How do you get rid of 'msiexec.exe'?

Question:

How do you get rid of 'msiexec.exe'?

anonymous

2011-06-13 12:29:59 UTC

Yesterday, I was just on youtube watching some videos and reading through make up articles, when out of now where, this pop up from the user account control message asked 'do you want to allow the following program from an unknown publisher make changes to this computer?'

Program name: msiexec.exe, Publisher: unknown, File origin: hard drive on this computer
Program Location: "C:\Users\(my comp name)\msiexec.exe"

Not only was there one pop up of this, but there was two. I then clicked no to both because I wasn't even doing anything that would need me to approve it. Then my Avast anti-virus popped up also saying there was a virus and I cleared that. The msiexec.exe pop up still keeps coming back! I think its a virus because usually, I don't think any microsoft stuff would keep popping back up after you hit no.... I tried to restart it to see if it'll go away but it doesnt....

Now I have no idea what to do. It's really annoying. I tried ending task, but nope, still the same.

Can anyone give me advice on how to get rid of it, STEP BY STEP, please? Like will I need to click yes then download something to clear it? Or would I have to download something first to get rid of it?

And I have NOT install anything recently what so ever.

Three answers:

The Phlebob

2011-06-13 13:02:05 UTC

This seems to be the latest wave in malware. The real msiexec.exe is a vital Windows program used to orchestrate installs for many legitimate programs. Unfortunately, it seems some malware is now also using it. Deleting the msiexec.exe program from C:\Windows\System32 is NOT the answer. Too many other programs will be affected, very negatively (which could even be part of the intent of the malware writers).

About all I can say right now is to run full scans with your antimalware in Safe Mode With Networking and hope it's been updated to deal with the malware.

To get into Safe Mode with Networking:

1. Log out and reboot your machine.

2. When the machine starts the reboot sequence, press the F8 key repeatedly.

3. Select Safe Mode with Networking from the resulting menu.

4. Login. If the malware has changed your password, try logging in as Administrator. By default, Administrator has no password.

5. The machine will continue booting, but the Windows desktop will look different.

6. When you're finished doing what you need to do, log out and reboot back into normal mode.

Hope that helps.

soupfine

2011-06-13 20:17:08 UTC

You have a fake msiexec.exe. The real one would be in the System32 folder and would list Microsoft as it's publisher.

Try deleting it but there is probably more to it on your computer that will just reinstall it. I'd try doing everything from safe mode..ending it's process...deleting the file.

I would also download Autoruns. In Autoruns click on the logon tab to see what applications are set to start when Windows starts. You can narrow the results by excluding Windows entries and then refreshing the scan. This is a good tool for finding malware and deleting or disabling it's registry entries but you have to decide what is malware and what is not.

http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx

If you can disable the registry entries for the malware you should be able to restart the computer w/o the malware loading and should then be able to delete it's files.

Michael A

2011-06-13 19:48:54 UTC

Not sure that you should! Msiexec.exe is a program that interprets packages and installs products. This program is important for the stable and secure running of your computer and should not be terminated.

However see third link below.

ⓘ

This content was originally posted on Y! Answers, a Q&A website that shut down in 2021.

about - legalese

Loading...