Solved

Is DifXInstall32.exe a virus or spyware?

Posted on 2008-10-14
5
20,969 Views
Last Modified: 2012-05-05
I think I found a undefined virus or spyware that seemed to try to install on my system (without prompts from UAC) It's name is DifXInstall32.exe I did not find much on it with the exception of this link:

http://spywarefiles.prevx.com/RRIDAI045037065/DIFXINSTALL32.EXE.html

It seems to be unclassified... not sure. I found it trying to install after I downloaded mail with Outlook 2007 along with a few other exe's that I did not catch.

Does anybody have any idea what this is? - And if so, how to remove it since it slipped right past Norton 360, and a cocktail of anti-spyware apps installed on this Vista machine.
0
Comment
Question by:Thaidog
5 Comments
 
LVL 2

Accepted Solution

by:
WebSvrPro earned 250 total points
ID: 22719970
Yes, I had this on my Laptop. It also slipped past my AV because it had attached itself to another file so it didn't pick it up. I took a look into it and it seems to me Spyware. It will randoms display popup advertising if installed even if you are not connected to the internet.

I had to rebuild my laptop because it pulled down a load of other nasty things with it. My sister who also downloaded but didn't install it just deleted it and its been fine since.

So best option for you would be to delete it!
0
 

Author Comment

by:Thaidog
ID: 22737585
Can you tell me how to locate it so i can delete it?
0
 
LVL 8

Assisted Solution

by:-Mystique-
-Mystique- earned 250 total points
ID: 22739488
http://info.prevx.com/aboutprogramtext.asp?PX5=4cb4161068a8a8a2d56e00c84de30300023a114a
From the above link I googled for more info and found the below page and had google translate it.

http://translate.google.com/translate?hl=en&sl=zh-CN&u=http://file.ikaka.com/Info/FileInfo.aspx%3FFileID%3D2949835%26FileMD5%3DBFC01B2E453A904406694174428087FF&sa=X&oi=translate&resnum=2&ct=result&prev=/search%3Fq%3DDIFx%2BDriver%2BInstaller%2BDIFXINSTALL32.EXE%26hl%3Den%26sa%3DG

Software details
oö DifXInstall32.exe Software name: DifXInstall32.exe

úÁlø GEAR Software, Inc. Production company: GEAR Software, Inc.

§ÁðDIFx Driver Installer Product Name: DIFx Driver Installer

H,÷    1.1.0.1 No. version: 1.1.0.1

‡ö'54632byte File Size: 54632byte


¥öô2008-10-9 0:30:58 Time reported: For-10-9 0:30:58

MD5<   BFC01B2E453A904406694174428087FF MD5 value: BFC01B2E453A904406694174428087FF

From this information I googled for Gear software and found their homepage.

Gear Software is DVD & CD burning software
Gear software's homepage:  
http://www.gearsoftware.com/


I also found Indepth information on DIFx Drivers
Windows Driver Kit: Device Installation
DIFx Driver Package Requirements
http://msdn.microsoft.com/en-us/library/ms790263.aspx

This file may be legitimate.
To try to ferret out other files on your system that may be malware related, I suggest downloading HijackThis and running it and obtaining a log of its findings.  Then you can either use the below freeware or online analyzers or post the log in one of many forums,including here, to get help with analyzing your log.
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis

Freeware hijackthis reader
http://www.hollmen.dk/content/view/69/31/


Online hijack this log analyzers
http://hjt.networktechs.com/
http://www.hijackthis.de/
http://www.prevx.com/hijackthis.asp
http://www.help2go.com/component/detective/
http://www.2-spyware.com/hjt.php



0

Featured Post

Are your corporate email signatures appalling?

Is it scary how unprofessional your email signatures look? Do users create their own terrible designs and give themselves stupid job titles? You can make this a lot easier for yourself by choosing an email signature management solution from Exclaimer today.

Join & Write a Comment

When you upgrade from Windows 8 to 8.1 or to Windows 10 or if you are like me you are on the Insider Program you may find yourself with many 450MB recovery partitions.  With a traditional disk that may not be a problem but with relatively smaller SS…
Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now