W32/ZeroAccess.B!tr
Analysis
- It drops the file \undefinedWINDOWSundefined\assembly\GAC\Desktop.ini, which is detected as W32/ZAccess.AA!tr.bdr.
- It tries to access multiple URLs and download files to multiple locations. For instance, it may try to access the following URLs:
- j.maxmi{Removed}.com
- 83.133.1{Removed}.2{Removed}
- It deletes itself from the current folder.
- It may restart the system.
Recommended Action
- FortiGate Systems
- Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option.
FortiClient Systems
- Quarantine/delete files that are detected and replace infected files with clean backup copies.
Telemetry
Detection Availability
FortiGate | |
---|---|
Extended | |
FortiClient | |
FortiMail | |
FortiSandbox | |
FortiWeb | |
Web Application Firewall | |
FortiIsolator | |
FortiDeceptor | |
FortiEDR |