W32/TenRobot.B

description-logoAnalysis

  • Virus is 32bit and infects files on Windows 95/98/ME operating systems by appending its code to them
  • Virus runs memory resident on Windows 9x systems by patching KERNEL32.DLL and copying the infected file to the Windows folder
  • When Windows restarts, files accessed become infected
  • Virus may attempt to listen on TCP port 6667 acting as an IRC bot awaiting instructions from a hacker or group of hackers
  • Instructions could include joining channels, sending PING requests to IP addresses and also removing the bot

recommended-action-logoRecommended Action

  • Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option

Telemetry logoTelemetry

Detection Availability

FortiGate
Extreme
FortiClient
Extended
FortiMail
Extended
FortiSandbox
Extended
FortiWeb
Extended
Web Application Firewall
Extended
FortiIsolator
Extended
FortiDeceptor
Extended
FortiEDR

Version Updates

Date Version Detail
2023-08-08 91.05844
2023-06-18 91.04323
2022-06-28 90.03672
2022-04-13 90.01347