Ask the Expert

Malicious script detected within Microsoft documentation

I recently downloaded Microsoft's SQL2000 Documentation on my D drive (CD) and was installing it on my C drive when my antivirus software flashed a message ('Malicious Script MSiEXEC.exe') and advised me not to install the software on my computer. I sent an e-mail to Microsoft trying to find out if this is a virus. Your thoughts? Thanks.

    Requires Free Membership to View

I've been unable to verify the malicious code, but would recommend the following with McAfee (

"PE, Trojan, Internet worm and memory resident:
Use specified engine and DAT files for detection. To remove, boot to MS-DOS mode or use a boot diskette and use the command line scanner:

See Symantec ( that directs you to the MS error: OFF: Error Message: MSIEXEC Caused an Invalid Page Fault in MSIEXEC.EXE at ####:00400288 (Q217688)

Verify you do not have the MS error listed above, only it's being detected as something else.

Since you did not state the antivirus you were using, I also recommend contacting them and not Microsoft. This is especially true if the antivirus gave you the message and not the Microsoft OS.

Last but not least, if you do not have administrator rights I would venture to say your problem is not a virus but rights to install the SQL product.

For more information on this topic, visit these other resources:
Best Web Links: Malware
Best Web Links: Securing Microsoft applications

This was first published in June 2002

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: