This application requires Javascript for optimal performance.

W32/VBInject.UIJ!tr - Released Jul 23, 2010 - Last Updated Sep 01, 2010

Alias/es

Trojan.Win32.Jorik.Lolbot.bz (KAV), W32/Kolab (McAfee)

Detection Availability

	Active Database	Extended Database
FortiGate		low high
FortiClient
FortiMail		N/A

Visible Symptoms

The following files exist:
- %System%\hp-357.exe
- %System%\HPWuSchdb.exe
- %User Profile%\Application Data\SystemProc\lsass.exe
- %Program Files%\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content\timer.xul
- %Program Files%\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome.manifest
- %Program Files%\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\install.rdf

Detailed Analysis

This malware's behavior is similar to W32/VB.XCK!tr.

Recommended Action

FortiGate Systems

Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option.

FortiClient Systems
Quarantine/delete files that are detected and replace infected files with clean backup copies.

Reference: ID - 1964374

Current Threat Level

Vulnerabilities

Virus/Spyware

Spam

PGP Keys

Contact Form

Copyright © 2011 Fortinet Inc. All Rights Reserved