What is "...system32\SOUL_S~1.SCR"?

Hello,

Ever since last week I’ve been getting an Avast window popping up that asks whether I want to open C:\WINDOWS\system32\SOUL_S~1.SCR in sandbox, normally, or cancel opening.

Now I don’t remember installing anything new and I’ve never seen this before. I also couldn’t find what the SOUL_S~1.SCR thing is either through searching the web. It’s really annoying because I don’t know whether it’s safe or not and I’m getting the message every day!

The window would pop up again for at least another 5-10 times whether I select “Open in sandbox (recommended)”, “open normally” or “cancel opening”.

Can someone enlighten me?

Thanks

PS: Sorry, just realised I posted in the wrong forum and don’t know how to delete it!

Do you use a screensaver as that is what that .scr file type is about ?

So either you have a screensaver enabled or something is trying to run it, have you checked the system32 folder to see if you can find this .scr file beginning with soul_s as a search for SOUL_S~1 is unlikely to find anything as the ~1 is a shortening of the actual file name.

The autosandbox process is controlled in the first instance by the file system shield (FSS), the suspect.exe file is scanned before it is allowed to run. If it were infected, it could/should be detected by the FSS, so one reasonable thing in its favour is it hasn’t had a definitive detection.

However, the FSS checks other things amongst those a) is the file digitally signed, b) its location and what it does (this is done in the emulation check). these can trigger a suspicion and it is this suspicion that results in the recommendation to use the autosandbox.

Now the user can accept this decision and run it in the autosandbox or have it run normally and to Remember the answer for this program. Provided of course you are familiar with the program and that it is clean.
However you the user needs some knowledge of what is on your system and if it is good and should be allowed to run.