W32/Agent.GBS!tr.dldr
Analysis
W32/Agent.GBS!tr.dldr is classified as a downloader trojan.
Downloader Trojans have the capability to download other malicious files or updated versions of themselves.
- C:\Documents and Settings\LocalService\Application Data\sysproc64
- sysproc32.sys
- sysproc64
- sysproc32.sys
- sysproc86.sys
- oembios.exe
- key: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
- value: Userinit
- data: undefinedSystemundefined\userinit.exe, undefinedSystemundefined\oembios.exe
- key: HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
- value: EnableFirewall
- data: 0
- bmw[removed]foreva.ru
Recommended Action
- FortiGate Systems
- Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option.
FortiClient Systems
- Quarantine/delete files that are detected and replace infected files with clean backup copies.
Telemetry
Detection Availability
FortiGate | |
---|---|
Extreme | |
FortiClient | |
Extended | |
FortiMail | |
Extended | |
FortiSandbox | |
Extended | |
FortiWeb | |
Extended | |
Web Application Firewall | |
Extended | |
FortiIsolator | |
Extended | |
FortiDeceptor | |
Extended | |
FortiEDR |