Virus

W32/Novelce.A

Analysis

This is a 32-bit file infector coded in Visual Basic 5, with an origin of Germany. This virus infects .EXE applications on the host system. This virus does not otherwise load into memory or perform any hostile actions.
This virus is designed to prepend itself to files infected. The virus targets *.EXE files on the host system. For all files found, the virus will attempt to prepend a copy of its code to the target file. When the file is modified, the entry point is also changed to point to the execution of the virus code.
Companion Extraction
When an infected file is run, the virus code executes. The virus code contains instructions to separate the virus from the host file, and write the host file to the system into the same directory as "file.exe". The extracted host may become corrupted and cause an error when run.

Recommended Action

Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option