• Drops the following files:
    • c:\windows\system32\adirss.exe
    • c:\windows\system32\lnwin.exe
    • c:\windows\system32\wincom32.ini
    • c:\windows\system32\wincom32.sys
  • Tries to access the following URLs:
  • Adds the following registry:
    • key: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    • value: lnwin.exe
    • data: c:\windows\system32\lnwin.exe
    • key: HKLM\SYSTEM\ControlSet001\Services\wincom32\ImagePath
    • value:
    • data: c:\windows\system32\lnwin.exe
    • key: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
    • value: sysinter
    • data: c:\windows\system32\adirss.exe

    Recommended Action

      FortiGate Systems
    • Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option.