I have a computer that I have bought second hand. It came with a fresh install of Windows XP, SP3. The first thing I did when I got the computer was install Avast antivirus on it.
Now I notice something curious. There is a games folder on the desktop with a whole lot of games published by Gamehouse (or at least that is what the properties on the exe say); for example, there is a game called AirStrike3D. The curious thing is that whenever I go into one of the games folders, the executable launches automatically, and I get a warning from Avast that explorer.exe is try to launch AirStrike3D.exe. This applies to all the games in this games folder. I scanned the folder with Avast and it does not report any virus, but I am not so sure!!
I thought initially that there was some autorun file or something in the folder that was causing windows explorer to automatically execute the file, but this seems not to be the case. Even if I move AirStrike3D.exe to a new folder on my desktop and give this executable another name, it still launches when I open the new folder. I even tried moving it to the recycle bin and it then autoexecutes when I open the recycle bin!!
So, my question is does anyone know what is causing this behaviour and how I can turn it off. I don't like autorun functionality at all, not with CDRoms or Flash Disks either, and DEFINITELY not on executables in explorer folders, and find it very virus-like behaviour. I am very inclined to just format the harddrive and reinstall XP myself and I probably will do that, but I am curious whether any one else has seen this autorun "feature" for executables in Windows XP before and knows how it works and, more importantly, how to stop it working!!
Thanks.
Answer
In windows whenever I'm uncertain about an executable or think there might be something malicious running automatically I go look in the registry. Open the run menu (Windows Key + R), then type regedit.
From there go to HK_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Run. In this folder are executables that run when Windows starts (also check RunOnce, and check the same subfolders under HK_CURRENT_USER).
I don't really trust antivirus software, so I'd say it's possible some daemon is running and looking for certain .exe's to run.
Note: There's a more user-friendly way to get to these settings (msconfig through the run command), but it likes to give you annoying warnings when you boot up if you disable something and doesn't let you just delete a registry key.
No comments:
Post a Comment