Author Topic: Installer_91.exe malware that keeps coming back  (Read 2892 times)

Offline digideath

  • Newbie
  • *
  • Posts: 2
Installer_91.exe malware that keeps coming back
« on: November 23, 2019, 10:41:45 AM »
Hi there. I have a malware infection. Every time I boot windows, comodo identifies file "C:user\user name\appdata\roaming\Installer_91.exe" as ".Unclassified malware". It shows as successful quarantined. However whenever I restart windows or power off then back on, comodo finds the file all over again. Something is putting it back after comodo removes it. It also must be part of my auto start in windows but I can't find anything in start-up that could be causing this. Can anyone help me get to the bottom of this and eradicate it? Thanks in advance for any help given.

Offline kyl

  • Comodo's Hero
  • *****
  • Posts: 242
Re: Installer_91.exe malware that keeps coming back
« Reply #1 on: November 23, 2019, 01:42:26 PM »
try to use some of second opinion scanners and then reinstall comodo again if comodo cant block something is putting back after removal or changing settings to cruelsister settings you can google it

Offline futuretech

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 5208
Re: Installer_91.exe malware that keeps coming back
« Reply #2 on: November 23, 2019, 04:00:37 PM »
Use clean endpoint task to install CCE, killswitch, autorun analyzer. Help guide for CCE is here.

Offline digideath

  • Newbie
  • *
  • Posts: 2
Re: Installer_91.exe malware that keeps coming back
« Reply #3 on: November 24, 2019, 11:22:30 AM »
Hi futuretech. Just to update, i've downloaded cet and am running atm. I did a quick scan but it found nothing. I'm planning on running a full scan in aggressive mode just shortly.
I've ran the autorun analyser and im looking at it atm. There are thousands of entries and a lot are highlighted. Does the highlighted ones specify suspicious entries? I'm still reading into how to use it.

Also, during this my comodo stopped a couple of files and this time it gave me a name for them. They are as follows.

File c:\users\user name\app data\local\Microsoft\windows\inetcache\ie\xq2fg7v8\launcher_91.exe
Identified as Malware[at]#18p6chpxff2bj

File c:\user\user name\app data\roaming\launcher_91.exe
Identified as Malware[at]#18p6chpxff2bj

Does that mean anything to you? Does it help any?
« Last Edit: November 24, 2019, 11:43:03 AM by digideath »

Offline jay2007tech

  • Malware Research Group
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 2297
Re: Installer_91.exe malware that keeps coming back
« Reply #4 on: November 27, 2019, 01:06:01 AM »
do you sync with other machines or browsers. if so, disable it


just run this
https://www.eset.com/us/home/online-scanner/
click on one time scan
enable potentially unwanted applications
do complete scan and remove

and

Virus Removal Tool
Download
https://usa.kaspersky.com/downloads/thank-you/free-virus-removal-tool

Remove both of these when done.  These are good for to detect and clean.  You still comodo to prevent from getting infected in the first place

good luck
It's hard being a crooked Admin when the files won't pass an md5checksum test.  But like any other good crooked Admin it can be done, it just takes time(and lots of it) and a few aspirins

Offline Ploget

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 1866
  • 'Your best teacher is your last mistake'
    • Schneier on Security
Re: Installer_91.exe malware that keeps coming back
« Reply #5 on: November 27, 2019, 02:03:52 AM »
Just a thought - have you done a search on Launcher_91? It comes up with several game related items, such as Minecraft and others. It could possibly be a false positive, but if you have, or had any of the results installed, you could check with uninstalling them first
File c:\users\user name\app data\local\Microsoft\windows\inetcache\ie\xq2fg7v8\launcher_91.exe
Identified as Malware[at]#18p6chpxff2bj

File c:\user\user name\app data\roaming\launcher_91.exe
Identified as Malware[at]#18p6chpxff2bj

Does that mean anything to you? Does it help any?
Ploget

All Win 10 x 64 Pro - 21H1 (19043.1110) / CIS 12.2.2.8012
Comodo Forum Policy
“If you think you are too small to make a difference, try sleeping with a mosquito”

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek