3

I installed the popular software 'Synthesia' from its official website. It is a program for piano transcriptions. It has always been safe.

I decided to uninstall it and as soon as I uninstalled it, a virus came up. I mean, I tried to uninstall it from the Panel Control > Programs [list] > Uninstall a Program.

The uninstall.exe stopped and a warning from Avast came up saying that the .exe has been stopped and the virus [Trojan] moved to the chest [Avast virus chest].

I checked it out and it is quite strange because the name is au_.exe found in the Temp Folder -- C:/Users/MyUserName/AppData/Local/Temp/~nsu.tmp

As Avast has reported the virus is a FileRepMalware

I decided to scan the computer but nothing has been labelled as infected.

Anyway, the software is still there, not uninstalled. How can I remove it if the uninstaller is infected?

p.s - as far as I know, au_.exe is a virus. au.exe is not a virus, at all. Anyway I got the first one so it is a virus and not a false positive of course!

Improve this question
4
  • Why not just delete the file?
    – Eric F
    Commented Jan 12, 2015 at 15:15
  • as far as i know, the file that you say is the uninstal.exe itself of the software ....so how can i delete the whole software? i cannot delete the uninstall.exe otherwise i won't be able to uninstal the whole software. or is there a way to turn it around which i am not aware of? could you help me, please? the file is in the temp folder so i should go up there and delete it? but then, it would be moved to the bin ....that is not so secure to do. am i wrong?
    – Francis
    Commented Jan 12, 2015 at 15:18
  • 1
    I would contact Synthesia as it reads as a false positive...
    – Dave
    Commented Jan 12, 2015 at 15:20
  • Well you can remove software without running an uninstall. Simply delete all the files in its folder that it installed to (along with the folder). Double check in the registry to see if any entries were added. Look at HKEY_LOCAL_MACHINE/SOFTWARE and HKEY_CURRENT_USER/SOFTWARE to see if a folder exists for the software.
    – Eric F
    Commented Jan 12, 2015 at 15:22

1 Answer 1

Reset to default
4

Au_.exe is indeed a false positive. It's a scripting engine packed inside of AutoIt executables. I've seen many applications nowadays use AutoIt during installation or uninstallation. Because of it's rampant use inside of adware installers and the like, it's detected by some AVs however it is definitely a false positive.

The AV has no way of knowing if the script that Au_.exe is running is legitimate or means harm, so they just tag it all. I assure you that if you downloaded the AutoIt scripting suite and compiled an application into .exe format, then ran it, you would see Au_.exe running in your task manager while your script is running. (I guess compiled isn't exactly a good word as there's no compilation going on, it's just packing your script into a SFX file that autostarts the script engine with the script as the argument..

Improve this answer

Not the answer you're looking for? Browse other questions tagged .