Hello,
I run a Scan with Emsi and it found a file in SysWow64 folder. A cab with some exe inside with this Application.AppInstall (A)...
I downloaded FRST from Bleeding Computer but Windows says it will not be safe to start it? In Englisch:
The computer is protected by windows
MS Defender SmartScreen prevents the start of this unknown app. The execution of this app is a risk for your PC.
So I have 2 questions:
First: Can I just delete this one file in SysWOW64 folder? I am not really sure because SysWOW64 is a system folder. Here the EMSI Log
Emsisoft Emergency Kit – Version 2021.4
Letztes Update: 04.08.2021 08:51:54
Eigene ARNIKA\andi
ARNIKA
Windows 7x64 Service Pack 1
Scan-Einstellungen:
Scan-Methode: Eigener Scan
Objekte: Rootkits, Speicher, Spuren, C:\
PUPs-Erkennung: An
Archive scannen: An
E-Mail-Archive scannen: An
ADS-Scan: An
Direkter Festplattenzugriff: Aus
Scan-Beginn: 04.08.2021 09:22:31
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Downloaded Installations\{3BD9A53F-F9BC-44DF-B0FA-6DD88C79F92A}\Chip Installer.msi -> (Embedded CAB) -> chip_active_download.exe erkannt: Application.AppInstall (A) [287991]
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Downloaded Installations\{3BD9A53F-F9BC-44DF-B0FA-6DD88C79F92A}\Chip Installer.msi -> (Embedded CAB) -> chip_starter.exe erkannt: Application.AppInstall (A) [287991]
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Downloaded Installations\{3BD9A53F-F9BC-44DF-B0FA-6DD88C79F92A}\Chip Installer.msi -> (Embedded CAB) -> chip_updater.exe erkannt: Application.AppInstall (A) [287991]
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Downloaded Installations\{3BD9A53F-F9BC-44DF-B0FA-6DD88C79F92A}\Chip Installer.msi -> (Embedded CAB) -> splashform.exe erkannt: Application.AppInstall (A) [287991]
Gescannt: 320116
Gefunden 4
Scan-Ende: 04.08.2021 09:44:00
Scan-Zeit: 0:21:29
Second Question:
Would it be safe to start this FRST64.exe? VirusTotal.com reports also 2 findings:
