AU_.exe, is it malware?

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by DTS, Dec 6, 2007.

  1. DTS

    DTS Private E-2

    Has anyone ever heard of a file called "AU_.exe"? If so, what is it's purpose?

    The way I've found this file is through uninstalling a media codec called 3ivx. After uninstalling 3ivx a hidden folder is created under C:\Documents and Settings\*User*\Local Settings\Temp\~nsu.tmp which contains the AU_.exe file.

    There is also an apparently related file in C:\Windows\Prefetch called "AU_.EXE" which has some random numbers and letters after it's name and ends in the usual prefetch file exetension of ".pf".

    I've heard that this file may be part of the SpyFalcon trojan but the version I've found appears to be a simple temp file that is created after uninstalling 3ivx. It is also deteled after restarting the PC and that's when CCleaner identifies it as a missing MUI reference. I've also heard that it may be part of Nullsoft Uninstallers. Please let me know what you guys think it is.

    Thanks
     
    DTS, Dec 6, 2007
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Yes as far as I know it is part of Nullsoft Install System (NSIS). As long as it is cleaning up after itself upon your next reboot, it should not be an issue. Also you are only noticing it after doing the uninstall of 3ivx which again supports the relationship to NSIS.
     
    chaslang, Dec 6, 2007
    #2
  3. DTS

    DTS Private E-2

    Thanks for the reply, Chaslang. I'm fairly confident that it's a benign file that's related to NSIS.

    When SpyFalcon (or related viruses using AU_.exe as a cover) infects a system doesn't AU_.exe usually show up in Task Manager as an executable that is initiated at startup and runs continuously? Also, do any of the SpyFalcon or other AU_.exe viruses implant files in the Windows Prefetch or Documents and Settings folders?
     
    Last edited: Dec 6, 2007
    DTS, Dec 6, 2007
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    This file is not really a SpyFalcon issue. It is from an installer which could be used to install good valid software or any malware program if the creator of the malware used NSIS as their installer. Any processs that executes could be in the Prefetch folder for a period of time. It still does not mean it is malware. So as stated, the AU_.exe file is not really what the the SpyFalcon infection was related to. It may have possibly been an installer they used but I don't remember ever seeing it and it would have been a non-issue anyway.
     
    chaslang, Dec 7, 2007
    #4

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds