What Is This?

Hi my firewall shows allow for this:E:/9a95551129cc8f25d068f5/setup.exe.My system is in C so do I need to have this allowed or should I stop it and if this is a malware how can I erase it from there?

Comments

  • What do you have connected on E:\ ? Is it a partition?


    Upload the file to VirusTotal and scan it.


    Open the drive in explorer and take a look at the creation date, might give a clue as to how it got there (a download perhaps), if it just 'appeared' by itself its probably nothing good.

  • Hello john.shephard26,


    This kinda looks like a Windows update path. Windows update downloads patches into temporary folders (named like the one you posted) created on different partitions (I'm not sure how it chooses the partitions, but they are not always the same). After the update is installed, that temporary folder and all it's content is deleted.


    If that folder is still present, please browse to it and post here what it contains (a screenshot would suffice). Also, you can delete the firewall rule for that "setup.exe" process and see if it reappears (or if any other suspicious actions occur). If nothing else happens, then it means that it was really just Windows update installing a patch.


    Cris.

  • I can't find it, its on my second partition and its hidden I guess.I've denyed it on the firewall settings and nothing's changed.

  • As I said, those are temporary folders which are deleted as soon as installation is finished (and the installation is done in the background, the user is not notified unless a system restart is required).


    To make sure, you can also check the Windows Update History. Open Start menu, select Windows Update, and select the Update History (depending on your Windows version, the location and names of these options might be different, but it should be easy to find). Then check if on the day of the alert there were any updates installed.


    Cris.

This discussion has been closed.