I was reading one of the old posts and it mentioned a 3rd party utility called Avast External Control. It can be found on the Excessive software site.
http://freeweb.siol.net/razor256/xss/
Since his GUI for Sysinternals excellent Stream program helped me greatly in removing Kaspersky’s KAV stream which was attached to almost every file on my OS/Apps drive, I decided to try his Avast External Control interface.
It’s a helpful little tool, but I’ve noticed that whenever I use it,
I see a program called Irsetup.exe appear in my Documentsandsettings\temp directory.
Product name Setup Factory 6.0 Runtime Module
File name E:\Documents and Settings\Defaultuser\Local Settings\Temp\irsetup.exe
Product name Setup Factory 6.0 Runtime Module
File name E:\Documents and Settings\DefaultUser\Local Settings\Temp~setuptmp0\irsetup.exe
Created date 12/28/2005 19:20:02
File size 720 KB
When I subsequently opened another program that accesses the internet, Zone Alarm reported that SUF60runtime is trying to access the internet (with the irsetup.exe).
In some cases Irsetup.exe can be indicative of the Lolok trojan virus, however when I checked Symantec’s description of it, I don’t have the Registry key they mentioned:
http://securityresponse.symantec.com/avcenter/venc/data/american.exe.file.threat.html
I also see that AEC (Avast External Control) and Irsetup.exe was discussed here in August of last year (but not as a virus possibility):
http://forum.avast.com/index.php?topic=6663.0
Is Irsetup.exe in tandem with Suf60runtime anything to worry about, and should I let it pass through Zone Alarm after using AEC?
If Rejzor is reading this, perhaps he can help. His Streams GUI helped me alot. Perhaps he can explain his Temp Cleaner, as I don’t see it performing any tasks when executed.