| Author | Thread |
|
|
09/28/2010 04:09:34 PM · #51 |
Originally posted by GinaRothfels:
Originally posted by Jac:
Originally posted by GinaRothfels:
So now I'm looking at websites that offer a scan to check for Inst.exe errors, but I'm scared to run them. I just don't know what to trust any more. |
I wouldn't run anything from a web site. That's got to be the easiest way to infect a computer. |
AVG, Spybot and Microsoft Security Essentials were all downloads too. And a fair amount of the software I run was bought off the internet. Does that mean none of those are safe either? |
No, that's not what it means. What's being referred to is, when you google "inst.exe" you get sent to pages, every one of which has a link to some piece of "free" software that will scan for those specific errors, or so they say. I am intensely suspicious of this, especially because none of these pages are anywhere near as up-to-date as a currently-updated AVG... One of the most devious, conniving ways of infecting people with crap is to latch on to them when they are seeking information about crap they already may have; you send them to a legitimate-looking place, they download a file, and bingo they are infected with some other damned thing.
Your best bet is to contact your security provider, AVG, directly ΓΆ€” ask them what they want you to do. That's assuming you PAY for AVG (I do): if you're using the free version, you might want to upgrade just so you can access their customer help desk.
R. |
|
|
|
09/28/2010 04:13:20 PM · #52 |
Originally posted by Bear_Music:
Originally posted by Jac:
Originally posted by GinaRothfels:
So now I'm looking at websites that offer a scan to check for Inst.exe errors, but I'm scared to run them. I just don't know what to trust any more. |
I wouldn't run anything from a web site. That's got to be the easiest way to infect a computer. |
Totally agree. I was looking at that too, for you, and I didn't like where any of it was leading. There are legitimate forms of inst.exe as far as I can see.  xanderale joined the site to publish that warning; what's he doing here? How did he know to come here? Possibly as simple as googling, cuz if you google 77.78.239.168 this thread shows up, but on the other hand he's the first one to print that number in here I think? I'm confused. I sent a ticket to SC about his post, as soon as he posted it, and it's still up, so apparently they think that's legitimate information, I donno...
R. |
I noticed all that you mention too. I'm really not sure how he got here. Regardless, I've only clicked on two links from a Google search on "Inst.exe", (both pages are shown as safe) and one of them says "inst.exe is a process which is registered as a trojan". Now that I look more closely at the other, though, it only indicates that it MAY be a problem. The thing is snip 4 shows inst.exe being run and coming from the suspicious source. I have done a search on my computer which doesn't find any file of that name. I am currently running Microsoft Security Essentials (again) on a full scan after AVG and Spybot found nothing. I really don't know whether to go on looking (as xanderale seems to suggest I should) or whether to assume that the programs I have used have got rid of the problem. |
|
|
|
09/28/2010 04:21:23 PM · #53 |
Originally posted by Bear_Music:
Originally posted by GinaRothfels:
Originally posted by Jac:
Originally posted by GinaRothfels:
So now I'm looking at websites that offer a scan to check for Inst.exe errors, but I'm scared to run them. I just don't know what to trust any more. |
I wouldn't run anything from a web site. That's got to be the easiest way to infect a computer. |
AVG, Spybot and Microsoft Security Essentials were all downloads too. And a fair amount of the software I run was bought off the internet. Does that mean none of those are safe either? |
No, that's not what it means. What's being referred to is, when you google "inst.exe" you get sent to pages, every one of which has a link to some piece of "free" software that will scan for those specific errors, or so they say. I am intensely suspicious of this, especially because none of these pages are anywhere near as up-to-date as a currently-updated AVG... One of the most devious, conniving ways of infecting people with crap is to latch on to them when they are seeking information about crap they already may have; you send them to a legitimate-looking place, they download a file, and bingo they are infected with some other damned thing.
Your best bet is to contact your security provider, AVG, directly ΓΆ€” ask them what they want you to do. That's assuming you PAY for AVG (I do): if you're using the free version, you might want to upgrade just so you can access their customer help desk.
