The following setup.exe seems running after installing software, but it cannot be removed by cleaning temp.
Does anyone know whether following item is virus or not?
Thanks in advance for any suggestions
C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\RarSFX0\setup.exe
Hang on for Quads -- you might have something serious there so don't try to do anything to the system or he will not be able to help you.
When I look for setup.exe file under this directory, there is nothing there.
I have try to clean temp without any luck to remove it.
Do you have any suggestions on what it is? and how to remove it?
Thanks you very much for suggestions
oem7110 wrote:When I look for setup.exe file under this directory, there is nothing there.
I have try to clean temp without any luck to remove it.
Do you have any suggestions on what it is? and how to remove it?
Thanks you very much for suggestions
oem7110 wrote:When I look for setup.exe file under this directory, there is nothing there.
I have try to clean temp without any luck to remove it.
Do you have any suggestions on what it is? and how to remove it?
Thanks you very much for suggestions
Read this message:
Does anyone have any suggestions on how to solve this issue?
Thanks you very much for suggestions
oem7110 wrote:Does anyone have any suggestions on how to solve this issue?
Thanks you very much for suggestions
Have you downloaded anything recently that would have been in an RAR archive?
This is Dr.Web CureIt!, an antivirus scanner, is it not?
Peter,
The reason I posted my warning twice is that a Google on RarSFX0\setup.exe points to several references to a key logger, to BleepingComputer ....
huwyngr wrote:Peter,
The reason I posted my warning twice is that a Google on RarSFX0\setup.exe points to several references to a key logger, to BleepingComputer ....
Thanks Hugh.
oem7110 has been testing his security lately at GRC, and may have gone too far. Check the recent posts
http://community.norton.com/t5/user/viewprofilepage/user-id/34508
It may be existed for a long periods of time, recently, I try Avira Internet Security, which show this activity within firewall, but Norton 360 does not have any option to detect this activity. At this moment, I have deny this program to access internet within Firewall.
For the worst case, I will reinstall window ...
Does anyone have any suggestions?
Thanks everyone very much for suggestions
oem7110 wrote:It may be existed for a long periods of time, recently, I try Avira Internet Security, which show this activity within firewall, but Norton 360 does not have any option to detect this activity. At this moment, I have deny this program to access internet within Firewall.
For the worst case, I will reinstall window ...
Does anyone have any suggestions?
Thanks everyone very much for suggestions
Just be sure you have only one security software with real time scanning installed at a time. Be sure to use the removal utility for any you have removed.
So you have not used Dr.Web CureIt!?
peterweb wrote:Just be sure you have only one security software with real time scanning installed at a time. Be sure to use the removal utility for any you have removed.
I have tried at least 3 different anti-virus programs to scan it, and cannot detect it at all.
Norton 360
Kaspersky
Avira
...
Will it be the best approach to reinstall window?
Thanks everyone very much for suggestions
SendOfJive wrote:So you have not used Dr.Web CureIt!?
Could you please tell me where the offical site is for Dr.Web CureIt?
Thanks everyone very much for suggestions
oem7110 wrote:When I look for setup.exe file under this directory, there is nothing there.
I have try to clean temp without any luck to remove it.
Do you have any suggestions on what it is? and how to remove it?
Thanks you very much for suggestions
How have you determined this file is running when you say the temp directory is empty?
oem7110 wrote:
SendOfJive wrote:So you have not used Dr.Web CureIt!?
Could you please tell me where the offical site is for Dr.Web CureIt?
I am not advising you to use Dr.WebCureIt!. I am saying that the file is question could be Dr.WebCureIt!, a legitimate AV scanner. Check your installed programs for Dr.Web software.
peterweb wrote:How have you determined this file is running when you say the temp directory is empty?
Under the Avira's Firewall, before setup.exe is deny, the folder of RarSFX0 is checked and emptied.
At this moment, after setup.exe is deny, I don't know why the folder of RarSFX0 is gone.
Does anyone have any suggestions?
Thanks everyone very much for suggestions
oem7110 wrote:
peterweb wrote:Just be sure you have only one security software with real time scanning installed at a time. Be sure to use the removal utility for any you have removed.
I have tried at least 3 different anti-virus programs to scan it, and cannot detect it at all.
Norton 360
Kaspersky
Avira
...
Will it be the best approach to reinstall window?
Thanks everyone very much for suggestions
Please confirm that you do not have all three AVs installed together on your system.
Krusty13 wrote:Please confirm that you do not have all three AVs installed together on your system.
I only install one AVs at a time for testing security.
Does anyone have any suggestions?
Thanks everyone very much for suggestions
[PATH]\Temp\RarSFX0 (Or RarSFX1) has the setup file for Avira AV products inside.
Microsoft Setup Bootstrapper may also use RarSFX0 to place setup files for Microsoft products.
Other Companies use [PATH]\Temp\Rar[CHRACTERS] as a folder.
"I only install one AVs at a time for testing security." so you should know how a product works if you are a tester.
Quads