A little stupid question

General Topics
1

Hi! I just uninstalled a PC game (No One Lives Forever) and I managed to delete all the files with the original uninstaller, there is just one left that was created at the time of game’s installation - “c:\windows\uninst.exe”. Should I delete this file manually or is it possible that this file is needed for some others applications uninstallation too? Thank you! :slight_smile:

2

Malware typicaly likes to install things in C:\Windows or its sub folders so I would have Malwarebytes Anti-Malware (MBAM) check it.

So get MBAM then update it then run a Quick scan and let it remove all it finds:
http://www.malwarebytes.org/mbam.php

Post its log here after it completes.

3

How do you know that is the games uninstaller file ?

It seems to be in a very strange location (as YoKenny also mentions), I would have expected it to be in the programs folder (and also removed on the uninstall, probably on reboot) or in a temp folder, but not in the windows folder.

4

When I installed the game I checked out which new files were created at it’s installation. This was one of them. It’s an old uninstaller (1996 I think) for an old game. It’s clean - I checked it with Avast, SAS, MBAM and VirusTotal (0/41).

I just want to know if it’s safe to delete it or if it’s maybe needed for some other software’s uninstallation.

5

I’m always loath to delete anything without having fully investigated the file, given that VT produces a clean bill of health and if it was for an old game, then it might well have dumped it in the windows folder.

Now I would say if possible try to confirm its association with the game, right click on it and select properties; is there any information indicating its association with the game, if so yes deletion is fine.

If not upload to http://anubis.iseclab.org/?action=home, where it will produce a list of things that this binary file does. If you see it is deleting the games registry keys, files, etc. then again yes, deletion is fine.

6

There’s no such information in the file’s properties, so I uploaded it to that Anubis site (what a great site!). Now I’m waiting for the results.

Thank you for help DavidR! :slight_smile:

Edit: here are the results, please comment: http://anubis.iseclab.org/?action=result&task_id=148697190ec6fd12411b02d7975c2e3b0&format=html

7

Yes it is a very useful site, more to check out unknown executable files for malicious intent. Unfortunately there isn’t anything concrete, e.g. reference to any specific program.

If the Files properties give a creation date that is correspondingly old then I would say it is a safe bet to delete, however it would be safer to rename the file to say uninstOLD.exe. That way if something tries to use it (uninst.exe) then windows would report a missing file.

You could also do a registry search for the file name and see if that brings up anything.

8

I think it’s safe to delete it, but I will ZIP it and move it. If any application or Windows will ask for it, I’ll recover it back in it’s place. Thank you for all the help. :slight_smile:

9

As I said deletion is an option of last resort and then only after full investigation. Just do a google search on the file name and you will see other applications use this file, which is why I suggested renaming it.