virus logo Virus

Download/FraudLoad

description-logoAnalysis

  • Attempts to download a file from the following URL:

    • http://{REMOVED}.com/download/antvrs.exe

    If successful, it executes this file in silent mode.
  • Adds the following registry:

    • key: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
    • value: 3P_UDEC
    • data: "undefinedCURRENTFILEundefined" 0;C;

recommended-action-logoRecommended Action

    FortiGate Systems
  • Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option.
    FortiClient Systems
  • Quarantine/delete files that are detected and replace infected files with clean backup copies.

Telemetry logoTelemetry

ID 462140
Released Apr 30, 2008
Description
Updated		 May 12, 2008
Aliases Trojan-Downloader.Win32.FraudLoad.vl(KAV), W32/FakeAV2008.A(F-Prot)