question about i.exe

[Buddahfan]

I'm not taking it as an accusation by any means. This is a difficult assertion.

 

Apparently, I'm not making my point clear. This machine has a certified and verified install of XP Professional. The machine never had an installation save the one I installed. All the service packs come directly from Microsoft in the developer tool kit. My other limited software installations are all scrubbed prior to installation by me. I downloaded the Ultimate installation from the link provided in the forum announcing the beta release. If the ASC download was infected, it came from that source. I do not have P2P software and this machine is not used for that activity. It is protected with IObit's malware and antivirus in real time. I also have other on-demand software that looks for rootkits. IObit is the only software running in memory.

 

As to the evidence suggesting otherwise, let me state it this way: There was no evidence of this executable in the prior versions of ASC. It only appeared after the installation of Ultimate. There may be a similarity within the embedded code to this executable such that the signature identifies it as i.exe; or, the executable was inadvertently named i.exe and does not pose a threat. There is one other explanation but I think it is best to get an official response. I'm sure there is a non-nefarious explanation. This software has great potential in the corporate/enterprise space for several very legitimate reasons. I would hate to see this be an impediment to its adoption.

 

This is what I am trying to get to the bottom (of).

 

I remain a doubter as to your position until someone else can verify what you are saying. You are in fact accusing IObit of supplying a product with an imbedded piece of software most likely which is malware.

 

My question to you. Is why are your experts smarter than IObit's experts?

 

You could be correct but I will have my doubts until what you say is verified by another person.

 

You are in effect saying that you are the knight in shining armour on a whitehorse riding in to save the day for IObit. i.exe is embedded and only "I" can find it sounds pretty weak to me.

 

I have little doubt that if you found i.exe on your computer that it was/is infected with Malware. I have a lot of doubt that the Malware came or comes with ASCU. Verfication of your claim is needed.

 

Having said that it wouldn't hurt for IObit people to look into this further just in case you are correct and i.exe is in fact part of the code that makes up ASCU or somehow got naferiously entered into the code.

 

You sound like you are computer savy however even the smartrest computer people can make a mistake which enables Malware to plant itself in their computer. That will remain my position until your claim is verified that IObit is at fault and not you or your experts.

[Toppack]

Oh Well, We Tried!

 

Like the old saying:

If you Can't take the Heat, Get Away from the Fire! :roll: :lol:

[Melvin_Deal]

I think there is a misunderstanding here Toppack!

 

I understand it as ASC.exe being under Program Files and in kessues case no connection with WordPress Apps.

 

Cheers.

The reference Toppack refers to is from post #1 where keessue seems to have done an open web search and copied some information from an unknown website. (he/she didn't post the source of the information)... so we cannot determine the validity or accuracy of it.

 

I searched i.exe and found this entry:

 

I.exe - Process Information

 

This component is part of CWS.SearchX

 

Component Name: I.exe

 

Description of : CWS Search X is a CWS variant that hijacks the user's browser and sets the start and search pages to about:blank and keeps a record of pages visited in a log file in the root directory. It is difficult to detect because the dynamic link library (DLL) file it installs is randomly named.

 

Recommendation for :

It is strongly recommended that this spyware be removed from your system immediately.

 

Trusted: No

Trojan: No

Chronic: Yes

Adware: No

Carrier: No

Browser Hijacker: No

Dialer: No

Commercial Keylogger: No

Remote Administration Tool: No

Suspected: No

 

Company Name: .

Platforms Affected:

Methods of Distribution: This spyware is installed via drive-by download on certain affiliate websites.

Variants/Versions:

Release Date: 2004

 

 

I find the string most curious due to the " mark at the end of exe.

 

Sincerely,

-Mel

Live long and prosper.

[Melvin_Deal]

Hi keessue.

 

I would be most curious as to the method you used to initially locate and then trace the string? Please elaborate!:wink:

 

Sincerely,

-Mel

Live long and prosper!

[scrd01]

steady boys

 

Hi All,

Im pretty sure Keesue is an expert XP PRO User, and is using a variety of various MS diagnostic tools, which only tend to be used by financial and audit departments.

