virus logo Virus

W32/Feebs@mm

description-logoAnalysis

  • Drops the following files:
    • undefinedSYSTEMundefined\mscornet.exe
    • undefinedSYSTEMundefined\ld*.tmp
  • Adds the following registry:
    • key: HKLM\SOFTWARE\MicrosoftWindows\CurrentVersion\policies\explorer
    • value:default
    • data:
    • key: HKLM\SOFTWARE\MicrosoftWindows\CurrentVersion\policies\explorer\run
    • value:default
    • data:
    • key: HKLM\SOFTWARE\MicrosoftWindows\CurrentVersion\policies\explorer\run\wininet.dll
    • value: mscornet.exe
    • data:
  • Visits the following web sites:
    • www.gigs7.com
    • www.webmanaged.net
    • www.freeprohosting.net
  • Injects the process winlogon.exe.

  • Drops a BAT file, which deletes the virus file.

    • recommended-action-logoRecommended Action

      FortiGate Systems
    • Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option.

    Telemetry logoTelemetry

    Detection Availability

    FortiClient
    Extreme
    FortiMail
    Extreme
    FortiSandbox
    Extreme
    FortiWeb
    Extreme
    Web Application Firewall
    Extreme
    FortiIsolator
    Extreme
    FortiDeceptor
    Extreme
    FortiEDR

    Version Updates

    Date Version Detail
    2019-08-27 71.17600 Sig Updated
    2019-07-14 69.97000 Sig Added
    ID 276937
    Released Jul 31, 2006
    Description
    Updated    		 Dec 11, 2006
    Aliases .
    Platform Profile Win32 file format / PE 32 bit