Unknown program trying to install

Discussion in 'Windows 7 Help and Support' started by jackotis, Jan 2, 2014.

  1. jackotis

    jackotis New Member

    Joined:
    Jan 2, 2014
    Messages:
    3
    Likes Received:
    0
    For the past few days, when booting my computer, the last startup action is
    UAC, showing the blue-yellow "OK" checked shield, asking for admin approval to run a file named "...AppData\local\temp\s3ms\Setup.exe /S". The file has no signature, and the folder/file doesn't show up on any search. Moreover, the file address changes on each reboot, like "...\s304\Setup.exe /S" or "...\ss68\Setup.exe /S". A bootlog doesn't show it, nor does a registry search. A complete scan reveals no problem and browser download history shows nothing amiss. I'm not about to run the file before knowing exactly what it is.

    One other thing - when rousing the system from dozing, the UAC request appears.

    Any ideas or suggestions would be welcome. Thanks.

    Jack Moore
    jackotis.com
     
  2. seekermeister

    seekermeister Honorable Member

    Joined:
    May 29, 2009
    Messages:
    1,499
    Likes Received:
    85
    I would share your suspicion, but when you say you ran a full scan, what did you run it with? Have you scanned with Malwarebytes?

    EDIT: Also delete everything that is deletable in AppData/local/temp and see if the problem remains.
     
    #2 seekermeister, Jan 2, 2014
    Last edited: Jan 2, 2014
  3. Twinnii

    Twinnii Well-Known Member

    Joined:
    Aug 10, 2012
    Messages:
    107
    Likes Received:
    0
    Hello, please go to the start button and in the Run/Search box, please type in msconfig
    Then a new window will pop-up. Please select the tab that says Startup.
    Look for this program and any weird entries uncheck it.
    The next thing you should do if you are unaware of this program is to run a scan for malware.
    Update your current anti-virus and run a full scan while disconnected from Internet.

    Also you can go to download.com and download several applications to assist in your removal of malware.
    Avg anti-virus, Spybot Search & Destroy and malwarebytes; to name a few.
    Usually files in the temp location can be deleted, but it's definitely some sort of malware.
     
  4. jackotis

    jackotis New Member

    Joined:
    Jan 2, 2014
    Messages:
    3
    Likes Received:
    0
    Thanks for your replies and help. It turned out to be "tubedimmer," an app that had not completely installed. As for malware scans I use MS Security Essentials with UAC on, set high.
     
  5. MikeHawthorne

    MikeHawthorne Essential Member
    Microsoft Community Contributor

    Joined:
    May 25, 2009
    Messages:
    6,046
    Likes Received:
    300
    Hi

    I too use MS Security Essentials but I do advise running both CCleaner and Malwarebytes regularly.
    There's a lot of stuff that MSE lets through.

    I don't run the UAC but that's a personal choice, I just don't like the hassle of all the pop up messages.

    Mike
     
  6. jackotis

    jackotis New Member

    Joined:
    Jan 2, 2014
    Messages:
    3
    Likes Received:
    0
    It seems I dodged a bullet since Tubedimmer didn't complete its
    installation. A CNet review...
     

Share This Page

Loading...