Cannot remove msiexec.exe and cannot run windows installer
I am running Windows XP SP3. Running Symantec AntiVirus Version 10.1.0.401
I recently had problems with IE taking up 100% of my CPU time, and thought it might have something to do with multiple copies of msiexec.exe. With help from EE folks, I resolved the 100% CPU usage problem, and thought that the msiexec.exe problem was resolved, but it is not.
After running ComboFix (log attached) , both copies of msiexec were removed from TaskManager, but when I rebooted, they both reappeared. When I tried to install Visual Studio 2008 I got the attached error message. I've tried deleteing these from the TM processes tab, but within seconds of deleting them, they reappear. I've looked all over the EE and Google sites and cannot find a current solution for this. I'm hoping the ComboFix log will help.
Would appreciate any thoughts. Really need to get this software loaded, and it will not load now.
log-2010-07-23.txt
WindowsInstaller.jpg
I recently had problems with IE taking up 100% of my CPU time, and thought it might have something to do with multiple copies of msiexec.exe. With help from EE folks, I resolved the 100% CPU usage problem, and thought that the msiexec.exe problem was resolved, but it is not.
After running ComboFix (log attached) , both copies of msiexec were removed from TaskManager, but when I rebooted, they both reappeared. When I tried to install Visual Studio 2008 I got the attached error message. I've tried deleteing these from the TM processes tab, but within seconds of deleting them, they reappear. I've looked all over the EE and Google sites and cannot find a current solution for this. I'm hoping the ComboFix log will help.
Would appreciate any thoughts. Really need to get this software loaded, and it will not load now.
log-2010-07-23.txt
WindowsInstaller.jpg
If above problem not solved for installation try below steps:
Go to Services
Right click on the Remote Procedure Call (RPC) Service
Select Log In Tab
Select Log As "Local System account" and tick "Allow service to interact with desktop"
Restart pc
AtB
Go to Services
Right click on the Remote Procedure Call (RPC) Service
Select Log In Tab
Select Log As "Local System account" and tick "Allow service to interact with desktop"
Restart pc
AtB
OK Guys sorry to say that but how you didn't know the problem ?
Msiexec.exe is an application we use to do 2 tybes of deploy software ( Massive and quite install )
so if the msiexec.exe is running and no installation is running and the processor records a high level
that mean one thing ( VIRUS )
actually this is not the original msiexec.exe it's virus or maleware taking the same file name
If msiexec.exe is located in a subfolder of C:\Windows then the security rating is 77% dangerous. File size is 24,576 bytes (66% of all occurrence), 90,112 bytes. There is no information about the maker of the file. The program is not visible. msiexec.exe is an unknown file in the Windows folder. The file is not a Windows system file. The process listens for or sends data on open ports to LAN or Internet. msiexec.exe is able to hide itself, monitor applications.
If msiexec.exe is located in a subfolder of "C:\Documents and Settings" then the security rating is 60% dangerous. File size is 142,848 bytes (50% of all occurrence), 11,264 bytes. There is no file information. The program is not visible. It is not a Windows system file.
If msiexec.exe is located in the Windows Temp folder then the security rating is 56% dangerous. File size is 47,616 bytes.
so I suggest you to scan your computer with a good antivirus or maleware ( ESET smart security will be fine ) to remove this shit
Msiexec.exe is an application we use to do 2 tybes of deploy software ( Massive and quite install )
so if the msiexec.exe is running and no installation is running and the processor records a high level
that mean one thing ( VIRUS )
actually this is not the original msiexec.exe it's virus or maleware taking the same file name
If msiexec.exe is located in a subfolder of C:\Windows then the security rating is 77% dangerous. File size is 24,576 bytes (66% of all occurrence), 90,112 bytes. There is no information about the maker of the file. The program is not visible. msiexec.exe is an unknown file in the Windows folder. The file is not a Windows system file. The process listens for or sends data on open ports to LAN or Internet. msiexec.exe is able to hide itself, monitor applications.
If msiexec.exe is located in a subfolder of "C:\Documents and Settings" then the security rating is 60% dangerous. File size is 142,848 bytes (50% of all occurrence), 11,264 bytes. There is no file information. The program is not visible. It is not a Windows system file.
