aupdate.exe

Hi,
Has anyone some info on this file:
aupdate.exe
It comes together with aupdate_uninstall.exe and aupdate.trk
TDS-3 identified it as Gatherer Webdownloader 1.1
It has some connections with http://blazefind.com which appeared to be in my restricted-site list
Dolf

 

Yes, it's known spyware/adware:

http://www.doxdesk.com/parasite/ISTbar.html

If you'd like us to have a closer look, please do the following:
Go to http://www.tomcoyote.org/hjt/ , and download 'Hijack This!'.
Unzip, doubleclick HijackThis.exe, and hit "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log somewhere, and please show us its contents.

Most of what it lists will be harmless or even required, so do NOT fix anything yet.
Someone here will be happy to help you analyze the results.

Cheers,

 

Thanks Tony,
I think it has to do with that Download_Plugin.exe which I could not download for further analysis at the moment because of my security settings of IE.
Dolf

 

Hi Dollefie,

Check the items below, then close all windows except HijackThis and click Fix checked:
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx__BHODemonDisabled (file missing)
O2 - BHO: Activater - {1E1B2879-88FF-11D2-8D96-D7ACAC95951F} - (no file)

No trace of ISTbar, so I guess you blocked it succesfully.

Regards,

Pieter

 

I suppose it is not to be confused with the aupdate.exe function of Outpost firewall

 

Hi meneer,

The location of the file would not be the same, I hope.
In a HijackThis log ISTbar would show up like this:
O4 - HKLM\..\Run: [AutoUpdater] C:\WINDOWS\System32\aupdate.exe

If I'm not mistaken there is also a Aupdate.exe which is Norton related.

Regards,

Pieter

 

Yup, but that one would alway be located in a symantec\liveupdate folder, so no risk of confusion there.

 

Thank you all
Dolf