R. |
Thanks, I've closed those pages. That's why I was afraid to run them even though my protection showed those pages as safe (unlike the original one that caused all the problems - if only I'd noticed instead of letting it get me panicked, which is no doubt how they want people to react).
I do have a paid version of AVG, but find that in South Africa support for anything seems to be a bit tricky. I've already wasted so much time on this, but may have to find some time to contact them. Perhaps I should check their website sometime. I really do have other things to do though and can't spare the time for it right now. I hope that's not taking a serious risk, but I just can't spend all my time on this one thing. |
|
|
|
09/28/2010 04:27:17 PM · #54 |
Is your PC doing anything abnormally, like taking more time to open programs or browsing the net. Is there a delay when exiting software or opening it?
Are you familiar with the Task Manager? Processes running? Notice anything out of the ordinary? Is there a process that is constantly using memory while your PC is idle? |
|
|
|
09/28/2010 04:29:25 PM · #55 |
What you ran appears to be a typical scareware scam to get you to buy antivirus; often, they also plant trojans/viruses on your system.
The 77.78.239.168 IP of your original download is certainly suspicous, as were the messages.
General information on 77.78.239.168:
IPv4 address: 77.78.239.168
IPv6 address: ::ffff:4d4e:efa8
Host name: 77.78.239.168
Reverse DNS: 77.78.239.168
Country: REPUBLIC OF MOLDOVA
RBL (Real-Time Blocking List) lookup on 77.78.239.168:
SPAMCOP: Not Found
SBL: Not Found
XBL: Not Found
CBL: Not Found
NJABL: Not Found
SORBS: Not Found
SURBL: Not Found
However, note it's not on a spam blacklist.
If you have spybot, as your previous message suggests, you should update definitions and run it. Also, make sure you immunize--that adds bad IPs to the hosts file so you can't even go to those sites.
Now, just for extra feeling of security, dowload and run superantispyware. That sounds like one of those rogue apps, but it's actually not. You can read it as recommended software on many sites. However, it is "nagware/upgrade-ware" where they try to get you to buy each time you run it by offering a super sale!
Anyway, superantispyware does exactly as they advertise--it can find and eliminate many trojans that others miss. I used to use it to get rid of hard to kill stuff on my son's PC.
Another well thought of trojan finder is malwarebytes.
It's good to have a few of those around, run the best of them regularly, and when suspicious things happen, run them all just to be sure.
//www.malwarebytes.org/
As to our new poster...his sudden appearance does seem suspicious, as does the statement that his wife ran this PC software on the Mac, yet he's immune to the virus. If he can run the software, he's not immune.
Inst.exe is at the heart of a number of trojans as can be found on Symantec's SARC site (a great site for antivirus lookup). Here's a link to the search.
Good luck!
|
|
|
|
09/28/2010 05:32:43 PM · #56 |
To the best of my knowledge my PC is running the same way as it always does.
 nshapiro thanks for those links. I will have a look at them as soon as I have some free time.
I have run all three programs I mentioned earlier and none of them have found anything out of the ordinary today. I will immunize now. |
|
|
|
09/28/2010 05:39:18 PM · #57 |
| I ran immunize, but it would only let me immunize a small proportion of my files. I suppose that's the best I can do for tonight. |
|
|
|
09/28/2010 06:27:33 PM · #58 |
Originally posted by Jac:
I wouldn't run anything from a web site. That's got to be the easiest way to infect a computer. |
Do not use any random website that offers you a virus scam. At the very least use something that has been referred to you by a trusted source. (Such as all the self-professed experts on DPC that you've never met in person.)
Message edited by author 2010-09-28 18:27:44.
|
|
|
|
09/28/2010 07:20:57 PM · #59 |
Originally posted by Yo_Spiff:
Originally posted by Jac:
I wouldn't run anything from a web site. That's got to be the easiest way to infect a computer. |
Do not use any random website that offers you a virus scam. At the very least use something that has been referred to you by a trusted source. (Such as all the self-professed experts on DPC that you've never met in person.) |
If only they would say it was a scam they were offering:) |
|
|
|
09/28/2010 07:30:15 PM · #60 |
Were you offered software to purchase to clean your PC? Imagine how many people have bought this thinking they were doing the right thing.
