W32/Kriz.4050

description-logoAnalysis

  • Viral body is 4,050 bytes
  • Virus replaces KERNEL32.EXE by creating an infected copy of KERNEL32.EXE and naming it "KRIZED.TT6". It then replaces KERNEL32.EXE at the next Windows startup via WININIT.INI.
  • Virus runs memory resident, infecting any PE file accessed either by the system, user or other utility

recommended-action-logoRecommended Action

Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option.

Telemetry logoTelemetry

Detection Availability

FortiClient
Extreme
FortiMail
Extreme
FortiSandbox
Extreme
FortiWeb
Extreme
Web Application Firewall
Extreme
FortiIsolator
Extreme
FortiDeceptor
Extreme
FortiEDR