AutoPlay.exe

Discussion in 'other anti-virus software' started by ajcstr, Jul 28, 2007.

Thread Status:
Not open for further replies.
  1. ajcstr

    ajcstr Registered Member

    Joined:
    Oct 28, 2004
    Posts:
    182
    Avg Free is flagging this as a trojan. It is in the hp/bin folder as well as user directories.

    Could this be a legit file? maybe part of HP's backweb which I know gets flagged sometimes

    If ok - How can I exclude from future scans?
     
  2. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    hello ajcstr,
    i think it might be worth uploading the file in question to virustotal
    i dont know how to exclude the file from future scans since ive never really used avg free but im sure someone can tell you how if its an fp
    http://www.virustotal.com/
    lodore
     
  3. ajcstr

    ajcstr Registered Member

    Joined:
    Oct 28, 2004
    Posts:
    182
    Tried this and I just get the screen back with no result - same thing with kaspersky file scanner. Just comes back with the same screen like I entered nothing
     
  4. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,095
    Location:
    Mountaineer Country
  5. Niels

    Niels Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    466
    Location:
    Belgium
  6. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    Hello,
    what browser did you use?
    sometimes it doesnt work here in opera or firefox but it works fien in internet explorer.
    lodore
     
  7. ajcstr

    ajcstr Registered Member

    Joined:
    Oct 28, 2004
    Posts:
    182
    yes -I used IE 6
     
  8. ajcstr

    ajcstr Registered Member

    Joined:
    Oct 28, 2004
    Posts:
    182
    Well then can it be set not to automatically delete the files it thinks are infected?
     
  9. Niels

    Niels Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    466
    Location:
    Belgium
  10. EliteKiller

    EliteKiller Registered Member

    Joined:
    Jan 18, 2007
    Posts:
    1,138
    Location:
    TX
    There are several files in the c:\hp\bin folder that are flagged as malware, but in fact they are FP's.
     
  11. ajcstr

    ajcstr Registered Member

    Joined:
    Oct 28, 2004
    Posts:
    182
    Funny thing about this one is, I can't copy it to another location which is disturbing.

    I can't send it to any of the online checkers (I guess cause I can't copy it?)

    It is in the C:hp\bin\ folder as AUTOPLAY.exe but also in 2 startup folders - one in a user account and another in "default user" startup folder, both as AutoPlay.exe

    I have run cureit, super antispyware and active scan and none of these programs flag it.

    So I'm really not sure what to do with it. Avg keeps putting it in quaranteen and I keep restoring it.
     
    Last edited: Jul 31, 2007
  12. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    If it is running you will not have access to it, so shut it down in Task Manager then try.

    You could also remove the icon from the startup folders and reboot, that would stop it also (if it wasn't malware).

    I don't have this prog in my HP bin folder, but Googling shows that plenty of others do - so it's probably legit (though it could be a Riskware finding - Killwind.exe and Terminator.exe, both in HP/bin, are often flagged as riskware).
     
  13. ajcstr

    ajcstr Registered Member

    Joined:
    Oct 28, 2004
    Posts:
    182
    I don't see it in task manager and it does not show up on HJT as a running process (which again does not make sense). Maybe I will try to copy in safe mode.

    Yes - Panda does not like these, but AVG does not flag them:

    C:\hp\bin\KillIt.exe
    C:\hp\bin\KillWind.exe
    C:\hp\bin\Terminator.exe
     
  14. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    If it has an auto-start entry it will be running at boot-up, but if it shuts down again (having performed its task) it will vanish from TM. That doesn't explain why it is not accessible after it stops running though - try removing the autostart and reboot into safe and see what happens.
     
  15. ajcstr

    ajcstr Registered Member

    Joined:
    Oct 28, 2004
    Posts:
    182
    I was able to boot into safe mode and copy the exe file to a USB drive, but still can't "upload" it. I browse to the location of the file, hit sumbit and it does nothing.
     
  16. EliteKiller

    EliteKiller Registered Member

    Joined:
    Jan 18, 2007
    Posts:
    1,138
    Location:
    TX
    http://www.virustotal.com/metodos.html
     
  17. ajcstr

    ajcstr Registered Member

    Joined:
    Oct 28, 2004
    Posts:
    182
    OK - I sent it - will update when I get a response
     
  18. ajcstr

    ajcstr Registered Member

    Joined:
    Oct 28, 2004
    Posts:
    182
    Based on this I would say its a FP

    Complete scanning result of "AutoPlay.exe", processed in VirusTotal at
    08/03/2007 16:05:36 (CET).

    [ file data ]
    * name: AutoPlay.exe
    * size: 36864
    * md5.: b47dd684b79b4d8887bfe75abae1037a
    * sha1: 07be38f83df83d257adb0a4d91225f968cfe31ee

    [ scan result ]
    AhnLab-V3 2007.8.3.0/20070803 found nothing
    AntiVir 7.4.0.57/20070803 found nothing
    Authentium 4.93.8/20070802 found nothing
    Avast 4.7.1029.0/20070802 found nothing
    AVG 7.5.0.476/20070802 found [Generic4.BO]
    BitDefender 7.2/20070803 found nothing
    CAT-QuickHeal 9.00/20070803 found nothing
    ClamAV 0.91/20070803 found nothing
    DrWeb 4.33/20070803 found nothing
    eSafe 7.0.15.0/20070731 found nothing
    eTrust-Vet 31.1.5029/20070803 found nothing
    Ewido 4.0/20070803 found nothing
    F-Prot 4.3.2.48/20070802 found nothing
    F-Secure 6.70.13030.0/20070803 found nothing
    FileAdvisor 1/20070803 found nothing
    Fortinet 2.91.0.0/20070803 found nothing
    Ikarus T3.1.1.8/20070803 found nothing
    Kaspersky 4.0.2.24/20070803 found nothing
    McAfee 5089/20070802 found nothing
    Microsoft 1.2704/20070803 found nothing
    NOD32v2 2436/20070803 found nothing
    Norman 5.80.02/20070803 found nothing
    Panda 9.0.0.4/20070803 found nothing
    Prevx1 V2/20070803 found nothing
    Rising 19.34.40.00/20070803 found nothing
    Sophos 4.19.0/20070801 found nothing
    Sunbelt 2.2.907.0/20070803 found nothing
    Symantec 10/20070803 found nothing
    TheHacker 6.1.7.161/20070803 found nothing
    VBA32 3.12.2.2/20070801 found nothing
    VirusBuster 4.3.26:9/20070803 found nothing
    Webwasher-Gateway 6.0.1/20070803 found nothing
     
Thread Status:
Not open for further replies.