IFinst27.exe - anyone know what this is?

  • Thread starter Thread starter Tony
  • Start date Start date
T

Tony

I had to do an XP System Restore after having some weird problems with
Powerstrip, and afterwards notices this file in my C:\Windows directory.
Searched on Google and Yahoo but could find no ID for it. Can anyone tell me
what it is?
 
Tony said:
I had to do an XP System Restore after having some weird problems with
Powerstrip, and afterwards notices this file in my C:\Windows
directory. Searched on Google and Yahoo but could find no ID for it.
Can anyone tell me what it is?
Click to expand...

I don't know how you searched, but I just did a Google for
"IFinst27.exe" and got 43 links. Not a lot, but enough to see that it
is malware. Here are general removal steps:

http://www.elephantboycomputers.com/page2.html#Removing_Malware

Malke
 
Malke said:
I don't know how you searched, but I just did a Google for
"IFinst27.exe" and got 43 links. Not a lot, but enough to see that it
is malware. Here are general removal steps:

http://www.elephantboycomputers.com/page2.html#Removing_Malware

Malke
--
MS-MVP Windows User/Shell
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic"
Click to expand...

I did a Google Groups search. I did a web search and also got a bunch of
hits. But I did not find anything in looking over any of the links that
proves it's malware. I had previously CWShredder, Adaware, and Spybot and
got nothing. I also submitted the file to

http://virusscan.jotti.org/

and got back the "it might or might not be a suspicious file" response. So
far everything I've tried has been less than conclusive. And the only place
the file name shows up in my Registry is in the MUICache key.
 
Have you installed a game called "Seal" something or other? I found a
reference in Google that said when someone tried to uninstall the game that
it referenced IFinst27 as not a valid win32 app. Have you right clicked on
the file to see what the properties are, e.g. manufacturer, version, etc.?
 
No, I haven't installed anything like that. This popped up after I had to do
a System Restore to a previous instance of my Registry (only one day
previous). It came about because after that I had to reinstall a couple of
programs (Photoshop CS being the main culprit). After I was all done I
noticed this file.

Under the Summary panel for File/Properties none of the fields (Source,
Author, etc) have any entries.

I moved the file to a temp area on another drive and removed the MUICache
entries in the Registry, and nothing seems to have broken. Weird.
 
I don't know what it is then. I'd suggest watching it or maybe renaming it
to see if anything breaks. My best guess is that it's some type of malware.
Have you run all your anti scumware programs in Safe Mode?
 
Yes, all run in Safe mode. Since I moved the file and removed the Registry
entries I have seen no recurrence of this filename in the Registry, so I'm
hoping that whatever it was is not very bad.
 
Back
Top