Threat Description

Eddie 2

Details

Aliases:Eddie 2, Eddie 2
Category:Malware
Type:Virus
Platform: W32

Summary



A fairly harmless virus from Bulgaria - called "Eddie II" because it contains the string "Eddie lives". This string is similar to the string contained in the original "Eddie" virus.



Removal


Automatic action

Once detected, the F-Secure security product will automatically disinfect the suspect file by either deleting it or renaming it.

More

You may wish to refer to the Support Community for further assistance. You also may also refer to General Removal Instructions for a general guide on alternative disinfection actions.



Technical Details



Eddie II can infect .EXE files as well as .COM files, but unlike most other .EXE infecting viruses, it does not pad them so their length becomes a multiple of 16 bytes, before they are infected. Infected files are marked with a value of 62 in the "seconds" field of the timestamp, which makes them immune to infection by Vienna or Zero Bug. Infected files grow by 651 bytes, but this increase will not be seen if a "DIR" command is given, because the virus intercepts the "find-first" and "find-next" functions, and if the "seconds" field contains 62, the virus will decrement the file length by 651. Apart from this the virus does nothing of interest.






SUBMIT A SAMPLE

Suspect a file or URL was wrongly detected? Submit a sample to our Labs for analysis

Submit Now

Give And Get Advice

Give advice. Get advice. Share the knowledge on our free discussion forum.

Learn More