Misc/IMIServe
Analysis
This threat may modify the system so that it loads whenever Internet Explorer runs, as a "browser helper object", or BHO.
On a compromised system, the file "systb.dll" is written to the Windows folder, with a size of 286,720 bytes. This adware server may intercept server not found conditions when browsing websites, and return "drsnsrch.com" as a search website.
A system that has this adware server installed will
have the value "IMIToolbar" in the registry.
Recommended Action
- check the main screen using the web interface to ensure the latest AV/NIDS database has been downloaded and installed -- if required, enable the "Allow Push Update" option
FortiGate systems: