W32/Novelce.A
Analysis
This is a 32-bit file infector coded in Visual Basic
5, with an origin of Germany. This virus infects .EXE
applications on the host system. This virus does not otherwise
load into memory or perform any hostile actions.
This virus is designed to prepend itself to files infected.
The virus targets *.EXE files on the host system. For
all files found, the virus will attempt to prepend a copy
of its code to the target file. When the file is modified,
the entry point is also changed to point to the execution
of the virus code.
Companion Extraction
When an infected file is run, the virus code executes.
The virus code contains instructions to separate the virus
from the host file, and write the host file to the system
into the same directory as "file.exe". The extracted
host may become corrupted and cause an error when run.
Recommended Action
Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option
Telemetry
Detection Availability
FortiClient | |
---|---|
Extreme | |
FortiMail | |
Extreme | |
FortiSandbox | |
Extreme | |
FortiWeb | |
Extreme | |
Web Application Firewall | |
Extreme | |
FortiIsolator | |
Extreme | |
FortiDeceptor | |
Extreme | |
FortiEDR |