Limited Time!
Totally FREE Web Design!
Click here!

Parasite: AutoStartup

This record last updated Tue Sep 20 2005 00:34:14

PLEASE NOTE: Due to the overwhelming extent of this problem and the unbelievable volume of email we have received, we regret that we cannot respond to questions about browser parasites at this time. If you have attempted to contact us about this parasite please accept our apology for not responding. "Thank you's" are always appreciated ;-)

Description

AutoStartup is a backdoor installer for other unsolicited commercial software, controlled by QTech Ltd. (Avatar Resources, avatarresources.com), targeted at wenksdisdkjeilsow.com.

(Other domain names related to QTech/Avatar include avres.net, musicfeast.com, guardster.com.)

Also known as

AutoStarter, internal name; AST, filename.

Distribution

Bundled with iMesh around early 2004.

AutoStartup may install a large quantity of further parasites, including FlashTrack, AdRoar, IEDriver/MaxSpeed, webHancer, BroadcastPC and RelatedLinks. May also install the Pugi/SearchLocate or Pugi/411Ferret parasites, which are also controlled by Avatar Resources.

What it does

Advertising

No.

Privacy violation

No.

Security issues

Yes. May silently download and execute arbitrary unsigned code from its controlling server.

Stability problems

None known.

Removal

Go to the Control Panel’s Add/Remove Programs feature. There may be an entry named ‘WAST’, which can be used to remove the software.

Manual removal

Open the registry, by clicking ‘Start’, choosing ‘Run’ and entering ‘regedit’. Find the key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run and delete the ‘AST’ entry.

Restart the computer and delete the ‘AST.EXE’ file in the Windows folder.