Trojan Horse

[packfanok]

I'm not sure if this is the right place to post this. I sent an email to the support address for this website, and wanted to make sure someone reads it.

Yesterday I had to reformat. In the process of reinstalling I picked up a Trojan Horse. The source was, C:\windows\browser.exe. I then went to the windows file and opened it. When I put the cursor over the browser icon this is what shows up,

Description: Compiled Autoit Script

File Version: 2.64.0.0

Date Created: 10/11/2007 10:27 AM

Size: 42.3 KB

Is anyone aware of this being a problem before? I might add this was detected using Norton AntiVirus, under their Security risks. The first action taken shows, Repair failed. The next action taken was, Access Denied.

Can anyone tell me what this Application, Compiled Autoit Script, is used for? I can't believe I already picked up a Trojan Horse. That was the reason I did a format. Hope someone can tell me something. Thanks.

[DW1]

OMG, really? Read the stickies b4 you post next time

EDIT: Added Link

Edited October 12, 2007 by danwilli

[MadBoy]

I'm not sure if this is the right place to post this. I sent an email to the support address for this website, and wanted to make sure someone reads it.

Yesterday I had to reformat. In the process of reinstalling I picked up a Trojan Horse. The source was, C:\windows\browser.exe. I then went to the windows file and opened it. When I put the cursor over the browser icon this is what shows up,

Description: Compiled Autoit Script

File Version: 2.64.0.0

Date Created: 10/11/2007 10:27 AM

Size: 42.3 KB

Is anyone aware of this being a problem before? I might add this was detected using Norton AntiVirus, under their Security risks. The first action taken shows, Repair failed. The next action taken was, Access Denied.

Can anyone tell me what this Application, Compiled Autoit Script, is used for? I can't believe I already picked up a Trojan Horse. That was the reason I did a format. Hope someone can tell me something. Thanks.

Autoit Script is a scripting language. As this is quite easy language with a lot of powerfull features it's often used by people for malicious purposes. FIle Version says 2.64 so it means it's not even AutoIt v3 but v2 which is quite old. This program can do most likely many things and it's hard to predict what it does for sure. However you should be able to remove it by going into Windows Safe Mode and by simply doing symantec scan from there or by deleting it from there manually. There's hardly anything we can do about it. When something is good and easy like AutoIt to produce something usefull it can be used for malicious purpose.

The other problem in your case could be that this is a false positive (means that Symantec marks the program as virus when it isn't). However based on location of the file and that you can't delete it it's most likely a virus.