Today I had an unusual problem - the customer wants to install an epson scanner driver, and it downloads as a winzip self extractor.
it downloads correctly, unzips automatically, but then launches a fraps installation program!
I sent myself the downloaded file, and it is definitely an Epson scanner driver..
How could this happen?
Malware bytes and MB rootkit both run, and found nothing.
(one thing I just though of, but can't test just now, is maybe there's a setup.com file in the extractor folder, and it has higher running priority than setup.exe?)
Alternatively, where does winzip extract it's files to, as there always seems to be a variety of tmp folders!