Posted 22 February 2010 - 06:19 PM
This isn't directed towards a specific program or specifc variant malware but more of a general question regarding an unidentified file being used as an AutoRun. The other day at our work, our current AV solution picked up and cleaned a threat that was running within the Explorer.exe process. The next day, it did the same thing. Running a scan across the system did not find anything. Upon further inspection, though, we noticed an unidentified file running in the HKLM/Software/Microsoft/Windows/Run location called "cslr.exe" with no identifying markers. It had appeared to be running from the Application Data directory but when I went there, I saw no instance of the file. Looking at the path again is where I got confused as it said
C:\Documents and Settings\<user profile>\Application Data:cslr.exe
I'm not sure what the colon after "Application Data" and between "cslr.exe" means. The file appears to be hidden and I'm beginning to think I have a bigger threat existing on the system. Can anyone further explain what the colon denotes in the path above?