What is ins19.exe?

Discussion in 'ProcessGuard' started by HankPiano, Jan 23, 2006.

Thread Status:
Not open for further replies.
  1. HankPiano

    HankPiano Registered Member

    Joined:
    Jun 1, 2005
    Posts:
    62
    Yesterday I did a clean install of XP. After installing PGuard 3.2 it shows a message, everytime when I reboot, telling me the program is 'unable to ask user' to allow (or block) ins19.exe in C:\documents and settings\my name\local settings\temp.

    The strange thing is however I do not see any file with that name in that directory and Google doesn't find anything either (for a change!). Could anybody tell me the meaning of this message and what to do with it?
     
  2. SpikeyB

    SpikeyB Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    478
    My guess is that something early on in the bootup (hence unable to ask user) is creating and then removing the ins19.exe file. Can you go to the security tab and find an entry for ins19.exe and set it to allow always?
     
  3. HankPiano

    HankPiano Registered Member

    Joined:
    Jun 1, 2005
    Posts:
    62
    That 's no problem of course and I've already done so.

    Yet I'm curious to know what this little file is doing exactly since I'm rather careful to activate the 'permit always' option for anything I don't know.
     
  4. SpikeyB

    SpikeyB Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    478
    I suppose you could set ins19.exe to be blocked always and see what stopped working.
     
  5. HankPiano

    HankPiano Registered Member

    Joined:
    Jun 1, 2005
    Posts:
    62
    Yeah....that 's another option, didn't think about that (to careful.... ;) )
    Anyway, I'll try it and let you know. Thanx.

    EDIT: this is another strange one:
    is-lu4r6.tmp c:\documents and settings\my name\local settings\temp\is-6q3k5.tmp
    This file I can't find in the given directory either....must be part of an application which needs it only when starting up, but I don't have any idea which application that might be. Somebody else here?
     
    Last edited: Jan 23, 2006
  6. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    From installing software, a temporary file. You should remove them when they are like the above (is-o_O??.tmp)

    The INS19.exe however sounds suspicious, and temp files do not stay around and run again, thats not their purpose ! I suggest you upload and scan it at http://virusscan.jotti.org
     
  7. HankPiano

    HankPiano Registered Member

    Joined:
    Jun 1, 2005
    Posts:
    62
    I would like to, the problem is that the file doesn't exist anymore, though PGuard does mention it. Like SpikeyB already wrote: 'My guess is that something early on in the bootup (hence unable to ask user) is creating and then removing the ins19.exe file'.

    In the security section I set it on 'deny always' and after rebooting my PC I tried quite a few (not all....) applications but didn't encounter any problem.
     
  8. SpikeyB

    SpikeyB Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    478
    Just a thought, can you check through your PG logs and see what starts immediately before ins19.exe starts/is blocked. Does that give any clues?
     
  9. HankPiano

    HankPiano Registered Member

    Joined:
    Jun 1, 2005
    Posts:
    62
    Well, there were some other problems, for instance the logfile for applications in the Control Panel appeared to be damaged and not accessible. I'm not sure, but the problems seemed to be related to Sygate. Strange, didn't happen before.

    To avoid further complications I decided to go for the easiest way and put back the Acronis-image I made right after the clean-install of last weekend. I'm still working on this configuration, with ZoneAlarm. So far so good. PGuard has not yet been installed, probably to-morrow, if there's some time left. May be later I'll find out what the files, mentioned in this thread, were all about.

    Anyway, thanks for the replies :) .
     
  10. HankPiano

    HankPiano Registered Member

    Joined:
    Jun 1, 2005
    Posts:
    62
    Yesterday I finished the new configuration of XP with PGuard installed. To my surprise I got another 'unable to ask user' message of this little 'ins' thing, this time 'ins31'.

    The logfile tells me:
    21:32:20 [EXECUTION] "c:\docume~1\myname\locals~1\temp\ins31.exe" was allowed to run
    [EXECUTION] Started by "c:\windows\explorer.exe" [1280]
    [EXECUTION] Commandline - [ "c:\docume~1\myname\locals~1\temp\ins31.exe" /onreboot /silent]

    Started by explorer, it didn't look something dangerous to me, so I removed it from the list in the security section, after that it didn't show up again. I hope it was the right decision.
     
Thread Status:
Not open for further replies.