Very odd file for Windows Update

Discussion in 'other software & services' started by Rilla927, Mar 17, 2008.

Thread Status:
Not open for further replies.
  1. Rilla927

    Rilla927 Registered Member

    Joined:
    May 12, 2005
    Posts:
    1,710
    Has anyone ever seen this before for a windows update? This freaked me out.
     

    Attached Files:

  2. thanatos_theos

    thanatos_theos Registered Member

    Joined:
    Apr 28, 2007
    Posts:
    540
    The file msiexec.exe belongs to the Windows Installer Component. It might be installing the latest Windows updates.

    thanatos
     
  3. ThunderZ

    ThunderZ Registered Member

    Joined:
    May 1, 2006
    Posts:
    2,459
    Location:
    North central Ohio, U.S.A.
    That indeed is a very odd file name. Did you allow it?
     
  4. Rilla927

    Rilla927 Registered Member

    Joined:
    May 12, 2005
    Posts:
    1,710
    There were a total of 4 updates. I wasn't paying close attention to the first two that did install, but when I seen this I blocked it and the update failed like the next.

    I was puzzled because I have never seen a file like this from something legit. For a brief moment I thought malware was involved. It really threw me. Usually files that look like this is related to malware.

    I ran Gmer, Kaspersky and now I'm running SAS Pro just to play it safe.
     
  5. ThunderZ

    ThunderZ Registered Member

    Joined:
    May 1, 2006
    Posts:
    2,459
    Location:
    North central Ohio, U.S.A.
    A silly question.....are you sure you were at the MS updates site and not spoofed to another site? Have you tried going back? I just checked MS updates for XP yesterday and no critical ones were available. I agree, such a randomly named file is usually malware related.
     
  6. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    7,278
    Location:
    England
  7. Seer

    Seer Registered Member

    Joined:
    Feb 12, 2007
    Posts:
    1,596
    Location:
    Singidunum
    Last weeks Patch Tuesday had 4 updates. These are all for Office. But there should be Malicious Software Removal Tool as well. Perhaps one of them is the reason?
     
  8. Rilla927

    Rilla927 Registered Member

    Joined:
    May 12, 2005
    Posts:
    1,710
    Hi gang,

    Yes Seer, you are correct there were 4 office updates and the pop up I got from OA was from 2 of them. I didn't d/l the MSR Tool.

    @ThunderZ

    I would hope so cuz I clicked on the icon from the desktop. If I was spoofed they were very good. I just typed the url in and compared it to the one I used my icon and they look the same. I had to boot into another snapshot (due to another snafu) and update my Primary so it's all gone now.

    I have sat many a times and watched windows update and I have never seen anything like this. I really don't feel comfortable installing this.

    @Stapp

    Thanks for the link stapp. It does look similar.
     
  9. thanatos_theos

    thanatos_theos Registered Member

    Joined:
    Apr 28, 2007
    Posts:
    540
    Maybe msiexec.exe is trying to install a corrupted Windows update.

    thanatos
     
  10. ThunderZ

    ThunderZ Registered Member

    Joined:
    May 1, 2006
    Posts:
    2,459
    Location:
    North central Ohio, U.S.A.
    Sure has my curiosity perked.....as well as the hairs on the back of my neck. :eek: A possible option to check into this some more would be to use Belarc Advisor. This will allow you to download the individual updates from MS without using the update site. Would be curious if it shows an update by that name. It runs about a week behind the actual release time of the updates. However if you choose the IT download link from the MS site it takes you to you can get the updates to install at your leisure and\or slip-stream them using nLite for an unattended install as well.
    It also shows a wealth of other information about your system and the software installed.
     
  11. Rilla927

    Rilla927 Registered Member

    Joined:
    May 12, 2005
    Posts:
    1,710
    That's a good idea, I forgot about that program. I will give it a try next week and let you know what happens cuz I'm curious myself.
     
Loading...
Thread Status:
Not open for further replies.