Autorun?

Ive noticed this file before in my document and never gave any thought about it lately when I started noticing autorun.inf infections? or something of the sort I took a look at the information of the file and all I can gather is that its “setup information” file and that it was created april 12th im just wondering what this file is exactally?

thanks

Can you submit the file to www.virustotal.com? What does it return?
Can you ‘open’ the file with notepad? What is it contents?

Hey Tech it kind of answered itself on this one because I was able to open it in notepad and this is what it says

[autorun]
OPEN=setupSNK.exe
ICON=\SMRTNTKY\fcw.ico
ACTION=Wireless Network Setup Wizard

so I believe its legitimate then but just to be on the safe side I will upload it to virus total shortly

The autorun.inf will I hope not be what you are uploading to VT but the setupSNK.exe file assuming you can find it.

The autorun.inf in certain circumstances is a perfectly legitimate file. However if it is found in the root folder of any of your HDD partitions then its intent is more likely to be malicious. This doesn’t seem to be the case here, if it is in the My Documents folder which is a strange place for it to be (less potential for harm in that location if malicious), unless your downloads end up in the my documents folder, etc.

If you waht to know what something is about, google the file name, http://www.google.co.uk/search?q=setupSNK.exe

Hey guys

I have uploaded the file shouldnt I have? to virus total
and it came back clean from all scanners so Im guessing its a perfectly legitimate file

oh can I add another thought to this because honestly its been bugging me and I cant figure it out :smiley:
but say avast detect a trojan Win32. Trojan-gen but ive not been able to figure out what does it mean? I read that the -gen means generic but I dont understand that terminology for a trojan horse just trying to figure these detections out

thanks

It entirely depends on which file you uploaded (?) as there is absolutely no way the autorun.inf file would be detect as infected. The file to upload is the payload file the one that is to be run from the commands in the autorun.inf.

Generic is when you are trying to catch many fish with one hook so to speak, e.g. the signature is trying to catch different variants with the one signature.

alright Ill have to upload the other file then

on the generic part its becoming a bit clearer but still cloudly you said “different varients with one signature” wouldnt that mean that theres more than one varient of the trojan on the persons sytem then?

And at a later date they tailor the definition to catch specific variants

Or to exclude those caught that shouldn’t be, it is a delicate balance.