Threat Description

IVP

Details

Aliases:IVP, IVP-Based
Category:Malware
Type:Constructor
Platform:W32

Summary



IVP stands for Instan Virus Producer. This is a virus creating program written by a group called YAM. There are well over 100 different variant created with it in the circulation. Typical viruses created with IVP are simple and buggy COM and EXE infectors.



Removal


Automatic action

Once detected, the F-Secure security product will automatically disinfect the suspect file by either deleting it or renaming it.

More

You may wish to refer to the Support Community for further assistance. You also may also refer to General Removal Instructions for a general guide on alternative disinfection actions.



Technical Details



One IVP variant, IVP.647.B, become relatively widespread in the summer of 1996, as it was distributed over the internet.


Variant:IVP.848 (Die Hard 2)

This is a direct action infector. It infects COM and EXE files which will increase by 848 bytes in size. The body of the virus is encrypted. The virus activates on 7th of June, every year after 1995. At this time it displays this message:

*** SW DIE HARD 2 (The Return of the Doom) ***
  Thanks God for making me alive again!
  [IVP]

After this the virus overwrites 1996 (or 1997, 1998 etc.) sectors from the hard drive.

The virus also contains these texts which are not displayed by the virus:

 Die Hard 2 (The Unbeatable) Sailor Moon

IVP.868 virus is not related to Die_Hard virus.


Variant:Bubbles

Some IVP variants are detected as 'Bubbles' by some antivirus products.

See also: VCL, PS-MPC





Technical Details: Peter Szor, F-Secure, 1996


SUBMIT A SAMPLE

Suspect a file or URL was wrongly detected? Submit a sample to our Labs for analysis

Submit Now

Give And Get Advice

Give advice. Get advice. Share the knowledge on our free discussion forum.

Learn More