Security → Setup.exe

Recently my pc became very slow and unresponsive with the hard drive working. I checked Task Manager and saw that something called 'setup.exe' in 'System' was taking up huge amounts of cpu/memory.
I was not installing or uninstalling anything at the time. I eventually rebooted to get my pc back to normal speed. Does anyone know what this would be and if it is a legit file, is it necessary?
Thanks for any advice.

That could be pretty much anything, legit or not. There are plenty of different files out there called setup.exe... Do a search on your hard drives, and see what comes up. Submit to virustotal if you feel the need.

If you could have run Sysinternals Process Explorer while it was running, you could have found out where the file is/was located.

End that process, and see how the computer reacts. If it restarts automagically, you may have a problem. Finding out what it is, is the first step.

Thanks for the replies VikingBob and Juggernaut.It hasn't kicked in again yet, but when/if it does I'll see if I can pin down where it's located. In the meantime I've run Malwarebytes and that found nothing.

Something named "Setup.exe" would create folders/files you'd think.
I'd do a file search for all the folders/files created today (or whatever date the unknown process was seen) looking for something out of the norm.

Did a search and found 'setup.exe' in...
C/Windows/System32
C/Windows/System32/Dll cache

Also several in C/Program files/Installshield Installation Information
(type: setup launcher)

As the 'user' in Task Manager when it was running was 'system' I'm picking it might have been the one in the system32 folder.
Its size is 22.5kb and type is 'Windows NT setup executable'
Can't think why it would run for no apparent reason though.

You could try uploading that individual file to VirusTotal?

You should upload it as Dustyn suggests.

*If* setup.exe was malware it may not be searchable after execution, so I'd actually pay more attention to any files or folders that were created.
Have you looked at event viewer for any entries that could explain it?

Ok. Just uploaded and no detections.
Looks like it may be a legit file, but now wondering if it is a necessary one if it 'freezes' the computer when running.

Just checked 'event viewer' system log and all 'system' user events are listed as either 'Service Control Manager' or a few as DCOM (source) 'error'.

Send it over to a sandbox for an analysis.
»www.threatexpert.com/submit.aspx

Analysis: Something about host being Internet Systems Consortium?
Nothing else.

It could have been a corrupted installer, poorly coded program etc, an endless loop because of it etc. Setup.exe is a standard installer file.

You need to monitor your task manger and the memory/cpu components of performance and also cpu and memory columns of the processes tab. Please use also (check box); view-select columns-select PID

If you can see something is high on usage and the networking tab shows high usage - and you are not downloading, you may need to run:
cmd (under admin)- type netstat -ano - the PID will match so we can link the IP addresses to the process. I can go into detail but with such limited info to start with, at least operating system etc to help be more specific in replies.

»www.nirsoft.net/utils/co ··· iew.html

Use this to see what triggered it or Windows cleanup utility,too.

Thanks for the advice. Setup.exe hasn't cut in again as yet but have d/loaded 'LastActivity' and will run it if it does. (and if I can!)

Windows XP
Firefox

It's a standalone app that doesn't need installing!

But doesn't it need to be activated from its exe file when required? (When setup.exe was running, my pc 'froze' and I couldn't get to anything)

Just double click the program exe........if nothing happens then you've got other problems.