Windows 10: msiexec.exe in SYSWOW64 folder detected as virus, but removing it causes installation...

Windows Defender has detected the msiexec.exe in SYSWOW64 folder as a virus. I followed the procedure to remove it from the computer, but because it's gone, the computer cannot complete installation process anymore. I submitted it to Microsoft Security Intelligence, thinking that it might have nabbed a valid software by mistake, and the analysis says that it actually is a malware.I rescanned my computer over and over, and it all came out clean except for this. Suppose it's a legitimate Windows service that got infected by virus, what should I do? If I remove it, it would make the installer mal

:)

 

SysWOW64

Scanned and quarantined by what? Please provide the full name of the detection and the location where it was found. I suspect that you are providing part of the infection location or name.

In 64 bit versions of Windows, there is a folder by this name containing files used by the operating system:

C:\Windows\SysWOW64


The 'Program Files (x86)' and 'SysWOW64' folders explained / Windows 64-bit (Technical Article)

On the other hand, do a web search for "SysWOW64 Virus" and you'll be faced with a slew of bogus virus removal sites designed to sell you their bogus services or programs to "fix" the "dangerous" virus. In fact, your original post mentions tools that scan
your PC to report a million problems that want you to pay for removal/repair -- that's exactly what you will find by going to any of the sites in the search results for this...

There are viruses that will infect files within this folder. To provide assistance in removal, we'd need to know what was actually detected and by what.

-steve

 

Guide: Virus Removal 101

Software and Background​
In this section we will briefly go over the software being used and why we chose this software as opposed to other options. This is more of an academic type of post that will clarify the more important "WHY" when it comes to removal. It is important to understand that in order to effectively remove or have the best chance too remove a virus you must have the proper tools. The software listed below is based on several key points. Those mostly being.

• Free
• Easy to use
• Minimal user interaction
• Update friendly

At no point should you think that the software chosen was chosen because it is better than xyz or the "Best". That doesn't mean the software is "not the best" just that I am trying to break the mindset of "Best" it is important to shake the idea that a one off solution is always going to be the better one.

A Porsche is fast and will get you to work sooner than an 18 wheeler but if your hauling tractors to work the 18 wheeler is better suited. This is no different in the security world applications are built for a specific purpose for the most part and because of the nature of heuristic code engines some software will do better than others even if it is the same area of interest.

Software List​
- Threat Restraint

• Rkill

-Rootkit Removers

• TDSS
• bootkitremover
• MBAR

-Broad Spectrum Scanners

• Roguekiller
• EEK
• MBAM
• Sophos VRT
• HitmanPro

- Malware/Junkware Removers

• ADWCleaner
• JRT

-Targeted Repairs

• Powerliks
• Combofix

-Wrap-up and Repair

• TWEAK
• REVOuninstaller
• Ccleaner

Examples

Above is the list of software this guide will cover and what you will be using to disinfect the machine in question. Now; we will go more into why we separate them into groups in the next section. Here I will explain weakness and strength between software types and programs so you can understand why there are so many.

A common question is why don't we have a 1 all solution paid or otherwise that can handle all of well...all of this. The answer is simple.

You can't.

Every virus removal tool is different in some way. Some are able to detect things others can not. Above are the groups of different software. For example EEK is a broad spectrum scanner. However EEK cannot detect rootkits as well as programs specifically designed to remove rootkits like TDSS. Likewise Programs like TDSS are completely incapable of detecting malware, it simply isn't programmed for it.

Software in the same category also behaves differently. Hitman is very good at detecting browser issues and cookies. However Sophos isn't so great at browser infections but is better at scanning core system folders.

The AV world is full of these kinds of checks and balances which makes proper removal more of a skill than a click of a few buttons. Nothing is 100% and you must rely on the differences the tools have to increase your chances of success.

- Running scans in order

Running scans in the correct order might be something you are unfamiliar with. I will try to break down the basic concept as to why this is important to you. For the most part it boils down to permissions. Be it actual NTFS permissions or actual Privilege. Digging deeper you should ALWAYS attack an infection in this order.

• Threat restraint

Threat restraint is an important step because it will allow you the user to more easily work with your machine which is probably super slow because of infection. Using programs like killemall or Rkill stop known malware processes which free up memory and CPU making it a little easier and faster to deal with your machine.

• Root/Boot Kits

As previously covered Root and Bootkits are low level infections that grant admin (root) access to the machine. This software also for the most part changes permissions of core system files in order to more easily control your machine. It is very important to target and remove these infections first because the modifications they make can stop other higher level removal tools from working correctly.

• Virus Scans

Actual Virus removal comes next. Trojans, worms, spyware all virus class infections cause some kind of issues with system services, built in security protection and have the ability to prevent removal tools from opening. These kinds of infections need to be delt with second so that we can ease the restraints on the system so that our tools have the proper permissions and resources to run.

• Mal/Junkware scans

These are the last class of tools to run. These infections usually adhere to the user level of least privilege. They are really annoying and bothersome but are usually the most simple to remove. Unfortunately the tools that remove them require the use of system resources most of the time and assume they have everything they need to proceed. For this reason malware and junkware removal scans are done last because they totally rely on the previous steps being done and corrected to run correctly.

• Repair

Repair tools like tweak are used last. These programs reset windows to a default usable state. From folder options and icon size to default services and program startup. Most of the virus removal tools correct security related issues that the virus they are removing affected.

However sometimes more things have been touched and damaged and for these we use repair software last to correct the remaining issues after a full removal.

 

SysWOW64\msi.dll (virus detected) when got new update(1809) for windows 10

Did you try to remove it using the program that detected the malware?

Did you seek advice from your antivirus provider (Avast, McAfee, Norton, Webroot, etc)?

Suggest you use two or more of the scanners in List
of Malware Removal Tools

Or

See
https://malwaretips.com/blogs/gen-variant-adware-graftor-removal/
You may not need Hitman Pro (available as a 30 day trial if needed) but note you may need to reset your browsers.

Regards…

Top 10 Ways PUPs Sneak Onto Your Computer. And How To Avoid Them.