Trojan

[quartet-man]

After I updated the pro version of Malwarebytes and rebooted, Winpatrol detects the following: C:\WINDOWS\is-H4DR1.exe /REG /REGSVRMODE
when I attempt to look it up with the pro version (Winpatrol) it searches for
israndom.exe which appears to be a trojan. It is a run once program and so far I have not allowed it to start. I did find one webpage that mentioned this in conjunction with Malwarebytes. I wonder if it is legit or not.

[EzyStvy]

Have I ever told you I HATE YOU

I installed the pro version of Malwarebytes yesterday cause I had an infection....

So I searched my hard drive just now for is-H4DR1.exe ... Didn't find anything.

I then search the registry for the same thing... And not only did it find it - but it also found several other nasty EXE files I looked for yesterday..... After I regained conscious I realized that the reg search had found the "search assistant" hard drive items that I had already searched for.

Quote:

Winpatrol detects the following: C:\WINDOWS\is-H4DR1.exe /REG /REGSVRMODE

That too looks like a registry entry due to the /REG command switches.

Do you actually have the is-H4DR1.exe somewhere?

[quartet-man]

1. Not yet today, but you sort of are insinuating it now.

It is Winpatrol saying it is a run once program detected and asking permission for me to let it run at startup. So far I have said "no", but winpatrol keeps coming up asking me again and again if it should let it run at startup.

I'm at work now and am scanning with MSE. I have logmein enabled, so I will change over to Malwarebytes later when the MSE scan is done.

[EzyStvy]

I searched Malwarebytes forums for is-H4DR1.exe and didn't get any hits.

You can remove the RunOnce entry from the registry - save it for later if needed.

[quartet-man]

Yeah, I did too. I have submitted the question to them via their website. I post what I find out.

Here is the response that is germane to this:

"If you are seeing this during an installation of Malwarebytes Anti-Malware, this is part of our program's installation process. Disable WinPatrol during the installation, or approve the message. This is how InnoSetup updates files in use."

[glc]

So let it run.

This is what happens when you have multiple antimalware apps running. They fight with each other. That response makes total sense to me.

[quartet-man]

I actually am trying something. I did a system restore back and am going to see if it comes up (so far not). I will then update to the new version of Malwarebytes again and try again. The weird thing was that usually I think the Winpatrol will tell which software company the program belongs to. This time it didn't. I also had done a scan with MSE and found a problem on the computer (unrelated)? I am going to rescan now that I went back a couple of days and see if it is still there. If so, I will remove it (not just quarantine it). I can't recall what it was, but might add it later here or a new thread.