W32/Branvine.A!tr.dldr - Released Jun 04, 2009 - Last Updated Jun 05, 2009
|
Visible SymptomsDownloaded rogue antivirus software known as Privacy Center.
|
Detailed Analysis W32/Branvine.A!tr.dldr is classified as a downloader trojan.
It downloads and installs a rougue antivirus software known as Privacy Center, which is detected as W32/PCenter.A!tr.
After installing, the Privacy Center creates the following files:
- %ProgramFiles%\PCenter\pc.exe
- %ProgramFiles%\PCenter\agent.exe
- %ProgramFiles%\PCenter\sounds\1.mp3
- %ProgramFiles%\PCenter\sounds\3.mp3
- %ProgramFiles%\PCenter\faq\guide.html
- %ProgramFiles%\PCenter\faq\images\gimg1.jpg
- %ProgramFiles%\PCenter\faq\images\gimg10.jpg
- %ProgramFiles%\PCenter\faq\images\gimg2.jpg
- %ProgramFiles%\PCenter\faq\images\gimg3.jpg
- %ProgramFiles%\PCenter\faq\images\gimg4.jpg
- %ProgramFiles%\PCenter\faq\images\gimg5.jpg
- %ProgramFiles%\PCenter\faq\images\gimg6.jpg
- %ProgramFiles%\PCenter\faq\images\gimg7.jpg
- %ProgramFiles%\PCenter\faq\images\gimg8.jpg
- %ProgramFiles%\PCenter\faq\images\gimg9.jpg
- %ProgramFiles%\PCenter\uninstall.exe
- %Documents and Settings%\\Desktop\PCenter.lnk
- %Documents and Settings%\\Application Data\PCenter\dbases\cg.dat
- %Documents and Settings%\\Application Data\PCenter\dbases\mw.dat
- %Documents and Settings%\\Application Data\PCenter\dbases\rd.dat
- %Documents and Settings%\\Application Data\PCenter\dbases\sc.dat
- %Documents and Settings%\\Application Data\PCenter\dbases\sm.dat
- %Documents and Settings%\\Application Data\PCenter\dbases\sp.dat
- %Documents and Settings%\\Application Data\PCenter\temp\settings.ini
- %Documents and Settings%\\Application Data\PCenter\keys\cg.key
- %Documents and Settings%\\Application Data\PCenter\keys\rd.key
- %Documents and Settings%\\Application Data\PCenter\keys\sc.key
- %Documents and Settings%\\Application Data\PCenter\keys\sp.key
The Privacy Center also creates the following folders:
- %ProgramFiles%\PCenter
- %ProgramFiles%\PCenter\tools
- %ProgramFiles%\PCenter\tools\sp
- %ProgramFiles%\PCenter\tools\sc
- %ProgramFiles%\PCenter\faq
- %ProgramFiles%\PCenter\sounds
- %ProgramFiles%\PCenter\faq\images
- %Documents and Settings%\\Application Data\PCenter
- %Documents and Settings%\\Application Data\PCenter\dbases
- %Documents and Settings%\\Application Data\PCenter\temp
- %Documents and Settings%\\Application Data\PCenter\keys
The Privacy Center has graphical user interface similar below:
Figure 1: Privacy Center Main Console.
|
|
Recommended ActionFortiGate Systems
- Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option.
FortiClient Systems
- Quarantine/delete files that are detected and replace infected files with clean backup copies.
|