suspicious script c:\windows\system32\Msiexec

Gateway desktop / Mx6427
June 15, 2010 at 14:59:23
Specs: Windows XP
Receiving Suspicious scripting message in C:\windows\system32\Msiexec.exe. The only thing on my computer that is effected is that I can't open Everything else is working fine.

See More: suspicious script c:\windows\system32\Msiexec

June 15, 2010 at 17:25:10
Can you go to other Web sites like

Report •

June 19, 2010 at 19:13:33
I also ran into a similar problem today: couldn't get to I could open Google, but even trying to go to the facebook site from there still redirected me. Funnily enough, or not so funny, the redirect was to the homepage of the Washington Post. This all came about after I had clicked on a link on Facebook posted by a friend of mine which sent you to an article in the Washington Post. All this was in Google Chrome.
So, I opened up IE and tried to go to from that browser, and I was still redirected to the Washington Post.
In both browsers, my html still showed as, but the title bar of the window, AND the website icon were both saying Washington Post.
I ran Webroot and Trend Micro, and both told me I was clean, which was clearly incorrect. So I checked my settings in both. And in Webroot:
under my Shield options, I found that my Keylogger shield was unchecked, and I found in the Host File Shield options that my Host DNS ISP was set at "localhost" with "blocked" under IP Address In Host File and "no IP address returned" under Correct IP Address in the table. Webroot said if the two IP's didn't match or the file was one I didn't recognize, it most likely had been hijacked by Spyware, and to delete the file. So, I deleted. And upon startup of IE, I can now go to without redirect. But that's not all.

In Webroot, for my StartUp Program Shield Options, when I pulled up the list of programs that run at startup, I found all programs checked to be scanned except for the first one:
Start Up Item = "1" and under "Executable" was the msiexec mystery file. No location, no HKLM, no name, no manufacturer. below is the whole thing:
msiexec /i {541deac0-5f3d-45e6-b7cb-94ecf3b96748} reinstall=iepluginreinstallmode=vamus /qb reboot=reallysuppress

That is NOT a Windows file, I suspect? I am no computer expert, but something doesn't seem right. So I checked it to be scanned as well, and hit OK, which closed the option tab in Webroot. When I went back through the tab to make sure I hadn't missed anything, THE BOX WAS UNCHECKED. So I checked it and hit OK again, then went back in. And it was again unchecked.

So a mysterious start up program is installed on my computer to kick in the next time I reboot, and I can't select it for my Spyware engine to scan it, IN MY SPYWARE SOFTWARE?? That does not make me happy. Thoughts?

I am going to most websites I use passwords for on my phone and resetting all those passwords. I have had my internet connection off until now. Anything else I should do? I can't find this msiexec when I search with msconfig, so how the hell do I get it out of my computer? I am running Windows Vista Home Edition. And how did this get in my system on Google Chrome??!!

Report •

June 23, 2010 at 12:22:55
You DNS may be poisoned. Have you tried flushing your local cache and reregistering it?


also would you post the ping result of of facebook so we can see what IP is being resolved for that site.


Report •
Related Solutions

Ask Question