This Adware is a utility that downloads files and "upgrades" software. The files are commonly retrieved from these web sites -
The executable programs initially connect to '' to download additional files. The following files are secretly downloaded and detected as follows: => Adware/Betterinternet => Adware/Betterinternet
Polau2c.exe => Download/Agent.AY
Farmmext.exe => Download/Stubby.C
After downloading, the Cab files are installed in the system and the exe programs are copied into the System32 directory. These exe files, Farmmext.exe and Ceres.DLL (from, are hooked up into the registry to execute whenever the system is started.

Recommended Action

    FortiGate systems:
  • check the main screen using the web interface to ensure the latest AV/NIDS database has been downloaded and installed -- if required, enable the "Allow Push Update" option
  • Enable the URL blocking feature, and add these URLs to the list -