W32/ZeroAccess.B!tr

description-logoAnalysis


  • It drops the file \undefinedWINDOWSundefined\assembly\GAC\Desktop.ini, which is detected as W32/ZAccess.AA!tr.bdr.

  • It tries to access multiple URLs and download files to multiple locations. For instance, it may try to access the following URLs:
    • j.maxmi{Removed}.com
    • 83.133.1{Removed}.2{Removed}

  • It deletes itself from the current folder.

  • It may restart the system.

recommended-action-logoRecommended Action

    FortiGate Systems
  • Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option.
    FortiClient Systems
  • Quarantine/delete files that are detected and replace infected files with clean backup copies.

Telemetry logoTelemetry

Detection Availability

FortiGate
Extended
FortiClient
FortiMail
FortiSandbox
FortiWeb
Web Application Firewall
FortiIsolator
FortiDeceptor
FortiEDR

Version Updates

Date Version Detail
2022-06-21 90.03471
2022-06-21 90.03453
2020-03-06 75.76800 Sig Updated
2020-01-06 74.33900 Sig Added
2019-10-18 72.42600 Sig Updated