The way in which she found the log entry, i think is part of the above mentioned suite of programmes, hence would not be found via ASCU or the Windows Explorer search facility.

 

I have followed some of her earlier posts, which you to should look at, and she is a believer in and uses Iobit products on a regular basis.

DO NOT be fooled by her forum status .

 

If you are still following this Keesue

I.exe is a pretty short name and i suspect was just used without reference to old malware executable file names;

1 of its characteristics was the about blank homepage if you dont get this then i stand by the above.

However there were some earlier posts regarding odd/unknown pinging back to IObit.

 

Roy.

old bald ex finance officer

[Melvin_Deal]

is using a variety of various MS diagnostic tools, which only tend to be used by financial and audit departments.

 

Yes...

 

This is precisely why I am most curious.:shock:

I would be most curious as to the method you used to initially locate and then trace the string? Please elaborate!:wink:

Since this thread was opened, I have located several instances of this very thing concerning i.exe:

There may be a similarity within the embedded code to this executable such that the signature identifies it as i.exe; or, the executable was inadvertently named i.exe and does not pose a threat

Sincerely,

-Mel

Live long and prosper!

 

EDIT by Mel: Rather than continue adding unnecessary posts explaining my request for the method used, I hope this will clear it up... As there are multiple ways in which this conclusion could be drawn... instead of spending a large amount of time trying to determine... I hope keesue will be kind enough to clarify it. Same for the unknown source of information concerning the file analysis in the original post. (My request shouldn't be taken as a disputement or arguement):-)

[scrd01]

MS Diagnostics

 

HI Mel

These tools are are usually purchased by companies who have corporate licences.

Saying that as XP is now so old it may be possible that they have been released for general release.

 

I think they can be found on the MSDN site

 

Roy.

[Cicely]

What is i.exe ?

 

I found this process "i.exe" associated with:

 

C:\Program Files\IObit\Advanced SystemCare Ultimate\ASC.exe" /widget_scan

 

I searched i.exe and found this entry:

 

I.exe - Process Information

 

This component is part of CWS.SearchX

 

Component Name: I.exe

 

Description of : CWS Search X is a CWS variant that hijacks the user's browser and sets the start and search pages to about:blank and keeps a record of pages visited in a log file in the root directory. It is difficult to detect because the dynamic link library (DLL) file it installs is randomly named.

 

Recommendation for :

It is strongly recommended that this spyware be removed from your system immediately.

 

Trusted: No

Trojan: No

Chronic: Yes

Adware: No

Carrier: No

Browser Hijacker: No

Dialer: No

Commercial Keylogger: No

Remote Administration Tool: No

Suspected: No

 

Company Name: .

Platforms Affected:

Methods of Distribution: This spyware is installed via drive-by download on certain affiliate websites.

Variants/Versions:

Release Date: 2004

 

Hi keesue,

 

We do not have this process in Advanced SystemCare Ultimate.

 

Please open your Task Manager -> click View -> click Select Columns -> tick Command Line and click OK button. Then please Processes and maxmize the window. Find I.exe and take a screenshot of the Task Manager window. Please make sure the full command line displayed in the screenshot for I.exe.

 

Our programmers need those information to look into.

[Buddahfan]

Hi keesue,

 

We do not have this process in Advanced SystemCare Ultimate.

 

Please open your Task Manager -> click View -> click Select Columns -> tick Command Line and click OK button. Then please Processes and maxmize the window. Find I.exe and take a screenshot of the Task Manager window. Please make sure the full command line displayed in the screenshot for I.exe.

 

Our programmers need those information to look into.

 

Thanks for the tip on the use of "Command Line". I added it the View and low and behold IMF.exe (IMF 1.6) is blank under both "Command Line and Description" in W7-SP1 x64

[enoskype]

Hi keesue,

 

I could not find any activity of it in Win8.

 

Since Cicely (IObit) responded, we all wait for your further input to this issue.

 

Thanks in advance and cheers.

[Toppack]

I think Keesue has 'Left the Building'! :roll:

[Buddahfan]

I think Keesue has 'Left the Building'! :roll:

 

I think by now he/she has left the parking lot:lol:

[keesue]

Still in the parking lot

 

Actually, no I have not left the parking lot. I just logged in - first available time slot in my schedule - to check the status of this issue.

