Should I block it?

No, this file is 100% safe to run.

VersionsAdditional versions

5.0.9600.16384 (winblue_rtm.130821-1623) 3.68%
5.0.9600.16384 (winblue_rtm.130821-1623) 0.25%
5.0.9431.0 (winmain_bluemp.130615-1214) 0.20%
5.0.9431.0 (winmain_bluemp.130615-1214) 0.04%
5.0.9200.16384 (win8_rtm.120725-1247) 2.25%
5.0.9200.16384 (win8_rtm.120725-1247) 13.41%
5.0.8400.0 (winmain_win8rc.120518-1423) 0.08%
5.0.8400.0 (winmain_win8rc.120518-1423) 0.08%
5.0.8250.0 (winmain_win8beta.120217-1520) 0.04%
5.0.8102.0 (winmain_win8m3.110823-1455) 0.08%
5.0.7600.16385 (win7_rtm.090713-1255) 5.03%
5.0.7600.16385 (win7_rtm.090713-1255) 35.73%
5.0.7600.16385 (win7_rtm.090713-1255) 17.42%
5.0.7600.16385 (win7_rtm.090713-1255) 3.27%
5.0.7600.16385 (win7_rtm.090713-1255) 0.04%
5.0.7264.0 (win7_rtm.090622-1900) 0.04%
4.5.6002.18005 (lh_sp2rtm.090410-1830) 0.65%
4.5.6002.18005 (lh_sp2rtm.090410-1830) 0.12%
4.5.6001.22159 (vistasp1_ldr.080415-1732) 4.62%
4.5.6001.22159 (vistasp1_ldr.080415-1732) 0.04%
4.5.6001.22159 (vistasp1_ldr.080415-1732) 0.04%
4.5.6001.22159 (vistasp1_ldr.080415-1732) 0.12%
4.5.6001.22159 (vistasp1_ldr.080415-1732) 0.08%
4.5.6001.22159 (vistasp1_ldr.080415-1732) 0.12%
4.5.6001.22159 (vistasp1_ldr.080415-1732) 0.04%
View more

Relationships

msiexec.exe

Windows Installer - Unicode by Microsoft

Remove msiexec.exe
Version:   4.5.6001.22159 (vistasp1_ldr.080415-1732)
MD5:   bddfb9f628ded5aa19f4442f5e729166
SHA1:   d961904238c16a4723fd02f2da3ee6614d17b78f
SHA256:   2d4de5a8ddcef94caf04ff5712cd7d4cad93b9785e58c1fea7f75e096b688dcc
This is a Windows system installed file with Windows File Protection (WFP) enabled.
Warning 4 antivirus scanners has detected malware.

What is msiexec.exe?

Microsoft Windows Installer is an installation and configuration service provided with Windows. The installer service enables customers to provide better corporate deployment and provides a standard format for component management. The installer also enables the advertisement of applications and features according to the operating system.

Overview

msiexec.exe is malware that runs as a service under the name Windows Installer -ohjelma (msiserver) within the local user context. It is installed in Internet Explorer as a Browser Helper Object (BHO) which has full acess to the web browser's behaviors and content. This version is designed to run on Windows Vista.

DetailsDetails

File name:msiexec.exe
Publisher:Microsoft Corporation
Product name:Windows Installer - Unicode
Description:Windows® installer
Typical file path:C:\Windows\System32\msiexec.exe
Original name:msiexec.exe.mui
File version:4.5.6001.22159 (vistasp1_ldr.080415-1732)
Product version:4.5.6001.22159
Size:111 KB (113,664 bytes)
Digital DNA
PE subsystem:Windows GUI
Entropy:5.753598
File packed:No
Code language:Microsoft Visual C++
.NET CLR:No
More details

