Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Is DifXInstall32.exe a virus or spyware?

Posted on 2008-10-14
5
Medium Priority
?
21,172 Views
Last Modified: 2012-05-05
I think I found a undefined virus or spyware that seemed to try to install on my system (without prompts from UAC) It's name is DifXInstall32.exe I did not find much on it with the exception of this link:

http://spywarefiles.prevx.com/RRIDAI045037065/DIFXINSTALL32.EXE.html

It seems to be unclassified... not sure. I found it trying to install after I downloaded mail with Outlook 2007 along with a few other exe's that I did not catch.

Does anybody have any idea what this is? - And if so, how to remove it since it slipped right past Norton 360, and a cocktail of anti-spyware apps installed on this Vista machine.
0
Comment
Question by:Thaidog
5 Comments
 
LVL 2

Accepted Solution

by:
WebSvrPro earned 1000 total points
ID: 22719970
Yes, I had this on my Laptop. It also slipped past my AV because it had attached itself to another file so it didn't pick it up. I took a look into it and it seems to me Spyware. It will randoms display popup advertising if installed even if you are not connected to the internet.

I had to rebuild my laptop because it pulled down a load of other nasty things with it. My sister who also downloaded but didn't install it just deleted it and its been fine since.

So best option for you would be to delete it!
0
 
LVL 1

Author Comment

by:Thaidog
ID: 22737585
Can you tell me how to locate it so i can delete it?
0
 
LVL 8

Assisted Solution

by:-Mystique-
-Mystique- earned 1000 total points
ID: 22739488
http://info.prevx.com/aboutprogramtext.asp?PX5=4cb4161068a8a8a2d56e00c84de30300023a114a
From the above link I googled for more info and found the below page and had google translate it.

http://translate.google.com/translate?hl=en&sl=zh-CN&u=http://file.ikaka.com/Info/FileInfo.aspx%3FFileID%3D2949835%26FileMD5%3DBFC01B2E453A904406694174428087FF&sa=X&oi=translate&resnum=2&ct=result&prev=/search%3Fq%3DDIFx%2BDriver%2BInstaller%2BDIFXINSTALL32.EXE%26hl%3Den%26sa%3DG

Software details
oö DifXInstall32.exe Software name: DifXInstall32.exe

úÁlø GEAR Software, Inc. Production company: GEAR Software, Inc.

§ÁðDIFx Driver Installer Product Name: DIFx Driver Installer

H,÷    1.1.0.1 No. version: 1.1.0.1

‡ö'54632byte File Size: 54632byte


¥öô2008-10-9 0:30:58 Time reported: For-10-9 0:30:58

MD5<   BFC01B2E453A904406694174428087FF MD5 value: BFC01B2E453A904406694174428087FF

From this information I googled for Gear software and found their homepage.

Gear Software is DVD & CD burning software
Gear software's homepage:  
http://www.gearsoftware.com/


I also found Indepth information on DIFx Drivers
Windows Driver Kit: Device Installation
DIFx Driver Package Requirements
http://msdn.microsoft.com/en-us/library/ms790263.aspx

This file may be legitimate.
To try to ferret out other files on your system that may be malware related, I suggest downloading HijackThis and running it and obtaining a log of its findings.  Then you can either use the below freeware or online analyzers or post the log in one of many forums,including here, to get help with analyzing your log.
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis

Freeware hijackthis reader
http://www.hollmen.dk/content/view/69/31/


Online hijack this log analyzers
http://hjt.networktechs.com/
http://www.hijackthis.de/
http://www.prevx.com/hijackthis.asp
http://www.help2go.com/component/detective/
http://www.2-spyware.com/hjt.php



0

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Unable to change the program that handles the scan event from a network attached Canon/Brother printer/scanner. This means you'll always have to choose which program handles this action, e.g. ControlCenter4 (in the case of a Brother).
This article is about my experience upgrading my consulting machine to Windows 10 Version 1709 (The Fall 2017 Creator Update)
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…
Finding and deleting duplicate (picture) files can be a time consuming task. My wife and I, our three kids and their families all share one dilemma: Managing our pictures. Between desktops, laptops, phones, tablets, and cameras; over the last decade…

971 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question