This is a 32-bit file infector coded in Visual Basic
5, with an origin of Germany. This virus infects .EXE
applications on the host system. This virus does not otherwise
load into memory or perform any hostile actions.
This virus is designed to prepend itself to files infected. The virus targets *.EXE files on the host system. For all files found, the virus will attempt to prepend a copy of its code to the target file. When the file is modified, the entry point is also changed to point to the execution of the virus code.
When an infected file is run, the virus code executes. The virus code contains instructions to separate the virus from the host file, and write the host file to the system into the same directory as "file.exe". The extracted host may become corrupted and cause an error when run.
Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option