7 x64: WHY!? Why does it keep deleting game EXEs after install?

[viivo]

I am at my wit's end. I have never been this aggravated due to a computer in my life. This used to happen only rarely, but lately with every single game I install the game's main executable magically deletes itself.

First of all, UAC is off, but I still get tons of authorization problems with folders and files. I'm tired, so I'll give an example of what just happened and hope it makes it clear:

Installed Gothic 3 from disc. Tried to run patch, tells me it can't move/rename Gothic3.exe. I go to the folder, right click on the exe and wait 20 seconds for the menu to pop up. It's read-only and I can't change it because I'm not authorized. The security tab is blank so I can't change ownership. I close the folder, open it again and Gothic3.exe has vanished. I try to copy the exe from the extracted patch but it tells me a file with that name already exists even though I don't see it (show hidden files is on.) I refresh and close it again, come back and am finally able to paste the new exe.

This is what I go through with every single god damn game I install. My PC is not infected with any malware, trojans, viruses, etc. I am the only person who uses this computer and am using an administrator account. I install most of my games in C:\games, and the problem still exists when installing to Program Files.

edit: I just looked in the game folder again and now the patched exe I copied into it is gone. What the motherfuck?

 

[Snapster]

That is definitely not normal behaviour, either you have borked hardware or your installation is screwed. You should only have to set permissions once on c: \ games and anything after that is fine, UAC or not. The fact it takes 20 seconds for the security tab to come up is an indication that something is not installed right.

Have you checked your hd or ram for errors?

Windows doesn't just delete files, anti-virus software 'might'

 

[viivo]

It's not on all files that the menu takes that long to load, only the ones that were deleted but still show up for some reason. The security tab shows up fine on everything and even though I can change ownership from "SYSTEM" to my account on all other folders and files, it reverts back to that and read-only.

I ran the WD utility on my HDD not too long ago and did memtest a couple months ago with no errors. I don't know what it is, but it's definitely something to do with user accounts and permissions.

 

[Gamingphreek]

If you look in your Application/System/Security Event Log's do you notice anything?

 

[XZeroII]

Just because you say you don't have a virus doesn't make it so. Also, by what you're describing, it sounds like you don't know what you're doing. Maybe you should give up using a computer and try sewing?

 

[Gamingphreek]

Just because you say you don't have a virus doesn't make it so. Also, by what you're describing, it sounds like you don't know what you're doing. Maybe you should give up using a computer and try sewing?

Seriously - you are going to bash the OP? Contribute something constructive or don't post at all!

 

[bankster55]

sure sounds like a virus to me

http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/

 

[viivo]

Just because you say you don't have a virus doesn't make it so. Also, by what you're describing, it sounds like you don't know what you're doing. Maybe you should give up using a computer and try sewing?

That was helpful. Are you sure you know what a tech forum is? It's not for anonymously loosing your emotional baggage. Maybe 4chan or furaffinity would be more to your liking.

I do not have a virus. I scan weekly with housecall, then download AVG and scan then uninstall it. I also use MB Anti-Malware. None of them have ever found anything.

 

[Gamingphreek]

That was helpful. Are you sure you know what a tech forum is? It's not for anonymously loosing your emotional baggage. Maybe 4chan or furaffinity would be more to your liking.

I do not have a virus. I scan weekly with housecall, then download AVG and scan then uninstall it. I also use MB Anti-Malware. None of them have ever found anything.

Don't pay any attention to that poster. Most of us here are more than happy to help - thats the best way to learn!!

So there are a couple issues with your scanning methodology:
1. I don't know anything about housecall which doesn't necessarily make it not good, but my profession is dealing with IT Security/Administration and it is odd that I haven't heard of it.

2. AVG back in the 7.x releases was really well written with good heuristics for detecting viruses. They changed all of that for the worse with 8.x. It is consistently middle of the pack at best at virus detections. I would highly highly recommend ESET's NOD32 or Microsoft Security Essentials both of which are outstanding products.

3. Malware Bytes deals more with spyware than viruses. Instead of attempting to compromise your system, this covers more of the tracking cookies and data accrued from general web surfing. It doesn't deal with objects in the nature that we are talking about.

If you don't mind trying some things, we can see about getting your problem fixed.

1. Uninstall MB, Housecall, and AVG. Install MSE (It will handle both Malware and Viruses as it supersedes Windows Defender). Get the most up-to-date definitions and run a full system scan. See if anything pops up.

2. Let the games install at the default location. Don't modify it or mess with the permissions.

3. Enable UAC again and don't even think about turning it off.

4. Verify that this patched EXE is legitimate. It just occurred to me that something could be quarantining it because it is malicious.

Let us know what you find and we can go from there - Good luck!

-GP

 

[Numenorean]

When you go to patch the game, did you run the patch with administrator rights? If not, it could be prevented from working since it's trying to modify an EXE file, even though that's what it's supposed to do.

 

[Aluvus]

I do not have a virus. I scan weekly with housecall, then download AVG and scan then uninstall it. I also use MB Anti-Malware. None of them have ever found anything.

Unfortunately, you can't prove a negative. Even if every AV program on the market concluded you did not have a virus, it would still be possible that you did. This might be because it is one none of the AV vendors have ever seen, or because you have a rootkit. These are relatively low-probability possibilities, but you can't actually rule them out.

As a general statement, the symptoms you describe are consistent with a virus.

 

[Meghan54]

1. I don't know anything about housecall which doesn't necessarily make it not good, but my profession is dealing with IT Security/Administration and it is odd that I haven't heard of it.

It's a free scanner from Trend Micro.....not exactly an antivirus company I'd personally put any trust into.

NOD32, Kaspersky, even MSE are much better alternatives...as already noted, OP.

 

[Steltek]

This sounds more like a rootkit behavior to me than a virus.

Personally, if this were my machine I'd back up my data, wipe the hard drive, and reinstall. You reach a point (and it sounds like the OP is probably there) where you've wasted enough time trying to fix the problem that a reinstall is the more feasible option to fixing. If you do reinstall, though, I'd wipe the hard drive first with a utility rather than just reformat.

I also agree with Gamingphreek - it would probably be worthwhile to check the Windows system and application logs for recurrent errors. Granted, the Windows logs are usually full of mostly useless dreck, but recurrent errors there can be indicative of failing hardware as well (like a bad hard drive or SATA cable, failing motherboard SATA controller, etc).

 

[Gamingphreek]

The only part that sounds remotely like a rootkit is the fact that an executable already exists with the given name. With that in mind, NOD32 and MSE are both able to detect rootkits.

OP, I would also like to suggest that you run the Windows Malicious Software Remove Tool.

Additionally, open a Command Prompt with Admin privileges, navigate to that directory and use 'dir' to display a directory listing. It will probably return the same thing if this is a rootkit as it would modify whatever the Windows equivalent system call is for directory traversal.

The only reservation I have in saying this is a virus/rootkit - what type of malicious software simply looks for a patched EXE and deletes it whenever the user copies it. There is no disruption of service or true compromised behavior. What would be the point - a person is going to design a rootkit (Arguably one of the most complex pieces of software to write and deploy) with more of a purpose in mind that what I am seeing here.

-GP

 

[bankster55]

On the other hand it could be an overactive AV that notes the registry patching actions and auto nukes the generator file

 

[13Gigatons]

What anti-virus are you using?

Maybe it's quarantining the files?