imloader.exe

Discussion in 'malware problems & news' started by ~*Nat*~, Jan 23, 2005.

Thread Status:
Not open for further replies.
  1. ~*Nat*~

    ~*Nat*~ Registered Member

    Joined:
    Jul 9, 2004
    Posts:
    8,129
    Location:
    Germany/Ohio-USA ~ between two worlds
    When I scanned with a-squared last night, it says it found 1 Malware:

    Filename: c:\WINDOWS\Downloaded Program Files\imloader.exe

    Diagnosis: not-a-virus:RiskWare.Downloader.ImLoader.b




    I don't know for sure but I believe it has something to do with my
    Incredimail,which is installed but haven't used it for a few months.
    I also notice a few times a week it "seems" to install something,
    I see in my Start - All Programs a message-bubble that a new program has been
    installed, and Incredimail is highlighted !

    So, I wonder if this imloader.exe is something to worry about or may be just
    a false alert ?

    Also, the a2 doesn't give you the option to put in some kind of quarantine, like
    for example an anti-virus would have.
    Only "delete".

    I did not want to delete before I know for sure I won't break something.


    Can someone help me with this please ?


    P.S. I know I can always ask the boards over at a-squared, but wanted to try here first. :)
     
    Last edited: Jan 23, 2005
  2. ~*Nat*~

    ~*Nat*~ Registered Member

    Joined:
    Jul 9, 2004
    Posts:
    8,129
    Location:
    Germany/Ohio-USA ~ between two worlds

    Hey there Mr.P. ;)

    Thank's a bunch....you bet it helps!
    It looks like this 'imloader' isn't considered a pest afterall. It's odd though that
    a2 picked it up as a malware.

    Hmm..maybe it's because, on the other site you gave me it looks like a big pain to get rid of Incredimail.
    Oooh how I am looking forward to uninstall. And having to tinker into the deep......:rolleyes:

    I still don't know if I should just go ahead and delete it or leave. I have some messages to save still before uninstalling Incredimail........
     
  3. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    Actually A2 didn't pick it up as malware, it picked it up as 'Riskware', which is something that may be completely legitimate but poses a risk (albeit very small) because it could be misused in a harmful way by genuine malware.

    This all came about with the recent big increase in A2's sig base. They decided to include riskware, and this has caught out a lot of people - including myself!

    The general rule is don't delete these items as the finding is just to advise you of a theoretical threat (they are described as being NOT a virus!). Naturaly if you no longer need the program to which it relates you would delete the risk; otherwise just ignore it.
     
  4. GlobalForce

    GlobalForce Regular Poster

    Joined:
    Jun 30, 2004
    Posts:
    3,581
    Location:
    Garden State, USA
    Hello Nat,

    When you're finally ready to uninstall IncrediMail, you can avoid the popup you'll encounter in add/remove by first booting
    into safe mode. Once there you can either press Ctrl+Alt+Delete or right-click the taskbar to bring up the Taskmanager.
    Here is where you want to "kill" the IncrediMail process....incredimail.exe or similar. You need to take care of this first
    because of IncrediMail's self-loading, run in the background nature.

    While still in safe mode, goto Start - All Programs - IncrediMail - UnInstall.

    Then type - regedit - into a run box and follow steps 1-3 "ONLY" on this page.

    After doing the above, navigate with Windows Explorer to....
    C:\Program Files and DELETE the "IncrediMail" folder and sub folders.

    Reboot normally and IncrediMail should be GONE !

    There may be a final step if Windows Explorer cannot delete the IncrediMail folder.....so I will wait to hear, OK.

    Note : Information, courtesy....."Hunter" ;) at Gladiator Security.


    Best,
    GF
     
    Last edited: Jan 23, 2005
  5. ~*Nat*~

    ~*Nat*~ Registered Member

    Joined:
    Jul 9, 2004
    Posts:
    8,129
    Location:
    Germany/Ohio-USA ~ between two worlds
    Lol, Topper. When my brain sees 'Malware, Riskware & co' I connect it to 'danger'. :D

    Anyways, your input is much appreciated and I believe what you say.
    As a matter of fact during the scan it said in red color Malware found....

    Then at the diagnosis it said: not-a-virus: RISKWARE.
    Well..I didn't know better.

    I will do as you say, just ignore it and when I'm ready to uninstall Incredimail,
    this imloader.exe will "go" too. :D
     
  6. ~*Nat*~

    ~*Nat*~ Registered Member

    Joined:
    Jul 9, 2004
    Posts:
    8,129
    Location:
    Germany/Ohio-USA ~ between two worlds
    Thank you GF, again a very comprehensive description and explanation on "how to..." [​IMG]
    Looks like alot of work though, oh my....
    So I suppose it isn't finished by just go to ADD/Delete folder and done with it. Hmm?

    I will try all you said. :)
     
  7. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    Nat, you're right, it does put the wind up you by displaying "1 Malware found" in red during the scan only to decide it was only riskware afterwards!

    If you venture over to the A2 Forum you will discover that a couple of us have been caught by this. Apparently the A2 people are going to clarify things in future versions by including a definition of riskware.

    It is not just A2 that does this sort of thing, KAV with extended data bases, also finds riskware (and deletes it for you if you are not careful!). But, as has been said, it's much better to have an app with extensive 'finding' powers than one that just misses everything!
     
  8. ~*Nat*~

    ~*Nat*~ Registered Member

    Joined:
    Jul 9, 2004
    Posts:
    8,129
    Location:
    Germany/Ohio-USA ~ between two worlds
    Ha! Someone on A2 forum just confirmed too that it is 'harmless'. :D

    Well..this is good to know, isn't it. :)

    It's just confusing...but Topper...I understand what you're saying. :)
     
Thread Status:
Not open for further replies.