Avast WEBforum

Other => Viruses and worms => Topic started by: CARLIN on February 22, 2009, 03:46:41 PM

Title: SOS! C:\autorun.exe
Post by: CARLIN on February 22, 2009, 03:46:41 PM

Suspicious File Found!
A suspicious file has been detected (using a heuristic method) This may be a sign of malware infection. Please allow the the file to be submitted to our virus lab for analisys


File Name:  C:\autorun.exe
Type:        rootkit: hidden process
 
I received this warning from my Avast 4.8...pro. My SO:Windows XP PRO SP3. I'm Very worrry about this!

Title: Re: SOS! C:\autorun.exe
Post by: Lisandro on February 22, 2009, 04:05:37 PM

The file name and path is very strange. Seems an infected file really.
Did you send it to Chest (quarantine)?
I recommend a full avast scanning of your computer.

Title: Re: SOS! C:\autorun.exe
Post by: DavidR on February 22, 2009, 04:08:02 PM

It is most certainly suspicious as a) autorun.exe is a strange file to have in the root folder, b) there may also be an autorun.inf in the same location and that may run this file and c) there are some adverse google hits for this file name.

http://www.file.net/process/autorun.exe.html (http://www.file.net/process/autorun.exe.html)

Quote

If autorun.exe is located in C:\ then the security rating is 22% dangerous. File size is 508555 bytes (33% of all occurrence), 303104 bytes, 327680 bytes. The program has a visible window. autorun.exe is not a Windows system file. There is no description of the program. autorun.exe is able to record inputs.

http://www.threatexpert.com/files/autorun.exe.html (http://www.threatexpert.com/files/autorun.exe.html)

You should submit that file to avast so it can be further analysed.

I would also suggest you rename it as say autoSUSrun.exe so if there is a command in the registry or an autorun.inf file to run autorun.exe then it won't find that file (as you renamed it).

You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner (http://www.virustotal.com/) and report the findings here the URL in the Address bar of the VT results page.

If you haven't already got this software (freeware), download, install, update and run it, preferably in safe mode and report the findings (it should product a log file).

• 1. SUPERantispyware (http://www.superantispyware.com) On-Demand only in free version.
• 2. MalwareBytes Anti-Malware, On-Demand only in free version http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe (http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe), right click on the link and select Save As or Save File (As depending on your browser), save it to a location where you can find it easily later.

Title: Re: SOS! C:\autorun.exe
Post by: Mystic on February 27, 2009, 10:21:16 PM

I just ran into the same problem where if i manually went into c:\ or any of my logical drives it tried to load a reg key to the recycler. Same Problem?

Title: Re: SOS! C:\autorun.exe
Post by: DavidR on February 27, 2009, 10:27:49 PM

Same problem, same drill download the programs, install, update them and run from safe mode.

Title: Re: SOS! C:\autorun.exe
Post by: james-from-houston on January 30, 2010, 09:32:49 PM

I opened my C drive and C:\AUTORUN.exe is the file associated with my Intel PRO Network Connections
It was created in Oct. 6, 2006. This means it can not be a malicious file. I think it is OK to click "ignore"..!

Title: Re: SOS! C:\autorun.exe
Post by: polonus on January 31, 2010, 01:42:33 AM

Hi james-from-houston,

Here is some info on it. Rating is for this executable in this location 22% dangerous.
Upload the file in question to virustotal.com to see if only Avast is flagging it....
http://www.file.net/process/autorun.exe.html
In the case it is malware see info on this worm:
http://vil.nai.com/vil/content/v_140161.htm

polonus