W32/Agent.KTFX!tr - Released Mar 09, 2010 - Last Updated Mar 16, 2010
|
Alias/esKAV: Trojan.Win32.FraudPack.aogf, McAfee: Generic FakeAlert!eo |
Visible SymptomsThe following files exist:
- %UserProfile%\Local Settings\Application Dat\av.exe
- %UserProfile%\Local Settings\Application Data\v7LsGuo3u6bku
|
Detailed Analysis
It drops the following files:
- %UserProfile%\Local Settings\Application Dat\av.exe
- %UserProfile%\Local Settings\Application Data\v7LsGuo3u6bku
The following registry entries are created:
- HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command = "%UserProfile%\Local Settings\Application Data\av.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe"
- HKLM\software\microsoft\Security Center\AntiVirusOverride = 1
- HKLM\software\microsoft\Security Center\FirewallOverride = 1
|
Recommended ActionFortiGate Systems
- Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option.
FortiClient Systems
- Quarantine/delete files that are detected and replace infected files with clean backup copies.
|
