Virus

Adware/SweetBar!dldr

Analysis

This Trojan downloads files from the domain '17913.com'. The files are retrieved as

SweetSetup.exe
InetSvr.dll
InetSvrHelper.dll
inetcomm.exe
atl.dll

and installed to the local system. The downloaded files are known as Adware/SweetBar.

Recommended Action


    FortiGate systems:
  • check the main screen using the web interface to ensure the latest AV/NIDS database has been downloaded and installed -- if required, enable the "Allow Push Update" option