• This detection is for a legacy DOS Virus. It affects only DOS-based systems.

  • The malware has been observed to be capable of the following behavior:
    • It infects executables that have the DOS EXE or DOS COM format.
    • Like many old DOS viruses, its body is encrypted and highly polymorphic.
    • It inserts a lot of jump calls to evade AV detection.
    • It has memory residence capability.
    • It hooks INT 13h Service 21h.
  • There have been variants of this malware that are capable of infecting the Master Boot Record (MBR) of the infected system.

  • Recommended Action

      FortiGate Systems
    • Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the 'Allow Push Update' option.
      FortiClient Systems
    • Quarantine/delete files that are detected and replace infected files with clean backup copies.