- It infects executables that have the DOS EXE or DOS COM format.
- Like many old DOS viruses, its body is encrypted and highly polymorphic.
- It inserts a lot of jump calls to evade AV detection.
- It has memory residence capability.
- It hooks INT 13h Service 21h.
- Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the 'Allow Push Update' option.
- Quarantine/delete files that are detected and replace infected files with clean backup copies.