W32/Dropper.3AC0!tr - Released Jun 28, 2010 - Last Updated Jun 30, 2010
|
Alias/esTrojan.Win32.Oficla.bk (KAV), W32/Bredolab.2!Generic (F-Prot) |
Visible Symptoms
- The following files exist:
- %Temp%\[Number].tmp
- %System%\fjof.sto
- Possible firewall alert that an executable program is attempting to connect to the Internet.
|
Detailed Analysis
This trojan drops a DLL file issued by the Sasfis botnet. A detailed description and analysis of the Sasfis botnet can be viewed at the following URL: Sasfis Detailed Description.
- It drops the following files:
- %Temp%\[Number].tmp
- %System%\fjof.sto
- It adds the following registry entries:
- key: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
- value: Shell
- data: Explorer.exe rundll32.exe fjof.sto vffwd
|
Recommended ActionFortiGate Systems
- Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option.
FortiClient Systems
- Quarantine/delete files that are detected and replace infected files with clean backup copies.
|
