- Drops a copy of itself to the System folder as commdlgdll.exe.
- Creates the following registry entry to automatically execute iteself during startup:
commdlg.dll = "undefinedSystemundefined\commdlgdll.exe"
- Drops a copy of itself to all removable/floppy drives as driver.exe.
- Drops the file autorun.inf to automatically execute its dropped copy whenever the drive is accessed. The following are the contents of this file:
- Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the 'Allow Push Update' option.
- Quarantine/delete files that are detected and replace infected files with clean backup copies.