Re: instb32.exe - Malware?
![PA Bear [MS MVP]'s profile photo](http://lh3.googleusercontent.com/a-/ALV-UjXsf05hH-R8XChS3fXPPzfoO8FYYxAKhT86KfPnIELr3QJ9tQ=s40-c)
PA Bear [MS MVP]
http://support.microsoft.com/kb/827315
Run a /thorough/ check for hijackware, including posting your hijackthis log
to an appropriate forum.
Checking for/Help with Hijackware
http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://aumha.net/viewtopic.php?t=5878
http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/data/prevention.htm
http://inetexplorer.mvps.org/tshoot.html
http://www.mvps.org/sramesh2k/Malware_Defence.htm
http://defendingyourmachine2.blogspot.com/
http://www.elephantboycomputers.com/page2.html#Removing_Malware
When all else fails, HijackThis v2.0.2
(http://aumha.org/downloads/hijackthis.zip) is the preferred tool to use.
It will help you to both identify and remove any hijackware/spyware with
assistance from an expert. **Post your log to
http://forums.spybot.info/forumdisplay.php?f=22,
http://castlecops.com/forum67.html,
http://forums.subratam.org/index.php?showforum=7,
http://aumha.net/viewforum.php?f=30, or other appropriate forums for review
by an expert in such matters, not here.**
If the procedures look too complex - and there is no shame in admitting this
isn't your cup of tea - take the machine to a local, reputable and
independent (i.e., not BigBoxStoreUSA) computer repair shop.
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
AumHa VSOP & Admin http://aumha.net
DTS-L http://dts-l.net/
Frank wrote:
> Last night i did a windows update to my vista machine. This afternoon,
> Threatfire my marware behavior detection program detected "suspicious"
> activety. A program called INSTB32.SYS in C:\windows\temp\INSTB32.SYS was
> trying to install itself as instb32.exe to the windows system file
> C:windows\System32\instb32.exe.
>
> Is either INSTB.SYS or instb.exe a ligitimate windows file? Is this
> malware.
> How come this was not detected with the install if its ligit? I have found
> no answers to this so far. I have both files quarenteened until I get an
> asnwer.
>
> Sincerly
>
> Frank
![MowGreen [MVP]'s profile photo](https://lh3.googleusercontent.com/a/default-user=s40-c)
MowGreen [MVP]
Right click both instb32.exe and instb32.sys then click the Version tab
to see if they are legit are not.
And/or have them scanned at:
http://virusscan.jotti.org/
or
http://www.virustotal.com/
Did you submit the suspect files to Threatfire for analysis ?
Which 'windows update' was installed ?
It would have to be an update to a driver since no security update that
came out on Patch Tuesday contained either of the files you've posted.
MowGreen [MVP 2003-2008]
===============
*-343-* FDNY
Never Forgotten
===============