Threat Description

Helloween

Details

Aliases:Helloween
Category:Malware
Type:Virus
Platform: W32

Summary



This virus doesn't activate, because of an mistake in code (the virus should activate on every Octomber 20th).



Removal


Automatic action

Once detected, the F-Secure security product will automatically disinfect the suspect file by either deleting it or renaming it.

More

You may wish to refer to the Support Community for further assistance. You also may also refer to General Removal Instructions for a general guide on alternative disinfection actions.



Technical Details



This virus doesn't contain any destructive routine - it only tries to write the following message:

Virus napsany specialne pro inzenyra ZAKA ze SPS
  *******************
  Nepodlehejte panice, mate nakazeno jen par souboru...
  (c) 1993 II.A 1988
  Tak a ted si vyzkousime treba: RESET
  Kdyby kazdy nespokojeny student
  napsal virus, tak v nasich skolach by
  ani jiny software nekolov
  al a McAfee by se divil...

After this the virus waits for a keypress and then resets the machine.

The 1376 bytes long variant is nearly identical to the Helloween.1839 described above, but it displays this message:

Nesedte porad u pocitace a zkuste jednou delat neco rozumneho!
 *******************
 !! Poslouchejte HELLOWEEN - nejlepsi metalovou skupinu !!

This variant also has a different xor-coding constant, it activates on November 1st when it reboots the machine.





Technical Details: Libor Pechacek, Libor.Pechacek@milada.troja.mff.cuni.cz


SUBMIT A SAMPLE

Suspect a file or URL was wrongly detected? Submit a sample to our Labs for analysis

Submit Now

Give And Get Advice

Give advice. Get advice. Share the knowledge on our free discussion forum.

Learn More