Virus

Adware/Websearch

Analysis

This Adware program has the following characteristics:
File Size: 237,568, 116,381, 116,224, or 121,904.
Packer: UPX
Certain samples have the description of "Media Gateway".
Certain samples have the internal name of "LoaderX".
Certain samples have the product version of 1.20.

Upon executing the file some harddisk I/O will occur. There are however no graphical cues to it's existence.

The program will then create the directory:
C:\Program Files\Media Gateway
The following files will be dropped:
C:\Program Files\Media Gateway\Info.txt (File Size: 0)
C:\Program Files\Media Gateway\mediagateway.exe (File Size: 237,568).
The following registry keys will be created:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Media Gateway
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Media Gateway

The executable mediagateway.exe will then display popup and/or popunder ads while the user is browsing websites.
The program may attempt to contact public.windupdates.com for additional downloads.

Recommended Action

Uninstall should be possible via the add/remove programs control panel applet. The program is named "Media Gateway".

Detection Availability

FortiGate
Extended
FortiClient
FortiMail
FortiSandbox
FortiWeb
Web Application Firewall
FortiIsolator
FortiDeceptor
FortiEDR

Version Updates

Date	Version	Detail
2023-01-03	90.09317
2022-11-29	90.08277
2022-05-25	90.02623
2022-05-25	90.02622
2021-12-07	89.07553
2021-11-30	89.07343
2021-11-23	89.07133
2021-10-26	89.06291
2021-10-19	89.06081
2021-10-12	89.05871

ID	49891
Released	Aug 12, 2005
Description Updated	Mar 13, 2007
Aliases	Adware/WUpd [Panda], Win32/Adware.WUpd [NOD32]
Platform Profile	Adware typically display advertising content to the user. This advertising content may take many forms, but is typically in the form of web browser pop-up advertisements. In most circumstances, the user is not aware of the Adware component being installed on the local machine.