Results 1 to 10 of 12

Thread: Win32.Autorun

Hybrid View

  1. #1
    dre21 Guest

    Default Win32.Autorun

    Hi
    Zonealarm
    Spyware scan hits on a trojan named Win32.autorun . It will Quarantine it but after a reboot it will hit on the same thing again .I researched the internet and have found a few trojans named win32.autorun but they all look like this (
    win32.autorun.nb)
    or some other letters after the autorun.Mine does not .I have Spy Hunter Security Suit 3 also installed and ran it after I did a reboot and they could not find anything .Spy Hunter scans the registery also
    and in all the
    win32.autorun trojan posts that I have read this thing is in the registry.
    Is this a false positive message from Zonealarm or is this a real trojan ? And if yes what do I need to do to get rid of it for good ?thank you for any help

    Operating System:Windows XP Pro
    Software Version:7.0
    Product Name:ZoneAlarm Internet Security Suite

  2. #2
    Join Date
    Dec 2002
    Location
    Mikado Michigan
    Posts
    2,596

    Default Re: Win32.Autorun

    What file is it saying has this trojan?
    My homes are SpywareHammer.com and DonHoover.net and BleepingComputer.com


    Consumer Security - 2011 & 2012

    Tilting at windmills hurts you more than the windmills.
    -From the Notebooks of Lazarus Long
    Senior of the Howard Families

  3. #3
    dre21 Guest

    Default Re: Win32.Autorun

    c-file in system restore.
    I will do a new scan and will post the findings after i restart the pc .There will be like 3 files that it tells me it finds all in system restore and all are .exe files .But when I do a search fort hem my PC can not find such files.

  4. #4
    Join Date
    Dec 2002
    Location
    Mikado Michigan
    Posts
    2,596

    Default Re: Win32.Autorun

    If they are in the system restore , then they may not be on your computer anymore, at least not in the active portion of the Harddrive. Turn off system restore then turn it back on and reboot, then do another scan. If they are only in system restore, then they will be totally gone.
    My homes are SpywareHammer.com and DonHoover.net and BleepingComputer.com


    Consumer Security - 2011 & 2012

    Tilting at windmills hurts you more than the windmills.
    -From the Notebooks of Lazarus Long
    Senior of the Howard Families

  5. #5
    dre21 Guest

    Default Re: Win32.Autorun

    I did what you said and ran a scan again afterwards and the win32.autorun did not come up again but it found two new ones .
    File: C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
    GUID: {5E2121EE-0300-11D4-8D3B-444553540000}
    RegistryKey: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{5E2121E E-0300-11D4-8D3B-444553540000}
    RegistryKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Shell Extensions\Approved\{5E2121EE-0300-11D4-8D3B-444553540000}
    and this one in macromedia flash player .
    File: C:\WINDOWS\system32\Macromed\Flash\FlashUtil9e.exe
    GUID: {D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}
    RegistryKey: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{D4304BC F-B8E9-4B35-BEA0-DC5B522670C2}
    RegistryKey: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{D4304BC F-B8E9-4B35-BEA0-DC5B522670C2}
    RegistryKey: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.mfp\Content Type
    RegistryKey: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.sol\Content Type
    RegistryKey: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.sor\Content Type
    RegistryKey: HKEY_LOCAL_MACHINE\SOFTWARE\Macromedia\FlashPlayer ActiveX
    RegistryKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights
    File: C:\WINDOWS\system32\Macromed\Flash\install.log
    RegistryKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe
    RegistryKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\SharedDlls\C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
    RegistryKey: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TypeLib\{D27CD B6B-AE6D-11CF-96B8-444553540000}\1.0\0\win32\(Default)
    I might add I just did a reformat so my maschine is pretty clean I haven't even been surfing the web much just been installing programms and updates that I lost after the reformat.

  6. #6
    Join Date
    Dec 2002
    Location
    Mikado Michigan
    Posts
    2,596

    Default Re: Win32.Autorun

    May I ask why you had to format and reinstall?
    My homes are SpywareHammer.com and DonHoover.net and BleepingComputer.com


    Consumer Security - 2011 & 2012

    Tilting at windmills hurts you more than the windmills.
    -From the Notebooks of Lazarus Long
    Senior of the Howard Families

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •