Author Topic: SOS! C:\autorun.exe  (Read 10240 times)

0 Members and 1 Guest are viewing this topic.

CARLIN

  • Guest
SOS! C:\autorun.exe
« on: February 22, 2009, 03:46:41 PM »
Suspicious File Found!
A suspicious file has been detected (using a heuristic method) This may be a sign of malware infection. Please allow the the file to be submitted to our virus lab for analisys


File Name:  C:\autorun.exe
Type:        rootkit: hidden process

 
I received this warning from my Avast 4.8...pro. My SO:Windows XP PRO SP3. I'm Very worrry about this!
« Last Edit: February 22, 2009, 03:53:26 PM by CARLIN »

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: SOS! C:\autorun.exe
« Reply #1 on: February 22, 2009, 04:05:37 PM »
The file name and path is very strange. Seems an infected file really.
Did you send it to Chest (quarantine)?
I recommend a full avast scanning of your computer.
The best things in life are free.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88900
  • No support PMs thanks
Re: SOS! C:\autorun.exe
« Reply #2 on: February 22, 2009, 04:08:02 PM »
It is most certainly suspicious as a) autorun.exe is a strange file to have in the root folder, b) there may also be an autorun.inf in the same location and that may run this file and c) there are some adverse google hits for this file name.

http://www.file.net/process/autorun.exe.html
Quote
If autorun.exe is located in C:\ then the security rating is 22% dangerous. File size is 508555 bytes (33% of all occurrence), 303104 bytes, 327680 bytes. The program has a visible window. autorun.exe is not a Windows system file. There is no description of the program. autorun.exe is able to record inputs.

http://www.threatexpert.com/files/autorun.exe.html

You should submit that file to avast so it can be further analysed.

I would also suggest you rename it as say autoSUSrun.exe so if there is a command in the registry or an autorun.inf file to run autorun.exe then it won't find that file (as you renamed it).

You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here the URL in the Address bar of the VT results page.

If you haven't already got this software (freeware), download, install, update and run it, preferably in safe mode and report the findings (it should product a log file).
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Mystic

  • Guest
Re: SOS! C:\autorun.exe
« Reply #3 on: February 27, 2009, 10:21:16 PM »
I just ran into the same problem where if i manually went into c:\ or any of my logical drives it tried to load a reg key to the recycler. Same Problem?

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88900
  • No support PMs thanks
Re: SOS! C:\autorun.exe
« Reply #4 on: February 27, 2009, 10:27:49 PM »
Same problem, same drill download the programs, install, update them and run from safe mode.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

james-from-houston

  • Guest
Re: SOS! C:\autorun.exe
« Reply #5 on: January 30, 2010, 09:32:49 PM »
I opened my C drive and C:\AUTORUN.exe is the file associated with my Intel PRO Network Connections
It was created in Oct. 6, 2006. This means it can not be a malicious file. I think it is OK to click "ignore"..!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: SOS! C:\autorun.exe
« Reply #6 on: January 31, 2010, 01:42:33 AM »
Hi james-from-houston,

Here is some info on it. Rating is for this executable in this location 22% dangerous.
Upload the file in question to virustotal.com to see if only Avast is flagging it....
http://www.file.net/process/autorun.exe.html
In the case it is malware see info on this worm:
http://vil.nai.com/vil/content/v_140161.htm

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!