This indicates a possible W32/Bropia.A-tr worm passing through the network on TCP port 11178 using the MSNFTP protocol.
When this worm is executed it drops a copy of itself in the root directory using any of the following file names:
It then attempts to propagate itself via MSN Messenger, by sending a copy of itself using any of the above mentioned file names. The worm also drops the file OMS.EXE in the root folder. FortiGate detects this file as W32/RBot.TX-net. It changes byte size to 0 for the following files, preventing them from executing:
It can also disable the right mouse button and makes cmd and taskmanager unexecutable.
Microsoft Windows Operating Systems.
System compromise: worm infection.
The default action has been set to pass. If this signature is not triggered by legitimate traffic in your network environment, change its action to "reset session", and disinfect the system which received/sent the packets. Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed. If required, enable the "Allow Push Update" option.