Threat Description

COM infector

Details

Aliases: COM infector, COM virus
Category: Malware
Type:
Platform: W32

Summary



This type of virus infects COM files. A COM file is a small (less than 65 kilobytes) binary executable file. That format was widely used during DOS operating system era. However this format was used for some utilities in Windows 95, 98 and ME. In Windows NT, 2000 and XP there also exist COM files, but they are mostly files in EXE format and were given COM extension for backward compatibility reasons.



Removal



Automatic Disinfection

Allow F-Secure Anti-Virus to disinfect the relevant files.

For more general information on disinfection, please see Removal Instructions.



Technical Details



A COM infector can be prepending (writes itself before the original file), appending (writes itself to the end of the original file), overwriting (overwrites the original file with its own code), inserting (inserts itself into gaps inside the original file) and companion (renames the original file and writes itself with the original file's name). A COM infector can be memory resident and non-memory resident. Memory resident viruses stay active in memory, trap one or more system functions (usually interrupt 21h) and infect files while they are accessed. Non-memory resident viruses search for COM files on a hard disk and infect them.

A COM infector can be non-encrypted, encrypted or polymorphic. An encrypted or polymorphic virus consists of one or more decryptors and a main code. A decryptor decrypts main virus code before it could be started. Encrypted viruses usually use fixed or variable key decryptors while polymorphic viruses have decryptors that are randomly generated from processor instructions and contain a lot of commands that are not used in decryption process.





Description Created: Alexey Podrezov, July 14th, 2003
Description Last Modified: Alexey Podrezov, May 24th, 2004


SUBMIT A SAMPLE

Suspect a file or URL was wrongly detected? Submit a sample to our Labs for analysis

Submit Now

Give And Get Advice

Give advice. Get advice. Share the knowledge on our free discussion forum.

Learn More