This application requires Javascript for optimal performance.

W32/Branvine.A!tr.dldr - Released Jun 04, 2009 - Last Updated Jun 05, 2009

Visible Symptoms

  • Downloaded rogue antivirus software known as Privacy Center.

    • Detailed Analysis


    W32/Branvine.A!tr.dldr is classified as a downloader trojan.

    It downloads and installs a rougue antivirus software known as Privacy Center, which is detected as W32/PCenter.A!tr.

  • After installing, the Privacy Center creates the following files:
    • %ProgramFiles%\PCenter\pc.exe
    • %ProgramFiles%\PCenter\agent.exe
    • %ProgramFiles%\PCenter\sounds\1.mp3
    • %ProgramFiles%\PCenter\sounds\3.mp3
    • %ProgramFiles%\PCenter\faq\guide.html
    • %ProgramFiles%\PCenter\faq\images\gimg1.jpg
    • %ProgramFiles%\PCenter\faq\images\gimg10.jpg
    • %ProgramFiles%\PCenter\faq\images\gimg2.jpg
    • %ProgramFiles%\PCenter\faq\images\gimg3.jpg
    • %ProgramFiles%\PCenter\faq\images\gimg4.jpg
    • %ProgramFiles%\PCenter\faq\images\gimg5.jpg
    • %ProgramFiles%\PCenter\faq\images\gimg6.jpg
    • %ProgramFiles%\PCenter\faq\images\gimg7.jpg
    • %ProgramFiles%\PCenter\faq\images\gimg8.jpg
    • %ProgramFiles%\PCenter\faq\images\gimg9.jpg
    • %ProgramFiles%\PCenter\uninstall.exe
    • %Documents and Settings%\\Desktop\PCenter.lnk
    • %Documents and Settings%\\Application Data\PCenter\dbases\cg.dat
    • %Documents and Settings%\\Application Data\PCenter\dbases\mw.dat
    • %Documents and Settings%\\Application Data\PCenter\dbases\rd.dat
    • %Documents and Settings%\\Application Data\PCenter\dbases\sc.dat
    • %Documents and Settings%\\Application Data\PCenter\dbases\sm.dat
    • %Documents and Settings%\\Application Data\PCenter\dbases\sp.dat
    • %Documents and Settings%\\Application Data\PCenter\temp\settings.ini
    • %Documents and Settings%\\Application Data\PCenter\keys\cg.key
    • %Documents and Settings%\\Application Data\PCenter\keys\rd.key
    • %Documents and Settings%\\Application Data\PCenter\keys\sc.key
    • %Documents and Settings%\\Application Data\PCenter\keys\sp.key
  • The Privacy Center also creates the following folders:
    • %ProgramFiles%\PCenter
    • %ProgramFiles%\PCenter\tools
    • %ProgramFiles%\PCenter\tools\sp
    • %ProgramFiles%\PCenter\tools\sc
    • %ProgramFiles%\PCenter\faq
    • %ProgramFiles%\PCenter\sounds
    • %ProgramFiles%\PCenter\faq\images
    • %Documents and Settings%\\Application Data\PCenter
    • %Documents and Settings%\\Application Data\PCenter\dbases
    • %Documents and Settings%\\Application Data\PCenter\temp
    • %Documents and Settings%\\Application Data\PCenter\keys
  • The Privacy Center has graphical user interface similar below:


    • Figure 1: Privacy Center Main Console.


    Recommended Action

      FortiGate Systems

    • Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option.

      FortiClient Systems

    • Quarantine/delete files that are detected and replace infected files with clean backup copies.

    Reference: ID - 866351