1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar






The Dual_GTM virus is in the wild and has been reported in France during May 1995. It is memory resident COM and EXE file infector. Programs are infected when they are executed.

Disinfection & Removal

Automatic Disinfection

Allow F-Secure Anti-Virus to disinfect the relevant files.

For more general information on disinfection, please see Removal Instructions.

Technical Details

Dual_GTM avoids infecting EXE files whose name begin with SCAN, CLEA and QBAS. It's COM infection routine is buggy and multiple infections of the same COM file are possible.

The code of the virus presents some irritating characteristics - the virus tries to avoid heuristic scanners by doing it's things in non-obvious way. For example, when it wants to move value 4200 to a register, it will first move 4201 and then decrease the value of the register by one.

The virus activates on the 20th of March if the year is greater than 1993. At this time the virus beeps and displays slowly the text: "Beware of the BUG !!!". After this the virus hangs the machine. Otherwise the activation routine is harmless; Dual_GTM's main danger lies in its buggy infection routine that can corrupt the files it infects.

Do note that since member of the Dual_GTM family corrupt some EXE files while infecting them, these files will not work correctly even after they have been disinfected.

Technical Details: Pierre Vandevenne, DataRescue S.P.R.L, Belgium

Submit a sample

Wondering if a file or URL is malicious? Submit a sample to our Lab for analysis via the Sample Analysis System (SAS)

Give And Get Advice

Give advice. Get advice. Share the knowledge on our free discussion forum.