virus logo Virus

W32/Inject.CEE!tr

description-logoAnalysis


  • Upon execution, it drops the following files:
    • C:\RECYCLER\R-1-5-21-1482476501-1644491937-682003330-1013\acleaner.exe: copy of the malware.
    • C:\RECYCLER\R-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini: a text file, the contents of which indicate to Microsoft Windows that this is a Recycle Bin folder.

  • It creates the following registry entry to automatically execute itself during startup:
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
      • Taskman = "C:\RECYCLER\R-1-5-21-1482476501-1644491937-682003330-1013\acleaner.exe"


recommended-action-logoRecommended Action

FortiGate Systems

  • Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option.

FortiClient Systems
  • Quarantine/delete files that are detected and replace infected files with clean backup copies.

Telemetry logoTelemetry

Detection Availability

FortiGate
Extreme
FortiClient
Extended
FortiMail
Extended
FortiSandbox
Extended
FortiWeb
Extended
Web Application Firewall
Extended
FortiIsolator
Extended
FortiDeceptor
Extended
FortiEDR

Version Updates

Date Version Detail
2021-11-23 89.07133
2021-09-07 88.00941
2021-07-27 87.00933
2021-07-13 87.00600
2021-07-06 87.00429
2021-06-29 87.00261
2021-05-09 86.00057
2021-04-30 85.00822
2021-04-20 85.00589
2021-04-17 85.00511
ID 3315950
Released Dec 05, 2011
Description
Updated		 Jun 28, 2012
Aliases Win32/Slenfbot.AK, Win32/AutoRun.KS, Mal/Inject-CEE
Platform Profile Win32 file format / PE 32 bit