c:\windows\system32\process.exe removal

[fdimike]

I am having the same problem as explained by Shotgun Ninja exept the file is c:\windows\system32\process.exe.  The file type is Rootkit:Hidden Process.  I am using Windows XP with all the latest updates installed. 
I have tried everything to get rid of this file but have been unable to eliminate it.  I have also run programs in the safe mode as well to eliminate the problem but nothing has worked.  I have also sent a TWO requests for assistance directly to Avast Tech Support but they have NEVER responded to my request for help.  I hope someone on this forum can help.

Thanks in advance

All

I wanted to add the following which is also occuring:  I am now getting a small window opening titled "Windows Installer"  This occurs whenever I open a program or navigate in one.  You cannot click it off.  When you "cancel" it then says canceling and nothing more.  I have to wait several  minutes until the window closes before trying navigate further.  If there is a link in a site I am trying to open this same "Windows Installer" window opens and I can't go any further.
I have tried doing a Google search with the words Windows Installer keeps opening but so far I have not found any solution to the problem.
Its more than annoying as the "Windows Installer" window sort of hijacks the program.
 

[fungi12]

The "process.exe" file that is alerting Avast! may be a part of the smitfraudfix tool. If this tool is on your system or was ever downloaded and used on your system. The process.exe file may even stay on system if smitfraudfix tool is removed.
I ran all the top malware / trojan / anti-virus programs and none of them alerted on this "rootkit" file.
You can do a search within your Windows OS for the process.exe file. When it appears in the search box, click on it to open it. A command screen will appear very briefly,and it shows the author's name. Go to this site  "http://www.beyondlogic.org/consulting/processutil/processutil.htm" to learn what this file does. It appears this is a file that helps the smitfraudfix tool to defeat the malware infection.
NOTE: when Avast! alerts on this process.exe file....DO NOT HAVE AVAST! REMOVE THIS PROCESS.EXE FILE...... Tell Avast! to ignore it...permanently.
I had Avasti remove the suspicious file the first time I encountered this issue and it screwed up my computer to the point where I had to do a complete format and reinstall of my operating system.
Again...TELL AVAST! TO IGNORE THIS PARTICULAR ALERT...AS IT SEEMS TO BE A ISSUE WIH AVAST! AND NOT A TRUE MALWARE INFECTION...hope this helps.

[LNOUVO]

Hello everybody
Since few days, every time I open my computer, I just get exactly the same situation than fdimike, (see attachments). I did everything he tried to get rid of that, but problem remains. I searched the "process" file and found it at the same location than him.
Looking after the fungi 12 reply, I never used smitfraudfix tool, because thanks to Avast! 4.8 Home Edition which I installed since several years I never got any infection. Up to now.
I don't know how to manage the fungi 12 NOTE: when Avast! alerts on this process.exe file....DO NOT HAVE AVAST! REMOVE THIS PROCESS.EXE FILE...... Tell Avast! to ignore it...permanently because I don't get a button to ignore that permanently on the alert messages.
Could fungi 12 give a more detailed instruction to ignore the file permanently.
Would n't be easier just to delete this file from the computer?
Thanks for help.

[Maxx_original]

this process should not be detected anymore..

[Lisandro]

this process should not be detected anymore..

Was it a false positive?

[Maxx_original]

not exactly... there were some files/processes related to Bancos or similar malware.. i've tried to add the heuristic detection for them, but the detection catched also files related to legit software (i've wrongly evaluated the results of our pre-scan)... everything is rolled back now and no more process.exe or ils.dll should be detected..

[fdimike]

Maxx_original

Your right its not being detected any longer.  However, now I am left with a situation which is worse.  As noted in my original post I now get a window opening entitled "Windows Installer" which locks up the program/link I am trying to open.  Inside this widow it says "Preparing to Install"  I cannot navigate any further until the windows closes several minutes later.  If I am in IE and click on a link the window opens again with a repeat of the above.  I cannot close this window either as it closes on its own.  This applies to my GMAIL account as well as all other programs.

Anyone have any ideas that I can use to get this mess straightened out?

[Maxx_original]

can you see anything related to msiexec error in your event log?

[Lisandro]

can you see anything related to msiexec error in your event log?

Just to say...
Control Panel > Administrative Tools > Events, specially 'Errors'?

[fdimike]

Tech

Which category do you want me to check?  Application, Security, System, Antivirus, IE, Tuneup.

I looked through the System entries but never saw anything entitled MSIEXEC

[fdimike]

Is anyone out there able to help me with this problem left over from the Avast false positive?? 

I have a "Windows Installer" window which opens and locks up my computer everytime I try to access or navigate in a program.  I cannot cancel the installer and must wait for it to end on its own several minutes later.

I have tried everything I know to get rid of the problem to include a System Restore.  Unfortunately I think this Installer Window has locked up the System Restore option as well as I am getting a message back which says cannot retore.

Please help me.

Thanks 

[DavidR]

Well there aren't too many categories in the windows event viewer, but when it is related to msiexec I would think it would be in the Application (not too likely) or System (more likely) sections, try all of the sections for roughly the month, day and time that the problem first occurred.

Sorry I can't be more helpful just trying to give you something to point you in the right direction.

You could try the View, Find function and enter msiexec

[fdimike]

DavidR
Thanks for trying to help.  I checked the Event Viewer and couldn't find any mention of the msiexec file.  I did note a number of errors but they were all linked to Service Contyrol Manager/DCOM.  I also clicked on some of the entries but there was no mention of the msiexec file

[fungi12]

fdimike

If the Windows Installer is causing you problems I would recommend turning it off or setting it to manual where you give approval as to whether or not it is allowed to run on your desktop. This will give you breathing space until you can find a permanent solution. I use Windows 2000, but the following instructions should work on any Windows OS, as long as you have full administrative rights to make this change.
1. click on Start-->click on Run-->type "services.msc" (no quotation marks) in the Run box.
2. the Windows Services screen appears-->scroll to bottom of page-->locate the "Windows Installer" listing.
3. double click listing to open it-->click the General tab-->click the dropdown arrow where it says "startup type"-->initially select the "manual" setting. This means Installer will need your approval to run on the desktop.
4. if step 3 does not work-->then repeat step 3, but choose "disable". The downside to "disable" is that anytime Windows needs to install you will have to set Windows Installer back to the manual or automatic setting as outlined in steps 1-3. But "disable" will prevent the Installer from appearing on the desktop.

Hope this helps.