Questionable File Creation

Discussion in 'Software' started by DTS, Dec 5, 2007.

  1. DTS

    DTS Private E-2

    Has anyone ever heard of a file called "AU_.exe"? If so, what is it's purpose?

    The way I've found this file is through uninstalling a media codec called 3ivx. After uninstalling 3ivx a hidden folder is created under C:\Documents and Settings\*User*\Local Settings\Temp\~nsu.tmp which contains the AU_.exe file.

    There is also an apparently related file in C:\Windows\Prefetch called "AU_.EXE" which has some random numbers and letters after it's name and ends in the usual prefetch file exetension of ".pf".

    I'm pondering this file because it seems odd for a program to dump an executable upon uninstallation, and I'd like to get to the bottom of what this file is.
     
    DTS, Dec 5, 2007
    #1
  2. studiot

    studiot MajorGeek

    Do you have any of these?

    atmclk.exe au_.exe dcomcfg.exe osaupd.exe
    sa1e1.exe sa9.exe sfsetup.exe SpyFalcon.exe

    If so you have the trojan 'spyfalcon'

    Go directly to Malwareland do not pass go do not collect 200 Espams.


    http://forums.majorgeeks.com/showthread.php?t=35407
     
    studiot, Dec 5, 2007
    #2
  3. DTS

    DTS Private E-2

    Thanks for the reply, studiot. I did have AU_.exe but it gets deleted automatically upon restarting the PC because it only exists in a temp folder.
    After booting the PC back up and running CCleaner's registry issues cleaner, the AU_.exe file is found by CCleaner as a registry issue that needs to be fixed (filed as a missing MUI reference). After "fixing" the file with CCleaner it never shows up again.

    I do still have the AU_.exe file in my Windows Prefetch folder, but I'm weary of deleting anything in the Prefetch unless I know exactly what it is.

    I suppose AU_.exe could be SpyFalcon because SpyFalcon is implanted through suspect video codecs. However, this version of AU_.exe would have came from 3ivx which is a legitimate codec. I've also found it after uninstalling VLC media player. I've also done a scan with AVG which has come back negative for any viruses.

    Is there any instance in which AU_.exe is harmless? There is very little information about this file online, besides the fact that it is a potential virus.
     
    DTS, Dec 5, 2007
    #3
  4. studiot

    studiot MajorGeek

    If this is Spyfalcon it is not there to interfere (much) with the operation of your pc. It is there to collect and pass on data from your system.

    This is not the forum for formal malware identification and cleaning. I posted the link last time. Start again in that forum.

    Alternatively Greatis software products will deal satisfactorily with this one.

    www.greatis.com
     
    studiot, Dec 6, 2007
    #4

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds