VirusSpy/Istbar
Analysis
| Spy/IstBar is detecting one file with a file size of 148,961 bytes. When executed, it does the following: | ||
| Displays a dialog box that describes the Software Agreement and states the source of the program. - Metrix Marketing Group | ||
| After accepting the Software Agreement, the machine becomes vulnerable and the executed program downloads the following Adware Applicatons: | ||
| 180Solutions | ||
| BullsEye Network | ||
| Internet Optimizer | ||
| ISTsvc | ||
| Power Scan | ||
| Side Find | ||
| YourSiteBar | ||
| The Adwares are downloaded from the different sites. After downloading the files, it installs it and holds the following file in memory | ||
| istsvc.exe | ||
| mdazhmcj.exe | ||
| optimize.exe | ||
| rtixhqgd.exe | ||
| After Adware installs all the other adwares and trojans, the system has the following detection: | ||
| Adware/180Solutions, Adware/Agent.IE, Adware/BargainBuddy.N, Adware/Bargainbuddy.Q, Adware/BetterInternet, Adware/DFC, Adware/Exact, Adware/Exactsearch, Adware/Istbar.A, Adware/Istbar.L, Adware/NCase, Adware/SideFind, Adware/SideFinder, BHO/Ysb, HackerTool/Servicerunner.F, W32/Adload.A-tr, W32/Agent.AY-tr, W32/Chod-mm, W32/Dyfuca.CW-tr, W32/Istbar.1529-tr, W32/IstBar.IJ-tr, W32/StartPage.EX-tr, W32/Vivia.A-tr | ||
|
| ||
Recommended Action
Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option
Telemetry
Detection Availability
| FortiGate | |
|---|---|
| Extended | |
| FortiClient | |
| FortiMail | |
| FortiSandbox | |
| FortiWeb | |
| Web Application Firewall | |
| FortiIsolator | |
| FortiDeceptor | |
| FortiEDR |