virus logo Virus

W32/Agent.KJ!tr.dldr

description-logoAnalysis


  • It adds the following registry:
    • key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe
    • value: Debugger
    • data: C:\Program Files\Microsoft Common\wuauclt.exe
  • It registers itself as a Windows service.

  • It creates the following folder:
    • C:\Program Files\Microsoft Common
  • It copies the *.SYS files from the undefinedSystemundefined\drivers folder to the Temporary folder. These *.SYS file copies have names with the following format:
    • rdl[Random].tmp

    • recommended-action-logoRecommended Action

      FortiGate Systems
    • Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option.
      FortiClient Systems
    • Quarantine/delete files that are detected and replace infected files with clean backup copies.

    Telemetry logoTelemetry

    Detection Availability

    FortiGate
    Extended
    FortiClient
    FortiMail
    FortiSandbox
    FortiWeb
    Web Application Firewall
    FortiIsolator
    FortiDeceptor
    FortiEDR

    Version Updates

    Date Version Detail
    2024-04-08 92.03197
    2024-04-08 92.03191
    2024-03-25 92.02774
    2024-03-18 92.02564
    2024-03-13 92.02414
    2024-02-26 92.01932
    2024-02-14 92.01572
    2024-02-05 92.01315
    2024-01-31 92.01152
    2024-01-27 92.01036
    ID 567334
    Released Sep 25, 2008
    Description
    Updated    		 Sep 26, 2008
    Aliases SHeur.CLBZ (GrisoftAVG), Worm.Win32.Downloader.vp (FSecure), Win32.HLLW.Autoruner.2640 (DrWeb)
    Platform Profile Win32 file format / PE 32 bit
    Profile Type Trojan Downloader (tr.dldr)