is-H1MEG.exe

Discussion in 'malware problems & news' started by anotherforhector, Feb 1, 2010.

Thread Status:
Not open for further replies.
  1. anotherforhector

    anotherforhector Registered Member

    Joined:
    Jul 31, 2004
    Posts:
    4
    This morning Online Armor alterted me to the fact that an unknown file "is-H1MEG.exe" was attempting to install itself from c:/Windows. I located 3 files dated with todays date in C:/Windows -
    is-H1MEG.exe
    is-H1MEG.Ist
    is-H1MEG.msg

    I googled them and found no information. I opened "is-H1MEG.msg" in Notepad within Sandboxie, and it seems to be a message about "Inno Setup Messages (5.1.11)". I have not had anything to do with this program and I certainly did not voluntarily download these files. I deleted them from my computer after copying them to a thumb drive.

    I have checked my computer with the latest versions of Malwarebytes, Superantispyware, Spybot S&D and Avast!. None of them found anything.

    Does anyone have any information about these files? I feel very uneasy having these files turn up on my computer, with no warnings from any of my security programs (except for Online Armor when one tried to install itself).

    I run Windows XP Pro Sp3, Online Armor Premium, Superantispyware Pro (resident), Malwarebytes & Spybot on demand, Spywareblaster, Peerblock.
     
  2. Keyboard_Commando

    Keyboard_Commando Registered Member

    Joined:
    Mar 6, 2009
    Posts:
    690
    Relates to an older version of Inno Setup - I only know this because this is the same popup and I got from my OA after installing the Glary Utilities a few weeks back - Inno Setup is a legit software (but I have no idea about those other files). They are not showing up in google search or on malware help sites.

    Did you recently install any new software?

    Maybe someone with more knowledge on Inno Setup can chirp in. I am guessing it could be used to unpack malware, as well as legit stuff. If you can find an installation date with those files - take a look in your Event Viewer logs on that day and see what has happened. Control Panel > Admin Tools > Event Viewer > Application + System tabs.
     
Thread Status:
Not open for further replies.