BehaviorsBehaviors

Services
Runs under 'SYSTEM\CurrentControlSet\Services' by the Service Controller (services.exe)
  • msiserver
  • 'msiserver' (Windows Installer)
Scheduled tasks
  • The job '{AD1C092E-8BF9-4322-8B6D-869115BC67D2}' runs on registration in the path '\{AD1C092E-8BF9-4322-8B6D-869115BC67D2}'
  • The job '{EFAD775F-CDF7-4932-BC9F-7C11500B0E27}' runs on registration in the path '\{EFAD775F-CDF7-4932-BC9F-7C11500B0E27}'
  • The task '{AF16EC4C-C7D3-4650-BE4D-593A0E554F4A}' runs on registration in the path '\{AF16EC4C-C7D3-4650-BE4D-593A0E554F4A}'
  • The task '{2A68DB8E-C884-4452-862A-37F7C7E8C162}' runs on registration in the path '\{2A68DB8E-C884-4452-862A-37F7C7E8C162}'
  • The task '{47FC463B-9928-45D3-823C-B4D5F78A7363}' runs on registration in the path '\{47FC463B-9928-45D3-823C-B4D5F78A7363}'
  • The task '{FB16A2A3-DB26-4127-9711-C5E0BF071B10}' runs on registration in the path '\{FB16A2A3-DB26-4127-9711-C5E0BF071B10}'
  • The job '{E29801CF-E188-4C12-9343-76AFA0F16BEB}' runs on registration in the path '\{E29801CF-E188-4C12-9343-76AFA0F16BEB}'
  • The job '{1869EC6C-EE7B-4B66-B13A-A2FF8E7EBDD0}' runs on registration in the path '\{1869EC6C-EE7B-4B66-B13A-A2FF8E7EBDD0}'
  • The job '{AF8E4C1B-E35B-4C57-9A64-1CB2C21CFA46}' runs on registration in the path '\{AF8E4C1B-E35B-4C57-9A64-1CB2C21CFA46}'
  • The job '{C02B77F7-A5CC-4BBE-90BF-75B82251A853}' runs on registration in the path '\{C02B77F7-A5CC-4BBE-90BF-75B82251A853}'
  • The job '{161E942A-7077-4225-AAE1-3727163FBBBF}' runs on registration in the path '\{161E942A-7077-4225-AAE1-3727163FBBBF}'
  • The task '{603A289F-660C-4649-8820-58FD6E7AA78F}' runs on registration in the path '\{603A289F-660C-4649-8820-58FD6E7AA78F}'
  • Entry path '\{8C9E5B76-E78A-411A-B939-C6A034267770}'
  • Entry path '\{7F6FE1B4-CD5C-4EB3-BA3C-FA05AEE67CB6}'
  • Entry path '\{0E478F47-D66E-4DE5-8BE0-876334CD9EBD}'
  • Entry path '\{E673B621-598C-4A26-8A81-2A485793D284}'
  • Entry path '\{C19210A5-228E-4FEA-8C35-D871B9C4FB5F}'
  • Entry path '\{9A26DFD9-8384-4F4C-B4E8-58F5A8829AFB}'
  • Entry path '\{5AA35628-621C-4869-8C3F-FDDA0E1007B1}'
  • Entry path '\{36EF27E1-070B-4449-BB00-BFD5F2EC510B}'
  • Entry path '\{1DCAC8D1-9B4D-4FF8-ABA2-CFD2CD44EEB3}'
  • Entry path '\{E7F58D98-807C-426A-8F92-2766A35F2221}'
Internet Explorer Browser Helper Object
Located in the registry at 'SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects'
  • BHO CLSID: {127AD70F-B2B7-4f6a-ACD9-C7B1FE48C8C0}

MalwareMalware detections

Based on 40+ industry antivirus scanners, 4 of them detected the following malware.
Antivirus engineEngine versionDetection
Bkav Security 1.3.0.4923 W32.SedbotLAC.Trojan
Norman 7.03.02 Suspicious_Gen2.VHJNO
Trend Micro HouseCall 9.700.0.1001 TROJ_GEN.F47V0718
VIPRE Antivirus 25750 Backdoor.IRCBot

Windows OS versionsDistribution by Windows OS

OS versiondistribution
Windows 7 Home Premium 59.50%
Windows 7 Ultimate 25.50%
Windows 7 Professional 9.50%
Windows 7 Home Basic 2.50%
Windows 7 Starter 1.50%
Windows 8 Pro 1.00%
Windows 8 Enterprise Evaluation 0.50%

Distribution by countryDistribution by country

United States installs about 48.74% of Windows Installer - Unicode.

OEM distributionDistribution by PC manufacturer

PC Manufacturerdistribution
Dell 23.57%
Hewlett-Packard 18.63%
ASUS 12.93%
Toshiba 12.93%
Acer 11.79%
Lenovo 4.56%
Samsung 3.04%
Sony 3.04%
GIGABYTE 3.04%
Gateway 1.52%
MSI 1.52%
Alienware 0.76%
Medion 0.76%
Intel 0.76%
NEC 0.76%
Sahara 0.38%
Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

Download it for FREE