NSIS Error

Hey, I was watching a Youtube video when I heard a ding in my headset and a new window open. The window Title is “NSIS Error” “error launching Installer”. I also noticed while borwsing for the picture I have a Desktop.ini in every folder what’s with that? Nothing has been unhiddden from my side. I’ll attach logs as they come…

OTL has NOT been run yet. So nothing has been unhidden by that.

Recent installements: Abode Flash Player 11, Comodo and Avast Free (All successful)

OTL Logs :). Comodo is the biggest pain the in * ever. Otl this OTL that. Sheesh lol

Logs look clean, it sounds as though something was trying to download but was corrupted. Were you downloading something at the time ?

Not that I was aware of. Comodo nor Avast said anything about secret downloads. I was streaming shows though… I’ll check the avast logs for anything though. I don’t know if Comodo can be checked

Avast has nothing in the VC. Downloads Folder doesn’t have anything I didn’t know of.

Comodo is reporting 645 Network Intrusions

Internet Usage: Dragon @ 62.40%
svchost.exe @ 18.50%
AvastSvc @ 10.39%

134 Blocked Intrusions and 4 Sandboxed Apps… Chrome might’ve been 1 of them given it refuses to work right now.

And the NSIS Error is back again. Does this have something to do with all the damned Network Intrusions? Like seriously? Is there a way I can check what’s trying to connect to what?

Have a look at Nullsofts page here http://nsis.sourceforge.net/Why_do_I_get_NSIS_Error this has some possible solutions to the problem

The network intrusions are nothing but pings that are searching for an unprotected computer
Run Shields up (all ports) and see how comodo is protecting you. https://www.grc.com/x/ne.dll?bh0bkyd2
AIS gives full stealth

UPnP looks good. I’ll try the Nullsfot site for information.

Nullsoft has provided a example of what the error should look like. It doesn’t match. Cry. If there is no malware then I don’t know what it was. Everything was successful in the launching of the application + Installing.

It may have been a badly constructed driveby malware that was unable to work

Would that show up in the Logs though? Anyways, thanks for the help Essex. it means a lot that you help people like me about stuff they don’t know lol.

It probably will not show up in the logs as it will be held in the temporary internet folder, so empty those and you should be OK

mean like Cache and Cookies?

Yep use CC if you have it if not

Clear Cache/Temp Files
Download TFC by OldTimer to your desktop

[*] Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
[*]It will close all programs when run, so make sure you have saved all your work before you begin.
[*]Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
[*]Once it’s finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

I found the Culprit… And if it ins’t a FP I may end up with a New OS again…

[Edit]: Okay. maybe not. Is this what is failing to launch?

FileName:
C:\Users\Michael\Appdata\Local\Google\Chrome\User Data\Default\History Index 2013-08

Status: Threat PHP:BackDoor-BH [Trj]

Unscannable, that might be why we didn’t pick it up… I’ve attached a ScreenShot.

TFC just finished… I’m running Avast again to see if it still picks the backdoor up in that area…

That is a list of the chrome history so there may be a bad url in there

Would it be causing the NSIS Error though? And will Avast just be able to Delete it? Or will OTL be needed?

And it’s gone. BOOM! Thanks Essex!

It may cause the error if it tried to download a malformed exe file

TFC emptied the lot for you :slight_smile:

Okie Dokie. Anything else I need to do to make sure I’m clean?

Unless it should return I think this can be put down to a one off aberration :slight_smile: