Alias/es

Detection Availability

Visible Symptoms

Detailed Analysis

This threat is a "PE" executable file, with file size 5537, with file compression: FSG

More Info:

Executing this malware will download several files, which Fortinet already detects. The following is the list of files and the corresponding detections: 0mcamcap.exe_ : W32/Small.BO!tr
cbbavugbml[1].txt : W32/Small.BO!tr
ceejk.exe_ : W32/Small.CSN!tr.dldr
fsfhclil.exe_ : W32/Small.BO!tr
heur000.dll_ : Misc/SpySheriff
heur001.dll_ : Misc/SpySheriff
heur002.dll_ : Misc/SpySheriff
heur003.dll_ : Misc/SpySheriff
hoyh.exe_ : W32/Haxdoor.IL!tr.bdr
hzdyxjf[1].txt : W32/Haxdoor.IL!tr.bdr
ibm00001.dll_ : JA!tr.pws
ibm00001.exe_ : PossibleThreat
ibm00002.dll_ : JA!tr.pws
joxbc.exe_ : W32/Small.KR!tr
jrmypbjvg[1].htm_ : W32/Harnig.A!tr
kbvdcxih[1].txt : Misc/Renos
lgojvdpbw[1].txt : W32/AFH!tr.dldr
peaeky.exe_ : W32/KillAV.3B84!tr
qzdlkfnkzy[1].txt : W32/JA.M!tr.pws
rsjvetfrm[1].txt : W32/KillAV.3B84!tr
secure32-1.htm_ : W32/Harnig.A!tr
secure32.htm_ : W32/Harnig.A!tr
SpySheriff.exe_ : Misc/SpySheriff
txmunbk.exe_ : Misc/Renos
ultfnvtbji[1].htm_ : W32/KillAV.3B84!tr
Uninstall.exe_ : Misc/SpySheriff
uohsct.exe_ : W32/KillAV.3B84!tr
veehjxh.exe_ : W32/AFH!tr.dldr
vhgpbb.exe_ : W32/JA.M!tr.pws
winstall.exe_ : W32/AFH!tr.dldr
xfnmlgeqyu[1].txt : W32/Small.CSN!tr.dldr
xptptt.dll_ : W32/Haxdoor.IM!tr.bdr
znidyxqnp[1].txt : W32/Small.KR!tr


The following files, some of which are blank, also appear:
base.avd
base001.avd
base002.avd
Desktop.htt_
found.wav
fux87.ini
HOSTS.SAM
ImaS3r
Install.dat
klgcptini.dat
notfound.wav
removed.wav
SpySheriff.dvm
uniq

Recommended Action

FortiGate systems:


• check the main screen using the web interface to ensure the latest AV/NIDS database has been downloaded and installed -- if required, enable the "Allow Push Update" option
  
  

FortiClient systems:


• Quarantine/Delete infected files detected and replace infected files with clean backup copies