Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: Win32.Autorun

  1. #1
    dre21 Guest

    Default Win32.Autorun

    Hi
    Zonealarm
    Spyware scan hits on a trojan named Win32.autorun . It will Quarantine it but after a reboot it will hit on the same thing again .I researched the internet and have found a few trojans named win32.autorun but they all look like this (
    win32.autorun.nb)
    or some other letters after the autorun.Mine does not .I have Spy Hunter Security Suit 3 also installed and ran it after I did a reboot and they could not find anything .Spy Hunter scans the registery also
    and in all the
    win32.autorun trojan posts that I have read this thing is in the registry.
    Is this a false positive message from Zonealarm or is this a real trojan ? And if yes what do I need to do to get rid of it for good ?thank you for any help

    Operating System:Windows XP Pro
    Software Version:7.0
    Product Name:ZoneAlarm Internet Security Suite

  2. #2
    Join Date
    Dec 2002
    Location
    Mikado Michigan
    Posts
    2,596

    Default Re: Win32.Autorun

    What file is it saying has this trojan?
    My homes are SpywareHammer.com and DonHoover.net and BleepingComputer.com


    Consumer Security - 2011 & 2012

    Tilting at windmills hurts you more than the windmills.
    -From the Notebooks of Lazarus Long
    Senior of the Howard Families

  3. #3
    dre21 Guest

    Default Re: Win32.Autorun

    c-file in system restore.
    I will do a new scan and will post the findings after i restart the pc .There will be like 3 files that it tells me it finds all in system restore and all are .exe files .But when I do a search fort hem my PC can not find such files.

  4. #4
    Join Date
    Dec 2002
    Location
    Mikado Michigan
    Posts
    2,596

    Default Re: Win32.Autorun

    If they are in the system restore , then they may not be on your computer anymore, at least not in the active portion of the Harddrive. Turn off system restore then turn it back on and reboot, then do another scan. If they are only in system restore, then they will be totally gone.
    My homes are SpywareHammer.com and DonHoover.net and BleepingComputer.com


    Consumer Security - 2011 & 2012

    Tilting at windmills hurts you more than the windmills.
    -From the Notebooks of Lazarus Long
    Senior of the Howard Families

  5. #5
    dre21 Guest

    Default Re: Win32.Autorun

    I did what you said and ran a scan again afterwards and the win32.autorun did not come up again but it found two new ones .
    File: C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
    GUID: {5E2121EE-0300-11D4-8D3B-444553540000}
    RegistryKey: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{5E2121E E-0300-11D4-8D3B-444553540000}
    RegistryKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Shell Extensions\Approved\{5E2121EE-0300-11D4-8D3B-444553540000}
    and this one in macromedia flash player .
    File: C:\WINDOWS\system32\Macromed\Flash\FlashUtil9e.exe
    GUID: {D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}
    RegistryKey: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{D4304BC F-B8E9-4B35-BEA0-DC5B522670C2}
    RegistryKey: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{D4304BC F-B8E9-4B35-BEA0-DC5B522670C2}
    RegistryKey: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.mfp\Content Type
    RegistryKey: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.sol\Content Type
    RegistryKey: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.sor\Content Type
    RegistryKey: HKEY_LOCAL_MACHINE\SOFTWARE\Macromedia\FlashPlayer ActiveX
    RegistryKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights
    File: C:\WINDOWS\system32\Macromed\Flash\install.log
    RegistryKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe
    RegistryKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\SharedDlls\C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
    RegistryKey: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TypeLib\{D27CD B6B-AE6D-11CF-96B8-444553540000}\1.0\0\win32\(Default)
    I might add I just did a reformat so my maschine is pretty clean I haven't even been surfing the web much just been installing programms and updates that I lost after the reformat.

  6. #6
    Join Date
    Dec 2002
    Location
    Mikado Michigan
    Posts
    2,596

    Default Re: Win32.Autorun

    May I ask why you had to format and reinstall?
    My homes are SpywareHammer.com and DonHoover.net and BleepingComputer.com


    Consumer Security - 2011 & 2012

    Tilting at windmills hurts you more than the windmills.
    -From the Notebooks of Lazarus Long
    Senior of the Howard Families

  7. #7
    dre21 Guest

    Default Re: Win32.Autorun

    I did a reformat to get rid of that Win32Autorun. trojan warning .
    I got rid of the zlob trojan (which I got by installing a codec)
    by running Zonealarm and Spy Hunter but the Win32 Autorun stayed so I decided to do a reformat.If I would have known that all I needed to do was turn off restore and reboot I would not have done a reformat .

  8. #8
    Join Date
    Dec 2002
    Location
    Mikado Michigan
    Posts
    2,596

    Default Re: Win32.Autorun

    But if turning off system restore got rid of it, then so should have a format, but it didn't, so you still have the original problem. I am going to send you someplace else to get a different kind of help. I may even stop in to help out there. Go over to Castlecops and sign up, its free. http://www.castlecops.com Then go to this page, http://www.castlecops.com/f67-Trend_...This_Logs.html and read the sticky posts at the top, follow the instructions, and then post the requested logs. Someone will help you out. They are good at it. The reason I am sending you there, is that It is possible you have something larger than what we deal with here. Make sure to mention about the format, why you did it, and what showed up after.
    My homes are SpywareHammer.com and DonHoover.net and BleepingComputer.com


    Consumer Security - 2011 & 2012

    Tilting at windmills hurts you more than the windmills.
    -From the Notebooks of Lazarus Long
    Senior of the Howard Families

  9. #9
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: Win32.Autorun

    Sometimes the infection is on the media drive (USB or card), Formatting cleans the PC, but it can get re-infected from re-using the infected media.
    Oldsod.
    Best regards.
    oldsod

  10. #10
    dre21 Guest

    Default Re: Win32.Autorun

    Well my system seems to be clean of all trojans .
    I did a few more scans
    Windows defender deep scan
    then I did go to PCpitstop and did that one also ran Spyhunter deepscan
    again and right after that Zonealarm and all they came up with was the regular tracking cookies you get from surfing the web .
    I will keep the Castlecops on my favorite list just incase .I would like to say thank you for the help and helping me getting rid of the Win32Autorun. trojan warning and the direction to Castlecops if I have further problems .I will keep scanning my PC on a daily basis now .
    Thanks again.
    Dre21 aka Andre

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •