8 replies to this topic

[wado]

Upon installing the newest version of MBAM, I was notified by WinPatrol that I had a new, run once startup program named "C:\Windows\is-MAQE8.exe /REG /REGSVRMODE"

Can you please clarify what this is and why it is here? And is it safe?

Thanks.

[noknojon]

Hi and Welcome -
I have spent over 30 mins searching for this item , but I have not yet found any related match -
Please disable your Antivirus , remove your copy of the program , reinstall and run a Quick Scan to see if anything is found -
To Fully Remove and Reinstall a Fresh New Copy of Malwarebytes - Read Carefully
Windows XP:

• Click on Start and select Control Panel
  
• Open Add/Remove Programs
  
• Uninstall Malwarebytes' Anti-Malware
  
• Restart your computer very important !
  
• Download and run mbam-clean.exe from Here

It will ask to restart your computer, please allow it to do so, very important
After the computer restarts, temporarily disable your Anti-Virus and install the latest version of Malwarebytes' Anti-Malware from Here

Windows Vista and Windows 7:

• Click on the Start button and select Control Panel
  
• Click on Programs and Features
  
• Uninstall Malwarebytes' Anti-Malware
  
• Restart your computer very important !
  
• Download and run mbam-clean.exe from Here

It will ask to restart your computer, please allow it to do so, very important
After the computer restarts, temporarily disable your Anti-Virus and install the latest version of Malwarebytes' Anti-Malware from Here

Note: You will need to reactivate the program using the license you were sent via email if using the Paid version only
Launch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates.
Restart the computer again and verify that MBAM is in the task tray if using the Pro version. Now reset any file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications and restart your Anti-Virus/Internet-Security applications.
You may use the guides posted in the FAQ's here or ask me and I'll explain how to do it.

Thank You -

[screen317]

I think something similar has been brought up and someone commented that the file in question was part of the installer..

[noknojon]

The REGSVRMODE section is a part of some installers , and as above , it may be part of V1.50 installer - (Not my department) I cannot find this item still -
Reinstall with the method I left (if you wish) or wait and see if it is only the one instance -

Thank You -

[wado]

I can confirm that if I go to the properties of this .exe and go to "Digital Signatures", there is definately a digital signature from the "Malwarebytes Corporation".

Are you sure this is not supposed to happen? I do not see reinstlaling the program as a way to find out what this is all about. I am more interested as to why this is here in the first place. If it has a Digital Signature from the Malwarebytes Corporation, then surely you must know why this is here?

Thankyou for your help and anything further would be great.

[wado]

Keep in mind that the .exe is named "is-MAQE8.exe"

[exile360]

The is represents InnoSetup, the type of installation package that we use. Often there will be several such files which are used for registering our exe's and dll's and also replacing files on reboot that were in use when an upgrade install is being performed (ie, installing 1.50 over a previous version).

[wado]

Okay, but what is MAQE8.exe? And what does the /REG /REGSVRMODE after it mean?

[exile360]

That's just a file name, it can't have the same name as the file it's going to replaced and must be renamed after reboot to overwrite the in-use file. As for /reg /regsvrmode, that means it's being registered, the way an exe or dll is registered upon installation.