The AutoUpder is a border case as this is actually a badly
written spy/adware rather than a real malware. The software
concerned uses the technology called 'BrowserToolbar' and the
company that makes use of it has a website with a FAQ here:
We started to receive reports about suspicious internet
connections made from corporate and private computers some time
ago and some of our clients discovered sets of files that had
appeared on their systems without their knowledge.
We believe that the initial file that was dropped to our clients'
systems was MNSVC.EXE. That file is the initial BrowserToolbar
downloader component. The file could have been hiddenly dropped
by some third-party installation package, but we haven't located
the source yet. In any case that file was activated without
users' knowledge and it installed itself to system and created
startup key for itself in Windows Registry to be always run with
Windows. The file then tried to download another executable file
called AUSVC.EXE from the www.wwws1.com website.
The AUSVC.EXE file is also a downloader component of
BrowserToolbar software and it downloaded the rest of
BrowserToolbar software to users' systems. That component also
installed itself to system and created startup key for itself in
Windows Registry to be always run with Windows. This component
downloaded and activated a few more files including the BVT.EXE
and ABSR.EXE files.
The BVT.EXE and ABSR.EXE files are the main components of
BrowserToolbar software. They work as Internet browser addons and
filter incoming and outgoing HTTP traffic caused by the browsers.
These components also install themselves to system and create
startup keys in System Registry for themselves.
We are detecting the BrowserToolbar software for the following
1. The software is installed to a system without a notification
or user's approval
2. The software hiddenly downloads and activates executable files
on a user's system
3. The software uses user's Internet connection without
authorisation and sends out generic data about a user's system
configuration to a website
Unless the developers of BrowserToolbar fix security and privacy
issues with their software, F-Secure Anti-Virus will detect it as
a backdoor. We haven't been contacted by the developers of
BrowserToolbar by the time of this description creation.
To remove the unwanted BrowserToolbar software components from
your system it is recommended to delete all files that F-Secure
Anti-Virus detects as 'Backdoor.AutoUpder' or as a 'Security Risk
of a Backdoor Program'. Also the BrowserToolbar software page
offers removal instructions:
[F-Secure Anti-Virus Research Team; May 23rd, 2002]