Misc/IMIServe

description-logoAnalysis

This threat may modify the system so that it loads whenever Internet Explorer runs, as a "browser helper object", or BHO.

On a compromised system, the file "systb.dll" is written to the Windows folder, with a size of 286,720 bytes. This adware server may intercept server not found conditions when browsing websites, and return "drsnsrch.com" as a search website.

A system that has this adware server installed will have the value "IMIToolbar" in the registry.

recommended-action-logoRecommended Action


    FortiGate systems:
  • check the main screen using the web interface to ensure the latest AV/NIDS database has been downloaded and installed -- if required, enable the "Allow Push Update" option

Telemetry logoTelemetry