virus logo Virus

VBS/Psyme.CI!tr.dldr

description-logoAnalysis

  • Downloads a file from http://aqzj.{REMOVED}.com/ma.exe and saves it to the Temporary folder as driveir.exe. It then runs this file.
  • The downloaded file does not run at Windows startup - it only runs when initiated by the dropper program, or by the user.

    • recommended-action-logoRecommended Action

      FortiGate Systems
    • Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option.

    Telemetry logoTelemetry

    Detection Availability

    FortiClient
    Extreme
    FortiMail
    Extreme
    FortiSandbox
    Extreme
    FortiWeb
    Extreme
    Web Application Firewall
    Extreme
    FortiIsolator
    Extreme
    FortiDeceptor
    Extreme
    FortiEDR
    ID 285589
    Released Aug 31, 2006
    Description
    Updated    		 Jan 05, 2007
    Aliases .VBS/Psyme
    Platform Profile Visual Basic Script
    Profile Type Trojan Downloader (tr.dldr)