I have recently discovered a very interesting variant of Trojan.Autoupder that is not specifically detected by AV scanners. For example, it is detected by NAV as Backdoor.Trojan. In the search for truth, I infected my own PC with this trojan and tried to analyze as best I could. I have included a zipped file with process dumps, analyses, dropped files, and the original ActiveX packaging. Feel free to add to my findings on this thread. I want to see how well the community can work together on this. Don't worry, I've already submitted it to SARC for signatures.


NOTE: This is a live trojan! Do NOT run any of the executables contained in this package on a production system!!!!

Oh, and if your one who uses IE, it adds a BlazeFind searchbar to it.

After doing a little research on this I believe to to be spyware (checking the zip as i'm typing this).
I looked up on GOOGLE for it and it can be removed by Adaware or similer spyware removers.

Sorry to disapoint you ;)

Edit:-
Oh yeah the link!

Adaware
http://www.lavasoftusa.com/software/adaware/

you might want to get a hexeditor of sort next time.

-w0rm3y

actually, I dissasembled the whole thing, but I learned about as much as running strings on it. Most of the prog is written in Delphi 5+.

I ended up scanning my system with the copy of Ad-Aware 6 pro that I have. It picked up several different variations of generic Spyware, but I tell you, this app isnt just spyware. It can autoupdate itself man, that's trojan to me.

You know what is really sad, SARC returned a negative report on the cab file I submitted. So much for priorities. I guess you can't always trust big companies to look out for your interests.