If msiexec.exe is located in the Windows Temp folder then the security rating is 56% dangerous. File size is 47,616 bytes.
so I suggest you to scan your computer with a good antivirus or maleware ( ESET smart security will be fine ) to remove this shit
Keep in mind that msiexec could be running for a legitimate reason at boot ie. trying to install an application update, installing updated printer drivers for network shared printers, etc. I would first check the application event log for msinstaller messages/errors to try and determine if MS Installer (MSIExec.exe) is attempting to complete some sort of install. The event logs should provide some sort of indication of what is attemptig to be updated/installed. If there are no event log msgs related to msinstaller then that is more evidence that the running instances of msiexec are possibly malicious software. After checking the event logs run msconfig.exe and check for startup items that could be updates (cross reference with info from event logs) and disable if necessary to troubleshoot and hopefully isolate the cause of the issue.
Best of luck.
MrCannon
Best of luck.
MrCannon
ASKER
Responses to all of the above.
1. Home PC on a home network
2. I mentioned in the previous thread (forgot to copy it over to this thread) that I have already run Spybot S&D, Malwarebytes, PC Matic, and ComboFix. Although they each removed a few threates, MSIexec.exe was not one of them.
3. With no applications (other than Task Manager) running, I still have one or two instances of msiexec.exe running on my PC, constantly, which cannot be removed.
4. mrCannon: How do I check the event logs? Have never done that before?
1. Home PC on a home network
2. I mentioned in the previous thread (forgot to copy it over to this thread) that I have already run Spybot S&D, Malwarebytes, PC Matic, and ComboFix. Although they each removed a few threates, MSIexec.exe was not one of them.
3. With no applications (other than Task Manager) running, I still have one or two instances of msiexec.exe running on my PC, constantly, which cannot be removed.
4. mrCannon: How do I check the event logs? Have never done that before?
Did you run Combofix in safemode?
ASKER
Crystal,
No. But I will.
No. But I will.
ASKER
Crystal,
Here is the ComboFix log, run in XP Safe Mode.
Should I also be running my other malware and virus software (Spybot S&D, Malwarebytes, Symantec AV) in safe mode.
log-2010-07-24-SafeMode.txt
Here is the ComboFix log, run in XP Safe Mode.
Should I also be running my other malware and virus software (Spybot S&D, Malwarebytes, Symantec AV) in safe mode.
log-2010-07-24-SafeMode.txt
I would, if something is still in the system, and loads on startup, it will keep the scans from running properly. Running in safemode "usually" keeps viruses and malware from loading into memory before your AV is fully loaded.
If possible, could you find and post the "ComboFix-quarantined-file
If possible, could you find and post the "ComboFix-quarantined-file
To answer your question about event logs here is a knowledge base article explaining it http://support.microsoft.com/kb/308427
The event logs you want to check is the application event log.
The event logs you want to check is the application event log.
Dear ,
please try to install the Kisper sky
it will be solve your problem
please try to install the Kisper sky
it will be solve your problem
Nice-Ghaza, I'm not sure I understand your response. Could you clarify it for me?
Combofix (which you have done), malware bytes, and System Restore please.
I don't recommend Kaspersky but ESET Nod32.
Regards.
I don't recommend Kaspersky but ESET Nod32.
Regards.
Dear ,
try to repair the window not format
please see below the web site as that step
http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/doug92.mspx
i think your problem will be solve
try to repair the window not format
please see below the web site as that step
http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/doug92.mspx
i think your problem will be solve
ASKER
Have not had a chance to explore all of these solutions. Please keep this thread open.
Dear Fyed,
Please tell the name.you ask the Question
Please tell the name.you ask the Question
ASKER
Still working on resolving this issue. Will post back when I have had a chance to address these responses.
Eset smart security
and I'm still sayin' this is a VIRUS or Maleware , may be the virus don't have the same name of msiexec.exe but it's probably causing this file to start running without reason
install ESET and update it
boot to safemode
run ESET Scan from there by starting it's service from all programs ---> eset
after the scan finish reboot in normal mode
if you still have a problem you will have to fresh install your OS
Any help
and I'm still sayin' this is a VIRUS or Maleware , may be the virus don't have the same name of msiexec.exe but it's probably causing this file to start running without reason
install ESET and update it
boot to safemode
run ESET Scan from there by starting it's service from all programs ---> eset
after the scan finish reboot in normal mode
if you still have a problem you will have to fresh install your OS
Any help
ASKER
I'm still working on this. Have done the safeboot mode, run malware and virus software, and rebooted in normal mode. It seems to be gone for a day or so, then they showup again. I've got Symantec running as my virus scanner and am only currently visiting the MSN.com, Experts-Exchange.com, and Weatherchannel.com web sites.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Can you check event viewer for corresponding error ?
msiexec.exe
http://support.microsoft.com/kb/324638
Error with Visual Studio 2008 Installation :-
Go to services (run -> services.msc) --> Find "Windows Installer" serveice --> Set the status to Manual
next go to taskbar, endtask the instance --> restart pc
AtB