• Trojan is 32 bit with a file size of 65,536
  • Trojan may be introduced to the system from an installation program downloaded from the Internet from a malicious web site
  • If Trojan is run, it may copy itself to the System folder by two file names -


  • The Trojan will then register the existing file MSINET.OCX to run as a server and assist with Internet connections by the Trojan

  • The registry could be modified to load the Trojan at each Windows logon -

    sswchxm = C:\WINNT\System32\sswchxm.exe

  • The Trojan will load at Windows logon, and periodically serve porn related web pages to the desktop using Internet Explorer

Recommended Action

  • Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option
  • Using FortiGate manager, add the domain "" to the list of blocked URLs as it is a known host to this malicious file and others