This threat is a downloader which retrieves adware from a hosted Internet server. This downloader/dropper threat is typically installed when visiting web sites which host adware. Common websites include porn sites, video game cheat code sites and gambling web sites.
The web page may write a dropper/installer file named "insttt.exe" and known to FortiGate AV definitions as "W32/Binet-dr" - this dropper file is then executed. Next the adware retrieved from hosting servers.
Comments associated with the adware include this -
"Utility for downloading files and upgrading software. Visit www.abetterinternet.com for more info."
- Check the main screen using the web interface for
your FortiGate unit to ensure that the latest AV/NIDS
database has been downloaded and installed on your
system - if required, enable the "Allow Push
- Using the FortiGate manager, add these IP addresses
and website names to the list of URLs to block -