This application requires Javascript for optimal performance.

W32/Sasfis.BLN!tr.dldr - Released Jul 05, 2010 - Last Updated Jul 07, 2010

Alias/es

Trojan.Win32.Oficla.bt (KAV), Trojan horse Cryptic.AMB (AVG)

Detection Availability

Active DatabaseExtended Database
FortiGate
low
high
FortiClient
FortiMail N/A

Visible Symptoms


  • The following files exist:

    • %Temp%\[Number].tmp
    • %System%\thxr.wgo

  • Possible firewall alert that an executable is attempting to connect to the internet.

Detailed Analysis



The behavior of this trojan is the same as W32/Sasfis.1BE6!tr.

Recommended Action

    FortiGate Systems

  • Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option.

    FortiClient Systems

  • Quarantine/delete files that are detected and replace infected files with clean backup copies.

Reference: ID - 1922433