Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


How to tell if autofmt.exe is safe

  • Please log in to reply
1 reply to this topic

#1 amaa


  • Members
  • 18 posts
  • Local time:05:59 PM

Posted 12 February 2011 - 12:24 PM

I ran sophos antirootkit and it shows a file c:\\windows\I386\autofmt.exe I have searched everywhere and can't seem to get good info. I did a search and have this file also in c:\windows\system32 and c:\windows\servicepackfiles\i386 and c:\windows\softwaredistribution\downloads then a long alpha numeric directory like a windows update type listing.

My question is is this safe ? should I delete? I also got a hidden file while running sophos called ntkrnlpa.exe is this ok? it is in c:\windows\$ntservicepackuninstall$ folder

Please let me know if these are safe- I have run Malwarebytes and Super Antispyware and these did not show up in those scans only in Sophos antirootkit

BC AdBot (Login to Remove)


#2 quietman7


    Bleepin' Janitor

  • Global Moderator
  • 52,047 posts
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:59 PM

Posted 12 February 2011 - 03:22 PM

Anytime you come across a suspicious file or you want a second opinion, submit it to one of the following online services that analyzes suspicious files:In the "File to upload & scan" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis.

Determining whether a file is malware or a legitimate process usually depends on the location (path) it is running from. One of the ways that malware tries to hide is to give itself the same name as a critical system file. However, it then places itself in a different location (folder) than where the legitimate file resides and runs from there.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users