon starting the scan. if this happens please make sure that you can view protected files:My Computer
Tools
Folder Options
View
"Uncheck" Hide protected operating system files.
Then rerun the scan.

Once the scan is complete:

Check your Windows Updates! After using the File Protection Service, you might need to reapply some updates.

Please reboot, and let me know if anything has changed.

Also, please rehide the protected files:My Computer
Tools
Folder Options
View
"Check" Hide protected operating system files.
No Windows CD? See here: No Windows CD

SP2 is a huge download:

http://www.softwarep...2-security.html
  • 0

#48
johnnyt
Posted 21 December 2006 - 04:54 AM

johnnyt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Phil

Those setup.exe files are back... and they are the correct 49Kb in size now so they are back to their virile old selves...

I'll try your suggestion and post back although I'm getting to the stage now where I think I might have to do a complete reinstall of the operating system. I really wanted to avoid this but this virus/trojan seems to be evading everything else...

I'll get back to you on how I get on with the sfc

Thanks
  • 0

#49
Crustyoldbloke
Posted 21 December 2006 - 09:17 AM

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
Would you please be kind enough to run HJT and produce a different log?
  • Open HijackThis.
  • Click on "Open Misc Tools Section"
  • Open Uninstall Manager
  • Save List
It will produce a NotePad Page, called Uninstall.txt. Please copy the entire contents of that page and paste it here.
  • 0

#50
johnnyt
Posted 21 December 2006 - 10:06 AM

johnnyt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Phil

Here's the list you requested. I haven't done the sfc scan yet as I'm still using the computer and was going to start it going when I've finished with it. I don't know whether I needed to have done the scan prior to compiling this list or not? If so just let me know and I'll do another list after I've done the scan.

Thanks...

ABBYY FineReader 8.0 Professional Edition
AC3Filter (remove only)
Actual Search & Replace Version 2.6.2
Ad-Aware SE Personal
Adobe Acrobat 7.0 Professional
Adobe Shockwave Player
Advanced Excel 97 Password Recovery
Advanced RAR Password Recovery
Advanced Task Scheduler (Remove or Repair)
All Media Fixer 6.4
ArcSoft PhotoImpression
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
AutoCAD Electrical 2006
Autodesk DWF Viewer
Automation License Manager V2.1 + HF2
AVG Anti-Spyware 7.5
AVG Free Edition
Avi2Dvd 0.4.4 beta
AviSynth 2.5
Before You Know It 3.5 Lite
CachemanXP 1.12
Calculatem Pro
Calendarscope
Canon MP Drivers 6.0
Canon MP Navigator 1.0
Canon ScanGear Starter
Canon Utilities Easy-PhotoPrint
CCleaner (remove only)
CD-LabelPrint
Citect Knowledge Base
CitectHMI/SCADA
C-Media 3D Audio
C-Media WDM Audio Driver
Core Center
Crouzet Logic Software M2
CSI-Miami
Cute Reminder Professional Edition version 2.1
CuteFTP 6 Professional
Diskeeper Professional Edition
DivX
DS Clock
Easy-WebPrint
EPSON TWAIN 5
Floppy Image 2.3.3
foobar2000 v0.9.4.2
GSpot Codec Information Appliance
GX Developer
HEXwrite 1.0.5
HijackThis 1.99.1
Hotfix for Windows XP (KB909394)
iISystem Wiper 2.4.1
ImageMixer with VCD
Imperial Glory
Instant Quote 2000 Professional
Ipswitch WS_FTP Pro
i-Speeder
iTunes
J2SE Runtime Environment 5.0 Update 9
Jasc Paint Shop Pro 9
Jasc Paint Shop Pro 9 GDI+ Patch
Jasc Paint Shop Pro 9.01 Patch
Jasc Paint Shop Pro Studio Additional Content
Jetico Personal Firewall 1.0
Kaspersky Online Scanner
Ladbrokes Poker
LifeGlobe Goldfish Aquarium
LifeGlobe Sharks, Terrors of the Deep
Logitech QuickCam Software
Logitech® Camera Driver
MacComm OCX 1.05 Trial
MacRegIO 1.16
Macromedia Flash Player 8
MacTalk 1.35 Beta 3
MailWasher Pro
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Fighter Ace II
Microsoft Flight Simulator 2002
Microsoft Jet 4.0 Service Pack 4
Microsoft Office XP Professional with FrontPage
Mozilla Firefox (1.5)
Mozilla Thunderbird (1.5.0.9)
MSXML 4.0 SP2 Parser and SDK
Nero 6 Ultra Edition
NextStep Software - Internet History Cleaner
Nokia Connectivity Cable Driver
Nokia PC Suite
OmniPage SE 2.0
Operation Flashpoint uninstall
Panda ActiveScan
Paradise Poker
PC Wizard 2006.1.68
PokerRoom.com (remove only)
PowerDVD
PowerQuest PartitionMagic 8.0
Presto! PageManager 6.01
QuickTime
RealPlayer
Realtek AC'97 Audio
Restorer2000 Professional
S7-200 Explorer V1.0.1.4
Saitek Configuration Software
Saitek NT Controller Drivers
ScanToWeb
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Sentinel System Driver 5.42.1 (32-bit)
SereneScreen Marine Aquarium 2
SereneScreen Marine Aquarium Time 2
Shareaza version 2.2.3.0
SIMATIC STEP 5 V7.23 Update
SIMATIC STEP 7 V5.3 + SP3
SIMATIC ProTool V6.0
SIMATIC ProTool/Pro V6.0 Common Files
SIMATIC S7 CPU 31xC Examples V1.0
SIMATIC STEP 7-Micro/WIN V4.0.1.10
Skype 2.5
Spectaculator 5.1
SpeedTouch USB Software
Spybot - Search & Destroy 1.3
Spyware Doctor 4.0
SpywareBlaster v3.5.1
SWiSH v2.01
SYSTRAN Premium 5.0
TD Keypad Designer V1.0.0.38
TEFView 2.64
Texas Calculatem 4 with "AutoRead"
Texas Calculatem 4 with "AutoRead"
Texas Hold'em Odds Calculator V 1.0
TextPipe Pro 6.3.5
Turbo Pad
U.S. Robotics ControlCenter
U.S.Robotics 22M Wireless LAN Adapter
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
VBScript Documentation
VIA Audio Driver Setup Program
VIA Platform Device Manager
Video Fixer 3.23
WinAce Archiver
Winamp (remove only)
WinAVIVideoConverter
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10 Hotfix - KB894476
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinPatrol
WinRAR archiver
XoftSpy
xp-AntiSpy 3.95-2
XviD MPEG-4 Video Codec
  • 0

