Solved

Is DifXInstall32.exe a virus or spyware?

Posted on 2008-10-14
5
21,114 Views
Last Modified: 2012-05-05
I think I found a undefined virus or spyware that seemed to try to install on my system (without prompts from UAC) It's name is DifXInstall32.exe I did not find much on it with the exception of this link:

http://spywarefiles.prevx.com/RRIDAI045037065/DIFXINSTALL32.EXE.html

It seems to be unclassified... not sure. I found it trying to install after I downloaded mail with Outlook 2007 along with a few other exe's that I did not catch.

Does anybody have any idea what this is? - And if so, how to remove it since it slipped right past Norton 360, and a cocktail of anti-spyware apps installed on this Vista machine.
0
Comment
Question by:Thaidog
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 2

Accepted Solution

by:
WebSvrPro earned 250 total points
ID: 22719970
Yes, I had this on my Laptop. It also slipped past my AV because it had attached itself to another file so it didn't pick it up. I took a look into it and it seems to me Spyware. It will randoms display popup advertising if installed even if you are not connected to the internet.

I had to rebuild my laptop because it pulled down a load of other nasty things with it. My sister who also downloaded but didn't install it just deleted it and its been fine since.

So best option for you would be to delete it!
0
 

Author Comment

by:Thaidog
ID: 22737585
Can you tell me how to locate it so i can delete it?
0
 
LVL 8

Assisted Solution

by:-Mystique-
-Mystique- earned 250 total points
ID: 22739488
http://info.prevx.com/aboutprogramtext.asp?PX5=4cb4161068a8a8a2d56e00c84de30300023a114a
From the above link I googled for more info and found the below page and had google translate it.

http://translate.google.com/translate?hl=en&sl=zh-CN&u=http://file.ikaka.com/Info/FileInfo.aspx%3FFileID%3D2949835%26FileMD5%3DBFC01B2E453A904406694174428087FF&sa=X&oi=translate&resnum=2&ct=result&prev=/search%3Fq%3DDIFx%2BDriver%2BInstaller%2BDIFXINSTALL32.EXE%26hl%3Den%26sa%3DG

Software details
oö DifXInstall32.exe Software name: DifXInstall32.exe

úÁlø GEAR Software, Inc. Production company: GEAR Software, Inc.

§ÁðDIFx Driver Installer Product Name: DIFx Driver Installer

H,÷    1.1.0.1 No. version: 1.1.0.1

‡ö'54632byte File Size: 54632byte


¥öô2008-10-9 0:30:58 Time reported: For-10-9 0:30:58

MD5<   BFC01B2E453A904406694174428087FF MD5 value: BFC01B2E453A904406694174428087FF

From this information I googled for Gear software and found their homepage.

Gear Software is DVD & CD burning software
Gear software's homepage:  
http://www.gearsoftware.com/


I also found Indepth information on DIFx Drivers
Windows Driver Kit: Device Installation
DIFx Driver Package Requirements
http://msdn.microsoft.com/en-us/library/ms790263.aspx

This file may be legitimate.
To try to ferret out other files on your system that may be malware related, I suggest downloading HijackThis and running it and obtaining a log of its findings.  Then you can either use the below freeware or online analyzers or post the log in one of many forums,including here, to get help with analyzing your log.
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis

Freeware hijackthis reader
http://www.hollmen.dk/content/view/69/31/


Online hijack this log analyzers
http://hjt.networktechs.com/
http://www.hijackthis.de/
http://www.prevx.com/hijackthis.asp
http://www.help2go.com/component/detective/
http://www.2-spyware.com/hjt.php



0

Featured Post

Limited time offer using promo code EXPERTS25

Designed with a wealth of functionality and convenience, ATEN's new Thunderbolt™ 2 Sharing Switch takes your Thunderbolt setup to the next level. Now through August 31, 2017, Experts Exchange members get 25% off the US7220 on the ATEN USA eShop using promo code EXPERTS25.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article helps those who get the 0xc004d307 error when trying to rearm (reset the license) Office 2013 in a Virtual Desktop Infrastructure (VDI) and/or those trying to prep the master image for Microsoft Key Management (KMS) activation. (i.e.- C…
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

635 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question