yeah, BOIE!

i had a mystery file suddenly appear in a folder: BOIE9_ENUS_SEM_WIN764L.EXE

properties claims it is a "win32 cabinet self extractor", which sounds fine, except that it is nowhere to be found on google! punching that file name in yields 3 paltry results, all for some gym class(!) at a high school i've never heard of....

a legitimate windows file would yield THOUSANDS of hits, wouldn't it? ditto even a virus/trojan/malware, no?

what the heck IS this?!

i should note, btw, that the folder i found it in is not a system folder nor anything IE9-related. just one random directory i have asst junk sitting in.

 

Greetings, CatT...

Never heard of it. If the file is less than 32mb in size, you might consider sending it to VirusTotal and see what they can dig up...

 

it's 376k. VT tells me it was reported about a year ago, and offers these results: filename not even close(!), but...935ce7165586d3475131cf1f/analysis/1329540169/

still kinda curious what it IS....does BO routinely mean "browser object"? i see BHO ("..helper..") often enough.

IE9, ENUS (english-US) and win764 all common enough in system files. drawing a blank on "SEM", tho.

sure looks like something IE9 (update?) related, but again, i'd figure there'd be THOUSANDS of googlits for such a thing.

 

tried to correct that first link, but beat the clock won out! :mad

 

The format of the file name reminds me of some kind of MSFT update, does the file date tie in with an update seen in (add/remove)Programs, if you check the show updates box and list them by date installed?

What's the exact location of the folder it's in?

When you uploaded to VT, there should have been a button to scan it again, you could try that, more recent virus definitions might reveal something more.

 

From what I am finding on this on the net, this thing is being reported as a virus.

 

yeah, if motc7 knows something the rest of us don't, pls tell us where you're seeing this!

satrow: it was just in a random folder. like "family photos". a very odd place for such a file, to be sure, but maybe i dragged it over at some point somehow.

plodr: ok, so noted. now -- legit or not, has it served its purpose (on IE9 upgrade, say) and can now be dispensed with?

 

That's even more strange; there have been malwares recently that are installing as C:\Windows\$NtUninstallKBxxxxx files - like genuine MSFT updates would.