#51
johnnyt
Posted 22 December 2006 - 08:22 AM

johnnyt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
I did that sfc scan last night and it didn't find anything (or at least it didn't report anything once it had finished). I'm not sure if it's meant to generate a report? Or warn you if it has had to change a file back to the windows original?

Anyways, it didn't work because the files are back now.

The strange thing is that setup.exe is showing on my computer as 49Kb but when I upload it to VirusTotal to check it it's showing on there as 0Kb.

Another strange thing is that if I stay with the root folder of the drive open for a minute or two with setup.exe and autorun.inf in there then a new file appears called setup.pif that's 3Kb in size.

Any ideas or am I going to have to do a full reformat?
  • 0

#52
Crustyoldbloke
Posted 22 December 2006 - 10:28 AM

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
I'm not sure why you want to do a full format. That's a bit like calling the undertaker when you have a cold.

I just Googled setup.pif and saw a hit on a McAfee website for BadTrans. Unfortunately, I couldn't read it due to my AV going crazy and resetting. These are also on the hits list:

http://www.merit.edu...4/msg00462.html

http://www.sophos.co...jdownldaap.html

http://www.nettime.o...7/msg00182.html

Looking at the last one in particular, I think you should be doing a few searches on your PC, especially emails.

Sorry that I have not been about much for the past couple of days, but Menieres Disease strikes at any time.
  • 0

#53
johnnyt
Posted 22 December 2006 - 10:48 AM

johnnyt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Phil

Just to explain.. I don't want to do a reformat but I just thought that I was taking up too much of your time with all this. If you are happy to carry on helping me fault find on this thing then I'm happy to carry on trying to clean it off.

I googled setup.pif myself and found similar info to yourself. However that refers to a file coming as an attachment called setup.pif

With my problem I have setup.exe in the root folder and as I watched it, it created setup.pif itself alongside it in the root folder!

I also found some other files when I had my protection thing switched off for the spf scan. The other files were called erasemeXXXXX.exe where XXXXX = a random number. So it would be something like eraseme12345.exe

There were about five of these files...

I am very careful about my emails and have Mailwasher to filter them. I'm not ruling it out but I'm just thinking that my problem is something different. (although obviously I don't know what or I'd download something to get rid of it)

;-)
  • 0

#54
Crustyoldbloke
Posted 22 December 2006 - 03:18 PM

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
Hello again

Please would you submit these files to the spykiller forum:

CLICK THIS TO LINK TO BE SURE YOU CAN VIEW HIDDEN FILES

I need you to go here:
The Spy Killer Forum

*Click on "New Topic"
*Put your name, e-mail address, and this as the title: "put file path here"
*Put a link to this geeks to go topic in the description box.
*Then next to the file box. at the bottom, click the "browse" button, then navigate to this file:

C:\erasemeXXXXX.exe
C:\setup.exe
C:\setup.pif

*Press "Open".
*Click "Post".

Thank you!
  • 0

#55
Crustyoldbloke
Posted 01 January 2007 - 03:44 AM

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

Advertisements

#56
Crustyoldbloke
Posted 08 January 2007 - 11:08 AM

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
Topic reopened at the request of the topic starter.
  • 0

#57
Crustyoldbloke
Posted 18 January 2007 - 02:56 AM

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP