This indicates a possible W32/Bropia.E-net worm passing through the network on TCP port 11178 using the MSNFTP protocol.
When this worm is executed it drops a copy of itself in the root directory using any of the following file names:
It then attempts to propagate itself via MSN Messenger, by sending a copy of itself using any of the above mentioned file names. This worm also drops the file winis.exe in the root folder.
It changes the byte size to 0 for the following files to preventing them from executing:
It can disable the right mouse button and make cmd and taskmanager unexecutable.
Microsoft Windows Operating Systems.
System compromise: worm infection.
The default action has been set to "pass". If this signature is not triggered by legitimate traffic in your network environment, change its action to "reset session", and disinfect the system which received/sent the packets. Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system. If required, enable the "Allow Push Update" option.