Opening explorer.exe launches "msiexec.exe /v"

Discussion in 'ProcessGuard' started by sawsrocks, Dec 12, 2006.

Thread Status:
Not open for further replies.
  1. sawsrocks

    sawsrocks Registered Member

    Joined:
    Dec 12, 2006
    Posts:
    2
    Whenever I open explorer I get 3 PG alerts (which I deny) to allow c:\winnt\system32\services.exe to run the command "c:\winnt\system32\msiexec.exe /v". This seems to be an unidentified installation process.

    Is there any way to find out why this is happening and how to stop it without using "Deny Always" on msiexec.exe ?
     
  2. TheQuest

    TheQuest Registered Member

    Joined:
    Jun 9, 2003
    Posts:
    2,301
    Location:
    Kent. UK by the sea
  3. sawsrocks

    sawsrocks Registered Member

    Joined:
    Dec 12, 2006
    Posts:
    2
    Thanks for the pointers.

    I guess I wasn't completely clear but my issue is that I don't want to launch this every time I open Search, Network Places, IE, Explorer and others.

    I would like to know if it is a virus, what starts it and how to disable the culprit.

    I am including a image of the PG screen

    http://thecovingtons.com/eric/pg/untitled.bmp
     
  4. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    Most likely this is a corrupted or unfinished program installation. If you cannot uninstall/reinstall the program responsible, then Microsoft's Installer Cleanup Utility may be a solution.
     
  5. siliconman01

    siliconman01 Registered Member

    Joined:
    Mar 6, 2003
    Posts:
    780
    Location:
    West Virginia (USA)
    Another tactic that might work is to boot into SAFE MODE and make the installer run by opening Explorer. This may permit the installer to complete what it is trying to do. Then close Explorer and reboot into Normal Mode. I've had success in the past doing this.
     
  6. Ice_Czar

    Ice_Czar Registered Member

    Joined:
    May 21, 2002
    Posts:
    696
    Location:
    Boulder Colorado

    interesting I wonder which cache and where it is
    you could try deleting the files in
    %systemroot%\Documents and Settings\Username\Local Settings\Temp
    then deny and see if anything new appears

    you could also demo TaskInfo and try to track it down
    DClick the process in the left pane and see all sorts of info in the lower right about it
     
    Last edited: Dec 22, 2006
Thread Status:
Not open for further replies.