AutoIt Error

Question

Hi There,

I get an error message every time I start my computer on. This issue is not that much malicious, however I want this issue be fixed with your help. I'm requesting you to help me resolve this issue if you can help me fix this issue.  I've also performed a CMD scan, and was reminded my computer having some corrupted files. Can you please help how can I fix/repair the corrupted files. Please check the images attached below.

Answer 1

You have (at least) two distinct problems.

GoogleChrome.a3x is a well-known malicious "worm."  See, for example, https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/worm_mozgoo.c 

It appears that whatever you have for antimalware software has partially removed the malware but left behind the Windows registry entry that attempts to run the malicious script.

Download, install, and run Malwarebytes:  https://www.malwarebytes.com/premium/

Note that you will be installing a free trial of Malwarebytes commercial product that offers real-time protection against malware.  You can uninstall it after you do one scan.  If you choose not to uninstall it after your initial scan, it will work as advertised for 14 days.  At the end of that time, if you elect to not remove it but not to pay for it, the program reverts to an on-demand only scanning tool (i.e., no real-time protection).

In addition to running Malwarebytes, I suggest that you also run free ESET on-line virus scan:  https://www.eset.com/us/home/online-scanner/

Please report what happens when you run the two antimalware programs and whether you still get the popup error.

If the malware is removed and you no longer get the popup, you should seriously think about replacing whatever you're using for antimalware protection.

The sfc /scannow issue can be left for later.

Answer 2

Hi LemP,

Thanks for the information. I've followed what you have suggested. It was said that threat found after running the scan, and ESET said threats were cleaned by deletion. However, I am still getting the pop up message of AutoIt Error every time I start up my computer. Can the commercial version of ESET anti-virus software remove this worm from my computer? Or what if I format my computer and install a new OS. Please suggest.

Thanks.

Answer 3

Formatting and installing a new operation will get rid of all but an extremely small set of rare malware, but this is a very drastic step that you should not take other than as a completely last resort.

Download and run Autoruns:  https://docs.microsoft.com/en-us/sysinternals/downloads/autoruns

Right-click on the shortcut to Autoruns and select "Run as administrator."

When the scan completes, select the "Logon" tab and look in the "Image Path" column for references to GoogleChrome and a3x

If you can't find any such reference at the "Logon" tab, select the "Everything" tab and use the search function ("binoculars" icon or CTRL+F) to look for GoogleChrome (note that there is no space between "Google" and "Chrome").

If you find a line (or lines) with the suspect items, clear the checkbox at the left end of the line.  This will disable the registry entry.  Note that you can right-click on entries and search for the item online or upload a suspect to VirusTotal, which will run suspect files against a large collection of antimalware products.

If you uncheck an item, when you restart the computer you should no longer see the error message.  If after a few days or so you don't experience any untoward side effects, you can re-run Autoruns and delete the line.  Clear the checkbox disables the registry item but it can be re-enabled merely by re-checking the box.  Deleting, however, is permanent and can't be undone unless you make a manual copy of the registry entry.