So avast has found an infected file in c:\windows\installer\d4c724.msi>…>ebayshortcuts.exe and has identified it as Threat: Win 32:Yabector-B [adw]. I tell it to “Move to Chest” and it tells me “Error: The operation is not supported for this type of archive. (42111)”. I try “Repair” and this time I get “Error: The file was not repaired. (42060)”. Finally, I try “Delete” and I get the 42111 message again. How do I get rid of this thing?
Oh, and here’s the MBAM Quickscan log file. It says it was clear anyway.
Malwarebytes’ Anti-Malware
Database version: 6563
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
12/05/2011 4:40:52 PM
mbam-log-2011-05-12 (16-40-52).txt
Scan type: Quick scan
Objects scanned: 150090
Time elapsed: 9 minute(s), 2 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
It is because it can’t extract it from the .msi file without potentially corrupting the .msi file. The same is true of the deletion of a file within the .msi, it may not be able to recompile the /msi file after removal, thus you have a corrupted .msi file.
MBAM is unlikely to even try to extract the contents of this .msi file to scan.
Repair won’t work as essentially there is nothing to repair as the whole file is considered adware, repair is only a prospect in virus infections where a legit file has an infected part inserted into it (which can were possible be removed).
You could choose to delete the complete c:\windows\installer\d4c724.msi file or ignore it.
Can I safely delete the file, or would it be part of anything important?
I honestly don’t know as don’t know the program associated with the d4c724.msi file. Even so the installation file is either dormant or you have already installed it.
I would say this is a very low level issue as stuff like this comes bundled with software and you can opt out of the ebay shortcuts option in most cases.
Having done a google search on the d4c724.msi file it gets only one hit, that of this topic, which is rather strange. But you could move it manually to the chest and then delete the original. That way you have a copy in the chest where it can do no harm.
Open the chest and right click in the Chest and select Add, navigate to where you have the sample and add it to the chest (see image).
Done, thanks for the help!
No problem, glad I could help.
Welcome to the forums.