This is a 32-bit virus designed to infect other EXE files on the compromised system. Infected files increase in size by 14Kb but the system time and date of the file does not change.
This virus seeks to replace KERNEL32.DLL with a patched/infected copy. W32/Weird accomplishes this by replacing the existing copy with a modified and infected copy if the system is restarted / rebooted. The virus writes the infected copy as "KERNEL32.A" into the undefinedSystemundefined folder and creates a config file named "wininit.ini" to replace the good copy with the infected copy.
Sometimes an infected file will have a marker in the PE header, indicating the virus had infected the file -
Coded by Weird
Infected files are identified as "W32/Weird.A".
- Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option