Virus

Riskware/Bundlore

Analysis


  • This detection is for installation packages that mostly bundle itself with toolbars or Browser Helper Objects (BHO).

  • The installation mostly goes by the name VGrabber.

  • Most of the dropped files of this application are placed under the folder undefinedProgramFilesundefined\vGrabber.

  • Below are some sample screenshots of the installation process:

    • Figure 1: Installation with bundled Babylon toolbar.


    • Figure 2: Installation with bundled SweetIM toolbar.


    • Figure 3: Installation with bundled PriceGong adware.


Recommended Action

    FortiGate Systems
  • Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option.
    FortiClient Systems
  • Quarantine/delete files that are detected and replace infected files with clean backup copies.