This detection covers several variants of the CIH virus, a PE file infector that injects its code into the cavities of host files. The virus uses a cavity filler technique to implant itself into host files, embedding itself in such a way that cleaning is not always possible. This virus targets the Windows 95/98/Me operating systems. In some variants, the virus has a date activated payload of overwriting CMOS data, causing corruption and a possible inability to boot.

Recommended Action

Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option