Spy/Istbar
Analysis
Spy/IstBar is detecting one file with a file size of 148,961 bytes. When executed, it does the following: | ||
Displays a dialog box that describes the Software Agreement and states the source of the program. - Metrix Marketing Group | ||
After accepting the Software Agreement, the machine becomes vulnerable and the executed program downloads the following Adware Applicatons: | ||
180Solutions | ||
BullsEye Network | ||
Internet Optimizer | ||
ISTsvc | ||
Power Scan | ||
Side Find | ||
YourSiteBar | ||
The Adwares are downloaded from the different sites. After downloading the files, it installs it and holds the following file in memory | ||
istsvc.exe | ||
mdazhmcj.exe | ||
optimize.exe | ||
rtixhqgd.exe | ||
After Adware installs all the other adwares and trojans, the system has the following detection: | ||
Adware/180Solutions, Adware/Agent.IE, Adware/BargainBuddy.N, Adware/Bargainbuddy.Q, Adware/BetterInternet, Adware/DFC, Adware/Exact, Adware/Exactsearch, Adware/Istbar.A, Adware/Istbar.L, Adware/NCase, Adware/SideFind, Adware/SideFinder, BHO/Ysb, HackerTool/Servicerunner.F, W32/Adload.A-tr, W32/Agent.AY-tr, W32/Chod-mm, W32/Dyfuca.CW-tr, W32/Istbar.1529-tr, W32/IstBar.IJ-tr, W32/StartPage.EX-tr, W32/Vivia.A-tr | ||
|
Recommended Action
Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option
Telemetry
Detection Availability
FortiGate | |
---|---|
Extended | |
FortiClient | |
FortiMail | |
FortiSandbox | |
FortiWeb | |
Web Application Firewall | |
FortiIsolator | |
FortiDeceptor | |
FortiEDR |