VirusAdware/IOptimizer
Analysis
Adware/IOptimizer is composed of two programs - Internet Optimizer and Active Alert. Active Alert is a subcomponent of Internet Optimizer. Active Alert program has the file actalert.exe installed in "C:\Program Files\Internet Optimizer" with a file size of 35,936 bytes.
The Internet Optimizer when installed will remove the Active Alert from the registry and file system. This downloads the End-User Level Agreement (EULA) from a website http://cdn.movies.etc.com under a specified folder. After the user accepts the EULA, it downloads a Browser Helper Object (BHO), "nem220.dll", from the same site where the EULA is downloaded. This file is copied to C:\WinNT and also detected as Adware/IOptimizer.
The program create registry entries under HKEY_CLASSES_ROOT\DyFuCA_BH.BHObj. It also add an entry "Internet Optimizer" in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run to autoexecute itself at Windows startup.
Recommended Action
Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option
