Proactive IT Security
W32/AutoUpdater.A
Threat risk
Threat risk none
|
Detection files published:
05 Jun 2002 |
Description created:
2002-06-06 |
Description updated:
2002-06-06 |
|
Alias:
TROJ_SUA.A, Downloader-W, Backdoor.AutoUpder, Troj/DLoader-A |
Spreading mechanism
Webpage | |
|
Payload:
| ||
Summary
This is a tool which installs an additional toolbar to your browser. As it turns out, this software seems to be silently installed by a number of websites through known browser security holes. Once installed, the initial component will download and install other components belonging to the package.The full functionality of the tool is still somewhat unclear, but it is a fact that at least in some cases it installs completely silently without any user notification at all.
There are a number of files installed by this tool:
mnsvc.exe (initial download component)
ausvc.exe
absr.exe
auupg.exe
bvt.exe
We have so far not been able to pinpoint any overtly malicious action conducted by this tool, but we consider the silent installation of it as worrisome. We may remove detection later if the tool changes behaviour.
The scanner will detect these as belonging to the group "aggressive commercials"; a group of software encompassing among other things adware and spyware.
Removal
General information about removal of malicious software
Norman's antivirus products are in general able to remove all malicious software that is detected.
Some malware, however, uses techniques that the general product does not remove sufficiantly. We have therefore developed the free product Norman Malware Cleaner. Please use the latest version of this program from the link below - if your Norman antivirus is unable to clean-up the infection.
| Usage | Title | Comment |
|---|---|---|
| Stopping network share infectors | ||
| Cleaning of back-up folders on Windows Me and XP |
