f.lux auto-uninstalls after install
-
Does webroot leave any logs behind?
(It is very unusual for an EXE to disappear without antivirus. We certainly never would delete our own app.)
We are still scanning totally clean on virus total:
https://www.virustotal.com/en/file/33c38e32739642e3dc9ecae3fba9266fea6242c937ab5133bcda75af5127537e/analysis/1503364137/ -
As far as I can tell, I am running only Microsoft security essentials and Spybot Search and destory.
I opened the install directory (appdata/local/fluxsoftware/flux) and then ran the installer again. Same thing, the app launched, then disappeared like before. But in the install directory, I could see these files and folders: medial, runtime, flux.exe, and uninstall. After the app shutdown I looked in the install folder and about three seconds later flux.exe disappeared from the folder leaving the two folders and uninstall. The uninstaller works, btw, when clicked.
Edit: I uninstalled spybot, and tried again with the same result. I also disabled live protection for microsoft security essentials, all with the same result.
-
Can you try one of these ideas to see which process is deleting f.lux?
https://serverfault.com/questions/458120/exe-files-being-deleted
-
I gave the process monitor a try. I filtered on activity inthe Flux install directory, and any Delete events. Here are screenshots of the results when attempting to install flux4.
-
I do not have any of the "prey" activity. Assume you are running https://www.preyproject.com/?
More worrisome is that regsvr32.exe seems to be actually deleting f.lux, which I've never seen before. This may be a malware version of regsvr32.exe.
Can you get a different Antivirus and see if it can help?
-
I didn't know how to read the report, so thank you on that front. I will definitely try a different malware/antivirus software!
-
I've run some malware scans. Microsoft security essentials comes up with nothing. Spybot S&D found a few tracking cookies. I'm currently running a scan with zemana anti malware, and it flags rgsvr32.exe as a "hollow process". When the scan is done I'll clean it and try installing flux again.
EDIT: update. i finished the Zemana scan, cleaned the defective files and I have successfully installed F.lux. I ran the process monitor during this install, and the delete events did not occur. Thank you for your help! I never would have gotten flux working, or found this bit of malware, without your help!
-
@aniMattor :) :) :)
-
I downloaded and tried Zemana as well but my problem persists. I'll see if I can disable Webroot and try again...
-
@jwsl1200mk2 you could try procmon too - it is not that hard to do... :)