W32/TenRobot.B
Analysis
- Virus is 32bit and infects files on Windows 95/98/ME
operating systems by appending its code to them
- Virus runs memory resident on Windows 9x systems
by patching KERNEL32.DLL and copying the infected
file to the Windows folder
- When Windows restarts, files accessed become infected
- Virus may attempt to listen on TCP port 6667 acting
as an IRC bot awaiting instructions from a hacker
or group of hackers
- Instructions could include joining channels, sending
PING requests to IP addresses and also removing the
bot
Recommended Action
- Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option
Telemetry
Detection Availability
FortiGate | |
---|---|
Extreme | |
FortiClient | |
Extended | |
FortiMail | |
Extended | |
FortiSandbox | |
Extended | |
FortiWeb | |
Extended | |
Web Application Firewall | |
Extended | |
FortiIsolator | |
Extended | |
FortiDeceptor | |
Extended | |
FortiEDR |