Virus

W32/Fareit.L!tr.pws

Analysis


W32/Fareit.L!tr.pws is a generic detection for a trojan. Since this is a generic detection, malware that are detected as W32/Fareit.L!tr.pws may have varying behavior.
Below are examples of some of these behaviors:

  • It drops a copy of itself as undefinedAppDataundefined\[RandomName_1]\[RandomName_2].exe.

  • It deletes the original malware file upon execution.

  • The malware connects to the remote server guu{Removed}.blackfriday.

Recommended Action

  • Make sure that your FortiGate/FortiClient system is using the latest AV database.
  • Quarantine/delete files that are detected and replace infected files with clean backup copies.