This %$#& made 100 million.
Another article about scareware |
|
|
|
09/28/2010 07:38:24 PM · #61 |
Originally posted by SteveJ:
Originally posted by GinaRothfels:
Originally posted by SteveJ:
Crash your pc, then open in safe mode. Run AVG in safe mode, it gets rid of that virus which you will find is a Trojan horse. Already done this three times with daughter's laptop as she keeps going on these unsafe sites:) |
I don't even know if there is a virus. And I haven't a clue how to crash my pc or how to open it in safe mode. |
Hold the power button for about five seconds while it is on as normal. That will crash it and reboot it, it should give the option to open in safe mode, if not, keep crashing it until it does. This does not hurt your PC. |
I'm a little late coming to the party.
This is not really "crashing" your pc per se, that is whats called a "hard shutdown" and it won't cause your pc to offer a safe mode startup unless you do it while windows is in the process of starting up. The easiest way is as Bear suggested.
At any rate, the easiest (and imo) cleanest way to fix this is to find someone you know who has some computer savvy, save any pics/docs/music etc that you want to keep, then wipe the hd and reinstall Windows.
It's not nearly as scary as it sounds if you have someone that knows how and, often, you'll be glad you'll did as any Windows pc starts to run slow after a few years and a good reinstall does wonders, kind of like a colon cleansing.
if you ABSOLUTELY do not want to try that, or have no tech savvy friends/relatives, I have often found with these types of malware that you can delete them. If you go to "MY Computer" then into your C: drive, then click on the "program files" folder you might see a folder under the same name of the AntiVirus purchase offer you were getting.Delete that folder.
Also go to the folder that is at C:\Documents and Settings\All Users\Start Menu\Programs\Startup and make sure you don't see anything in there related to that as well.
There is my 2 cents worth, although it may be worth 2 and a half cents...I do work in the IT industry and deal with this on a weekly basis.
Message edited by author 2010-09-28 19:39:30. |
|
|
|
09/28/2010 07:38:53 PM · #62 |
I didn't click on anything unknown today, so I wasn't offered anything to buy. After this experience I don't think I'll buy anything without getting advice from "all the self-professed experts on DPC that I've never met in person" first.
My family think it's rather strange that I'm getting my computer advice from a photography site, but if I went to a computer site, there would be nobody there that I "knew". |
|
|
|
09/28/2010 07:43:03 PM · #63 |
I see new advice from  smardaz came in while I was typing. Will have to check it out properly tomorrow. It's way past my bedtime(again). I can't believe how much of my time this has taken up just because I clicked on one dud Google search link. |
|
|
|
09/28/2010 07:49:20 PM · #64 |
I agree with Smardaz, that the best way to KNOW you've got it is to "nuke it from orbit" and then reinstall. This means you need to have an original windows disk, or the restore disk that came with the computer. Then you get the fun of reinstalling and reconfiguring everything. Still the best way. If you don't have that, you can never be 100% certain you got it all out.
On a related note, I've been getting spam emails from my sister in law recently. Just a cryptic email containing a link that has a strong smell of being a pork product. Very out of the norm for what I would get from this person. If you receive any e-mails like that, do NOT click on the link. She is going to bring it to me at work tomorrow and I'll be letting it run malware scans with a number of different products over the next several days. (She does not have her original disks)
Message edited by author 2010-09-28 19:50:05.
|
|
Home -
Challenges -
Community -
League -
Photos -
Cameras -
Lenses -
Learn -
Help -
Terms of Use -
Privacy -
Top ^
DPChallenge, and website content and design, Copyright © 2001-2025 Challenging Technologies, LLC.
All digital photo copyrights belong to the photographers and may not be used without permission.
Current Server Time: 08/21/2025 12:41:06 PM EDT.
