Sign in to follow this  
HelenGrace

C:\windows\system32\autorun.ini safe to quarantine?

Recommended Posts

Hello to all,
A-A Pro just tagged C:\windows\system32\autorun.ini as W32.Trojan.Spy and wants to quarantine but because I'm not sure if this might be an essential system file I instead chose to add to ignore list. Will it be safe to quarantine? and how will A-A flag this again since I chose to place it in ignore list?

Share this post


Link to post
Share on other sites
Which OS do you run? I have XP Pro and don't have that file in that folder, but I have several autorun.[b]INF[/b] files in my directory of installations, e.g. Adobe. I may not have it in the Win/Sys32 folder since I turned off auto-run as a security measure - it can be exploited by viruses on removable media such as CDs and thumb drives, spreading the infection to your PC.

The INF and INI files I have are text file commands, e.g. Adobe:

[autorun]
open=AutoPlay.exe -c
icon=Acrobat.ico

The programs refer to these commands to know how to handle execution and which icons to use. You can view by opening notepad and dragging the file to notepad since it's a simple text editor. I'm guessing if it looks legit like the above example, it's probably safe. If there's a bunch of jibberish, it's probably malicious code.

To be totally safe, you could post an inquiry in the False Positives forum:

Instructions
[url="http://www.lavasoftsupport.com/index.php?showtopic=18033"]http://www.lavasoftsupport.com/index.php?showtopic=18033[/url]

Forum
[url="http://www.lavasoftsupport.com/index.php?showforum=93"]http://www.lavasoftsupport.com/index.php?showforum=93[/url]

Lavasoft will take a look at your uploaded file and let you know if it's safe or not.

PS. another hint if it's malicious - a recent created date. If it's recent but you haven't installed anything lately, it may indicate you picked up something. Edited by visitor

Share this post


Link to post
Share on other sites
I looked at our other PCs here and I can't find autorun.ini in any of them at this same location and after a bit of research thru Google I decided A-A is right and let it quarantine this file flagged as W32.Trojan.Spy. By the way this is in my fathers Compaq laptop which now has Ad-Aware Pro with it too. I ran a first scan and it found 10+ various types of trojans, 2 adware and lots of (the usual) tracking cookies. This laptop had previously been 'protected' by Kaspersky Internet Security 2009 and from this I conclude that A-A Pro is better than KIS2009. I especially like that A-A has a low performance hit, with KIS2009 it felt very sluggish especially during update. Also look at this review by PC Mag to confirm A-A is one of the best: [url="http://www.pcmag.com/article2/0,2817,2366081,00.asp"]http://www.pcmag.com/article2/0,2817,2366081,00.asp[/url]. Although the title of the article is kind of in the negative if you look closely at their graphs you will find that A-A Pro actually does well compared to other products.

Share this post


Link to post
Share on other sites
Nice to read it does a good job keeping rootkits out. But I take reviews with a grain of salt since they seem trendy. A few years ago AVG was all the rage, then Avast, now MS Security Essentials. All the techies I know don't like Ad-Aware now, but frankly the only reason I still use AVG and Ad-Aware is because I don't like to update software unless definition updates stop. AVG and Ad-Aware Anniversary Edition 8.0 do full scans in about 90 mins - I safe surf and have my browsers configured so I rarely get hit by anything, so I'm happy.

Share this post


Link to post
Share on other sites
Hello visitor,
I read somewhere in these forums that you are still using avg8.5. I had used that before also but upgraded to 9.0 as soon as it was available and in my experience 9.0 was A LOT better(lighter and more secure). A good thing about avg was that it was simple and stable but I felt it had a bit of performance hit, however, since your also using A-A, I think if you just used the latest A-A Free 8.3 w/ AV you will immediately feel the PC being light. A-A in my observation is one of the lighter programs on resources. You really don't need avg anymore but of course you use what your comfortable with. Right now this laptop of mine only has A-A Pro backed up by HitmanPro as on demand. I think that should be sufficient but at the same time light.

Share this post


Link to post
Share on other sites
Thanks on the AVG insight. I was a bit paranoid of 9 when it first came out since their forums had a lot of posts about bugs, much like this forum. Right now, I use AVG, Spybot, and Win Defender on-demand scans and SpywareBlaster is passive. I keep Ad-Aware AE Pro real-time since the network protection blocked IPs not caught by AVG.

I'll continue to use AVG 8.5 for now, but I think they'll soon discontinue support since the last update popup was titled "end support." At that point, I may try MS Security Essentials and/or MBAM (Malware Bytes).

Share this post


Link to post
Share on other sites
You also have the A-A Pro real time protection? do you also experience the appx 5min freeze after you exit a sandboxed IE8? This is my only complaint with A-A. You know with A-A you dont need avg, mse, mbam and spwblstr. Maybe 4 on demand spybot and its extra utils. I have an observation with spwblstr, even though its passive i always felt it had a slowing effect thats why i stopped using that, same with spybot s&d even w/ tea timer off - everytime I had uninstalled these it felt like a heavy weight had been lifted off. IMHO It takes a lot of time to update all these and you could put your time to better use or time to relax :).

Still no update on Sandboxie huh? :unsure:

Share this post


Link to post
Share on other sites
I don't have the same problem with Sandboxie since I use AE Pro which does not have the files protection. Still no news on that.

I only keep AE real-time, all others I turn off. Updating is not so bad. Spybot weekly, SpywareBlaster biweekly, Win Defender every 3 days. AVG does frequent updates, but I only update before I do a quick scan weekly. I just scan when not on the computer - shut down all other apps and unplug from the internet so the scans go faster.

Scan times:

Spybot - weekly full scan (15 mins)
Defender - quick scan (3 mins), full scan monthly (45 mins)
AVG - quick scan (12 mins), full scan monthly (90 mins)
Ad-Aware - quick scan (1 min), full scan monthly (90 mins)

Odd I haven't noticed any sluggishness with Spybot and Spywareblaster. Along with TeaTimer, I also disable SDHelper since it's resident protection as well. I don't understand how Spywareblaster would affect performance since it tweaks settings, but doesn't have any processes running in task manager?

Share this post


Link to post
Share on other sites
I'm not sure why myself but it was in 1 of our PCs here which has KIS2009, I contacted their support uploaded what they call a GSI log and they said afterwards to remove spywareblaster cz it might conflict so I did and that PC felt faster afterwards. That was several months ago, anyway this topic should be closed since its solved. Thanks for the time and effort.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this