msiexec.exe

By Domesticus in Trojans

msiexec.exe is a malicious computer Trojan that covers itself as a legit executable file msiexec.exe that interprets packages and installs programs. Cyber crooks attempt to avoid anti-virus software detections and trick PC users by giving a malicious software tool the same name of some other legit tools. When you search on Google for the word 'msiexec.exe', you're introduced with a list of results saying that it's a legitimate Windows program. In this case, the file location of the malicious msiexec.exe program (C:\Users\[UserName]\msiexec.exe) clearly shows that msiexec.exe simulates to be something it's not. The malicious msiexec.exe downloads additional malware infections onto your computer. Even if you delete it manually, it may reappear after you restart your machine. That's why it is strongly advised scanning your computer with a reputable and trustworthy anti-spyware application.

File System Details

msiexec.exe may create the following file(s):

Expand All | Collapse All

#	File Name	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	C:\Windows\System32\SYSTEM32\msorcl3232.exe
Name: C:\Windows\System32\SYSTEM32\msorcl3232.exe Type: Executable File
2.	C:\Windows\System32WINDIR%\SYSTEM32\avicap3232.dll
Name: C:\Windows\System32WINDIR%\SYSTEM32\avicap3232.dll Type: Dynamic link library
3.	C:\Windows\System32\mycomput32.exe
Name: C:\Windows\System32\mycomput32.exe Type: Executable File
4.	msiexec.exe
Name: msiexec.exe Type: Executable File
5.	C:\Windows\System32\strmdll32.dll
Name: C:\Windows\System32\strmdll32.dll Type: Dynamic link library
6.	C:\Windows\System32\SYSTEM32\55274-640-2001945-237251270C.manifest
Name: C:\Windows\System32\SYSTEM32\55274-640-2001945-237251270C.manifest
7.	%Temp%\2BA98D.dmp
Name: %Temp%\2BA98D.dmp
8.	C:\Windows\System32\SYSTEM32\248321536
Name: C:\Windows\System32\SYSTEM32\248321536
9.	%Temp%\WER11.tmp
Name: %Temp%\WER11.tmp Type: Temporary File
10.	C:\Windows\System32\SYSTEM32\55274-640-2001945-237251270P.manifest
Name: C:\Windows\System32\SYSTEM32\55274-640-2001945-237251270P.manifest
11.	C:\Windows\System32\SYSTEM32\55274-640-2001945-237251270S.manifest
Name: C:\Windows\System32\SYSTEM32\55274-640-2001945-237251270S.manifest

Registry Details

msiexec.exe may create the following registry entry or registry entries:

HKEY..\..\..\..{RegistryKeys}

HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{167D8C11-D0F7-4D4A-94FF-1B727D3CFC51}\

HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{53FBF74C-ACD3-8E42-3397-A342CEE0B972}\INPROCSERVER32\

HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\IVEDHGVTFU\CLSID\

HKEY_USERS\.DEFAULT\SOFTWARE\IVEDHGVTFU\HKEY_USERS\.DEFAULT\SOFTWARE\IVEDHGVTFU\CLSID\

HKEY_CURRENT_USER\SOFTWARE\IVEDHGVTFU\CLSID\

HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.FSHARPROJ\PERSISTENTHANDLER\

HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{53FBF74C-ACD3-8E42-3397-A342CEE0B972}\

HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\IVEDHGVTFU\

HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{53FBF74C-ACD3-8E42-3397-A342CEE0B972}\

HKEY_CURRENT_USER\SOFTWARE\IVEDHGVTFU\

HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.FSHARPROJ\

HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{167D8C11-D0F7-4D4A-94FF-1B727D3CFC51}\INPROCSERVER32\

HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{CA80A1DF-1993-458D-B1C5-8893EC9E5770}\

HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{167D8C11-D0F7-4D4A-94FF-1B727D3CFC51}\

HKEY_CURRENT_USER\SOFTWARE\

Enigma Software Group Prevails Over Malwarebytes at the Ninth Circuit

Search

Change Region

msiexec.exe

File System Details

Registry Details

Submit Comment

Trending

Rzfu Ransomware

'YouPorn' Email Scam

Rzkd Ransomware

Most Viewed

Is Lookmovie.io Safe?

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen