Microsoft Windows Vista Community Forums - Vistaheads
Recommended Download



Welcome to the Microsoft Windows Vista Community Forums - Vistaheads, YOUR Largest Resource for Windows Vista related information.

You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so , join our community today!

If you have any problems with the registration process or your account login, please contact us.

Driver Scanner

instb32.exe - Malware?

microsoft.public.windowsupdate






Speedup My PC
Reply
  #1 (permalink)  
Old 02-28-2008
Frank
 

Posts: n/a
instb32.exe - Malware?
Last night i did a windows update to my vista machine. This afternoon,
Threatfire my marware behavior detection program detected "suspicious"
activety. A program called INSTB32.SYS in C:\windows\temp\INSTB32.SYS was
trying to install itself as instb32.exe to the windows system file
C:windows\System32\instb32.exe.

Is either INSTB.SYS or instb.exe a ligitimate windows file? Is this malware.
How come this was not detected with the install if its ligit? I have found
no answers to this so far. I have both files quaren****ed until I get an
asnwer.

Sincerly

Frank
Reply With Quote
Sponsored Links
  #2 (permalink)  
Old 02-28-2008
PA Bear [MS MVP]
 

Posts: n/a
Re: instb32.exe - Malware?
Unexplained computer behavior may be caused by deceptive software
http://support.microsoft.com/kb/827315

Run a /thorough/ check for hijackware, including posting your hijackthis log
to an appropriate forum.

Checking for/Help with Hijackware
http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://aumha.net/viewtopic.php?t=5878
http://wiki.castlecops.com/Malware_R...:_Introduction
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/data/prevention.htm
http://inetexplorer.mvps.org/tshoot.html
http://www.mvps.org/sramesh2k/Malware_Defence.htm
http://defendingyourmachine2.blogspot.com/
http://www.elephantboycomputers.com/...moving_Malware

When all else fails, HijackThis v2.0.2
(http://aumha.org/downloads/hijackthis.zip) is the preferred tool to use.
It will help you to both identify and remove any hijackware/spyware with
assistance from an expert. **Post your log to
http://forums.spybot.info/forumdisplay.php?f=22,
http://castlecops.com/forum67.html,
http://forums.subratam.org/index.php?showforum=7,
http://aumha.net/viewforum.php?f=30, or other appropriate forums for review
by an expert in such matters, not here.**

If the procedures look too complex - and there is no shame in admitting this
isn't your cup of tea - take the machine to a local, reputable and
independent (i.e., not BigBoxStoreUSA) computer repair shop.
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
AumHa VSOP & Admin http://aumha.net
DTS-L http://dts-l.net/

Frank wrote:
> Last night i did a windows update to my vista machine. This afternoon,
> Threatfire my marware behavior detection program detected "suspicious"
> activety. A program called INSTB32.SYS in C:\windows\temp\INSTB32.SYS was
> trying to install itself as instb32.exe to the windows system file
> C:windows\System32\instb32.exe.
>
> Is either INSTB.SYS or instb.exe a ligitimate windows file? Is this
> malware.
> How come this was not detected with the install if its ligit? I have found
> no answers to this so far. I have both files quaren****ed until I get an
> asnwer.
>
> Sincerly
>
> Frank


Reply With Quote
  #3 (permalink)  
Old 02-28-2008
MowGreen [MVP]
 

Posts: n/a
Re: instb32.exe - Malware?
Did you check the Properties of the suspect file ?
Right click both instb32.exe and instb32.sys then click the Version tab
to see if they are legit are not.
And/or have them scanned at:
http://virusscan.jotti.org/
or
http://www.virustotal.com/

Did you submit the suspect files to Threatfire for analysis ?
Which 'windows update' was installed ?
It would have to be an update to a driver since no security update that
came out on Patch Tuesday contained either of the files you've posted.

MowGreen [MVP 2003-2008]
===============
*-343-* FDNY
Never Forgotten
===============



Frank wrote:

> Last night i did a windows update to my vista machine. This afternoon,
> Threatfire my marware behavior detection program detected "suspicious"
> activety. A program called INSTB32.SYS in C:\windows\temp\INSTB32.SYS was
> trying to install itself as instb32.exe to the windows system file
> C:windows\System32\instb32.exe.
>
> Is either INSTB.SYS or instb.exe a ligitimate windows file? Is this malware.
> How come this was not detected with the install if its ligit? I have found
> no answers to this so far. I have both files quaren****ed until I get an
> asnwer.
>
> Sincerly
>
> Frank

Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
werfault.exe and wermgr.exe causing 100% CPU Jas microsoft.public.windows.vista.performance maintenance 5 05-02-2010 18:47
IEDefender identifies Microsofts msnmsgr.exe as malware. WinVistaClub WinVistaClub Blog 0 12-09-2007 19:00
IEDefender identifies Microsofts msnmsgr.exe as malware. HappyAndyK Security News 0 12-03-2007 17:52
Users group can't run attrib.exe or subst.exe Keith Hill [MVP] microsoft.public.windows.vista.administration accounts passwords 2 09-28-2007 18:14
Missing digital signatures for hkcmde.exe igfxtray.exe igfxpers.exe Michael Chare microsoft.public.windows.vista.general 5 03-25-2007 21:11




All times are GMT +1. The time now is 17:21.




Driver Scanner - Free Scan Now

Vistaheads.com is part of the Heads Network. See also XPHeads.com , Win7Heads.com and Win8Heads.com.


Design by Vjacheslav Trushkin for phpBBStyles.com.
Powered by vBulletin® Version 3.6.7
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.6.0 RC 2

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120