Windows Installer During BOOT!

EL CONJUNTO · 2010/01/27

I found a Win XP Pro machine where during boot, right after the blue Welcome screen and just before the desktop appears, the Windows Installer appears. It stays on for about 20 seconds whether or not you hit cancel and then everything continues as normal with seemingly no problems. Is there any way to determine just what its trying to install or simply a way to just remove it? Its puzzling and annoying but I don't want to open up a can of worms and could just as well tell the owner to ignore it. Anyone with some ideas?

broni · 2010/01/27

Download Autoruns for Windows: http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx
No installation required.
Simply unzip Autoruns.zip file, and double click on autoruns.exe file to run the program.
Go File>Save, and save it as AutoRuns.txt file to know location.
You must select Text from drop-down menu as a file type:

Upload the file here: http://uploadmb.com/
Post download link.

EL CONJUNTO · 2010/01/28

I hope I did this right.

Direct Link http://www.uploadmb.com/dw.php?id=1264700987

Forum Code AutoRuns.txt

broni · 2010/01/28

I can't read the file.
You didn't follow instructions.
You simply renamed autoruns.arn to autoruns.txt
It won't work.
Please re-read instructions.

You must select Text from drop-down menu as a file type:
Click to expand...

and look at the image, I posted.

EL CONJUNTO · 2010/01/28

I have limited access to the machine...please PM me. THX

broni · 2010/01/28

Simply try again tomorrow, when you're at the computer.

EL CONJUNTO · 2010/01/29

OK...Here wego again...............

http://www.uploadmb.com/dw.php?id=1264786962

<A HREF='http://www.uploadmb.com/dw.php?id=1264786962'>AutoRuns.txt</A>

AutoRuns.txt

broni · 2010/01/29

I can't say for sure, without running some scans, but I suspect, you may have some infection.

Read this post, then post the requested log(s) in the Malware and Virus Removal forum.

EL CONJUNTO · 2010/01/29

The computer was infected prior to me cleaning it. I don't know if this is a residual part of the virus as I came in late to the game. ...But it WAS infected.

broni · 2010/01/29

According to what I saw in Autoruns, you still ARE.

EL CONJUNTO · 2010/01/29

I downloaded DDS and will try to get the logs sometime Sunday. I'll post them as soon as I can.

broni · 2010/01/29

Very well, but don't post them here. Create new topic in Malware Forum.

EL CONJUNTO · 2010/01/29

Will do..............Thanks!

broni · 2010/01/29

Sure thing

Log in or Sign up

Windows Installer During BOOT!

EL CONJUNTO Well-Known Member Thread Starter

broni Moderator Malware Analyst

EL CONJUNTO Well-Known Member Thread Starter

broni Moderator Malware Analyst

EL CONJUNTO Well-Known Member Thread Starter

broni Moderator Malware Analyst

EL CONJUNTO Well-Known Member Thread Starter

broni Moderator Malware Analyst

EL CONJUNTO Well-Known Member Thread Starter

broni Moderator Malware Analyst

EL CONJUNTO Well-Known Member Thread Starter

broni Moderator Malware Analyst

EL CONJUNTO Well-Known Member Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Windows Installer During BOOT!

EL CONJUNTO Well-Known Member Thread Starter

broni Moderator Malware Analyst

EL CONJUNTO Well-Known Member Thread Starter

broni Moderator Malware Analyst

EL CONJUNTO Well-Known Member Thread Starter

broni Moderator Malware Analyst

EL CONJUNTO Well-Known Member Thread Starter

broni Moderator Malware Analyst

EL CONJUNTO Well-Known Member Thread Starter

broni Moderator Malware Analyst

EL CONJUNTO Well-Known Member Thread Starter

broni Moderator Malware Analyst

EL CONJUNTO Well-Known Member Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches