1. Skip to navigation
  2. Skip to content
  3. Skip to secondary-content

Where You Are

  1. Labs
  2. Threats
  3. Virus and threat descriptions
  4. Phoenix (800)

Phoenix (800)

ORIGIN:Bulgaria
SIZE:1704
TYPE:Resident COM-files
REPAIR:No

Summary

The virus uses a complicated encryption method, which complicates detection somewhat.

Additional Details

VARIANT:1226
An earlier variant of the Phoenix virus.

VARIANT:Proud
A 1302 byte earlier variant.

VARIANT:Evil
A 1701 byte variant.

So-called "M" and "D" forms of the variants have been reported, but this is actually a misunderstanding. The "D" form is just the decrypted virus and the "M" form is a sample file infected multiple times.