3
Every 5 seconds, a new folder with the name MSI*.tmp is created at my c:.
1 seconde before, this folder is deleted.
How can I know who is creating this folder. Can it be a virus?
Bruno Croys Felthes
Posted 2013-04-04T17:05:06.850
Reputation: 159
8
Run Process Monitor from Microsoft (originally SysInternals). It will give you a ton of output, but you can filter on your folder name.
kmort
Posted 2013-04-04T17:05:06.850
Reputation: 1 609
Thanks, i run the process monitor and the program that is creating this folder is the msiexec.exe, how can i know what is driving this execution? – Bruno Croys Felthes – 2013-04-05T16:28:08.717
I would dig in with Process Monitor and see if there is any more useful information. One thing to try: double-click one of the lines that contains msiexec.exe. You should see "Event Properties". Switch to the "Process" tab and look at "Command Line". This may contain the path to the program it is trying to install. Also, the advice above to talk to your IT staff is really good. It is possible this is malicious software, but even if it is well-meaning software, it's still doing bad things to you. – kmort – 2013-04-05T18:07:45.730
Look into your Windows log, MSI installs are usually logged there, and you'll be able to find out what product is installed. – Alexey Ivanov – 2013-04-05T20:19:45.223
Domain machine? Any installs going? – Austin T French – 2013-04-04T17:08:38.623
Fire up SysInternals Process Explorer and try to capture the
– jnovack – 2013-04-04T17:13:25.657msiexec.exeprocess that's running every 5 seconds.Yes, this is a domain machine... This is happening for 3 days... Windows is not showing the update icon... – Bruno Croys Felthes – 2013-04-04T17:13:42.937
I would contact your IT support staff. – Ramhound – 2013-04-05T11:57:35.857