W32/Kriz.4050
Analysis
- Viral body is 4,050 bytes
- Virus replaces KERNEL32.EXE by creating an infected
copy of KERNEL32.EXE and naming it "KRIZED.TT6".
It then replaces KERNEL32.EXE at the next Windows
startup via WININIT.INI.
- Virus runs memory resident, infecting any PE file accessed either by the system, user or other utility
Recommended Action
Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option.
Telemetry
Detection Availability
FortiClient | |
---|---|
Extreme | |
FortiMail | |
Extreme | |
FortiSandbox | |
Extreme | |
FortiWeb | |
Extreme | |
Web Application Firewall | |
Extreme | |
FortiIsolator | |
Extreme | |
FortiDeceptor | |
Extreme | |
FortiEDR |