VirusW97M/Onex.E
Analysis
- Virus consists of one class macro module, renamed
from "ThisDocument" to "homer"
- Virus hooks Word event handlers which prevents
the closing of infected documents
- Virus attempts to delete this file if it exists,
in a 1 in 150 chance-
c:\winnt\system32\ntoskrnl.exe
- Virus contains this comment line-
'W97M.Homer.a
Telemetry
Detection Availability
| FortiClient | |
|---|---|
| Extreme | |
| FortiMail | |
| Extreme | |
| FortiSandbox | |
| Extreme | |
| FortiWeb | |
| Extreme | |
| Web Application Firewall | |
| Extreme | |
| FortiIsolator | |
| Extreme | |
| FortiDeceptor | |
| Extreme | |
| FortiEDR |