Avast WEBforum
Other => Viruses and worms => Topic started by: CARLIN on February 22, 2009, 03:46:41 PM
-
Suspicious File Found!
A suspicious file has been detected (using a heuristic method) This may be a sign of malware infection. Please allow the the file to be submitted to our virus lab for analisys
File Name: C:\autorun.exe
Type: rootkit: hidden process
I received this warning from my Avast 4.8...pro. My SO:Windows XP PRO SP3. I'm Very worrry about this!
-
The file name and path is very strange. Seems an infected file really.
Did you send it to Chest (quarantine)?
I recommend a full avast scanning of your computer.
-
It is most certainly suspicious as a) autorun.exe is a strange file to have in the root folder, b) there may also be an autorun.inf in the same location and that may run this file and c) there are some adverse google hits for this file name.
http://www.file.net/process/autorun.exe.html (http://www.file.net/process/autorun.exe.html)
If autorun.exe is located in C:\ then the security rating is 22% dangerous. File size is 508555 bytes (33% of all occurrence), 303104 bytes, 327680 bytes. The program has a visible window. autorun.exe is not a Windows system file. There is no description of the program. autorun.exe is able to record inputs.
http://www.threatexpert.com/files/autorun.exe.html (http://www.threatexpert.com/files/autorun.exe.html)
You should submit that file to avast so it can be further analysed.
I would also suggest you rename it as say autoSUSrun.exe so if there is a command in the registry or an autorun.inf file to run autorun.exe then it won't find that file (as you renamed it).
You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner (http://www.virustotal.com/) and report the findings here the URL in the Address bar of the VT results page.
If you haven't already got this software (freeware), download, install, update and run it, preferably in safe mode and report the findings (it should product a log file).
- 1. SUPERantispyware (http://www.superantispyware.com) On-Demand only in free version.
- 2. MalwareBytes Anti-Malware, On-Demand only in free version http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe (http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe), right click on the link and select Save As or Save File (As depending on your browser), save it to a location where you can find it easily later.
-
I just ran into the same problem where if i manually went into c:\ or any of my logical drives it tried to load a reg key to the recycler. Same Problem?
-
Same problem, same drill download the programs, install, update them and run from safe mode.
-
I opened my C drive and C:\AUTORUN.exe is the file associated with my Intel PRO Network Connections
It was created in Oct. 6, 2006. This means it can not be a malicious file. I think it is OK to click "ignore"..!
-
Hi james-from-houston,
Here is some info on it. Rating is for this executable in this location 22% dangerous.
Upload the file in question to virustotal.com to see if only Avast is flagging it....
http://www.file.net/process/autorun.exe.html
In the case it is malware see info on this worm:
http://vil.nai.com/vil/content/v_140161.htm
polonus