[SOLVED] Suspicious install.exe file in startup folder (AppData/Roaming/Microsoft/Windows/StartMenu/Programs/Startup)

[jdvanc2]

Anyone familiar with a file in the Windows 10 startup folder called "install.exe" whose thumbnail is a green biohazard symbol? Norton recognizes it as a startup program and says it's safe however, only roughly 100 users have it yet it's over 10 years old. Not sure what it's for and I'm unable to delete it - when trying I get an error message saying unable to delete because the file is open in "install". It's only 47kb, looks suspect.

Sorry this is my first post here and couldn't find a way to upload a screenshot, couldn't find anything about it online so couldn't reference a URL. Thanks!

 

[gardenman]

Hi and welcome to the forums!

Right click on the file (if possible) and go to Properties. Go to the Details tab. Do you see any information about executable? Copyright info?

 

[jdvanc2]

Hi and welcome to the forums!

Right click on the file (if possible) and go to Properties. Go to the Details tab. Do you see any information about executable? Copyright info?

Hey, thanks for the reply and apologies for the delay in mine. Under the details tab all fields are blank except type (Application), size (46.5 KB), and date modified (12/6/2009 10:59 PM). The only other filed in that startup folder is an "EvernoteClipper" shortcut that my wife actually uses so looks legitimate. Norton shows the source file's source as just "install.exe".

Sorry for the lack of info, any ideas?

 

[gardenman]

I would create a temporary folder on your desktop or elsewhere, and move the install.exe to that folder. Zip it up once it's in there to "contain" it. Then give it a week or so (be sure to reboot at least once) to see if you have any issues with it. If everything is OK after that week, then delete it.

You can also upload it to virus-total and have it scanned there to see if it contains any virus like activity.