 

Firstly, let me set the record straight. I am the Chief Technology Officer of an international software development company responsible for all aspects of product development and online software. The overwhelming amount of our customers operate in secure environments due to government regulations. As such, our products must be of the highest integrity. I am fully charged and wholly responsible for governance and compliance.

 

I became interested in IObit due to the ability to control various aspects of XP, which many of our customers still use, to link into reporting programs for compliance. When Ultimate was released, my comment about enterprise readiness, came from that perspective. It is a fine evolution of the product.

 

On a personal level, I evaluated the product on a machine I use strictly for personal use. My interest in the product evolved as I appreciated its potential. I regularly run automated antivirus, malware and rootkit scans, which have never reported an error until I installed Ultimate. I looked into the log files and an error was reported associating i.exe with the \widget scan switch. I executed that switch on the command line and in up came the scan utility. I.exe's footprint is a scanning virus. The definition is on the internet in many of the virus reporting databases. It is reported as being developed and deployed in 2004 and emanating from China. I thought it might be something IObit would be interested in pursuing given the implications. I considered the solicitation for feedback as an invitation. Once again, that was the basis for my submission.

 

As I said i would, I subsequently ran a debug program and discovered something rather interesting. I'll let that issue rest for the moment as it is ultimately irrelevant. What I objected to was the insinuation that this was my problem, my machine, my infection my corporate staff, my software my...my...my... I find this demeanor less than professional and whatever role it has in your company should be reviewed for appropriateness. I don't think it serves your company very well as you move more to an enterprise look-and-feel. By that, I mean corporate IT professionals who will come to this forum to get answers will be just as put off. I know because IT reports to me globally and I highly discourage this. We take input seriously. The smug condescension rather 'sucks' to summarize. So, no, I did not leave the parking lot.

 

That said, I accept the answer from the development department and thank you for the due dilligence. The personal part of this is a really my issue but I would think it would be a matter of professional development for your staff. It might be helpful to take a cue from Cicely, whom I regard as a consummate professional in customer support.

 

I deinstalled your software and I wish your company well...

 

Best regards,

 

Keesue

[Toppack]

Yes, we all Love Cicely, also. :grin:

[Melvin_Deal]

Hi Keesue!

 

Thank you for that.:-)

 

I also have uninstalled the software. I found it slightly problematic:wink:

 

Thank you for your kind words concerning all. The thing about this forum though (as you know) is that its an open forum and is manned by volunteers (we signed up the same way you did) including myself. Many times members have posted here with a personal agenda.... so some of the members respond with this in mind.

 

So... that being said, I do hope you return as we offer support and welcome your ideas.:wink:

 

What I draw from your post is the need for IT professionals to have their own means to communicate with Iobit possibly? So they are not inconvenienced and have a direct line??

 

Sincerely,

-Mel

Live long and Prosper!

[Melvin_Deal]

...

 

That being said... what is the source of this:

Recommendation for :

It is strongly recommended that this spyware be removed from your system immediately.

 

Trusted: No

Trojan: No

Chronic: Yes

Adware: No

Carrier: No

Browser Hijacker: No

Dialer: No

Commercial Keylogger: No

Remote Administration Tool: No

Suspected: No

 

Company Name: .

Platforms Affected:

Methods of Distribution: This spyware is installed via drive-by download on certain affiliate websites.

Variants/Versions:

Release Date: 2004

Without validation or duplication it is only a supposition here. Help me out... please.:-)

 

Sincerely,

-Mel

Live long and proaper!

[Buddahfan]

 

Firstly, let me set the record straight. I am the Chief Technology Officer of an international software development company responsible for all aspects of product development and online software. The overwhelming amount of our customers operate in secure environments due to government regulations. As such, our products must be of the highest integrity. I am fully charged and wholly responsible for governance and compliance.

 

Therefore you should listen to me and accept my opnion and findings regarding malware being designed or inserted into your software without being validated by a second opinion, because I am never wrong.

 

Talk about a sure recipe for being duped and suffering the consequences of being a fool. SMH

 

Have said that I also say

 

Live long and prosper8:)