Threat Description

Power_Pump

Details

Aliases: Power_Pump
Category: Malware
Type: Virus
Platform: W32

Summary



There are at least two different version of this virus, versions 1.1 and 1.2.

Power_Pump is very simple and badly programmed companion virus. The virus operates by using two separate executable files.



Removal



Automatic Disinfection

Allow F-Secure Anti-Virus to disinfect the relevant files.

For more general information on disinfection, please see Removal Instructions.



Technical Details



First of these programs is always called POWER.EXE, and is programmed in Turbo C. The second program changes name with every infection, picking the file name of the victim file, but using a COM extension instead of EXE extension; this way the program gets accidentally executed by the user if he runs a program without specifying the extension (as it is usually done).

The second program is actually a batch file, which has been compiled with BAT2EXE. Once this program is run, it attempts to execute POWER.EXE, which will do the actual replication and then execute the original victim file.

Power_Pump is so badly programmed that it crashes with almost every execution with "Null pointer assignment" error. Sometimes the virus displays this text:

   Power Pump v1.1 = The Choice Of A New Generation


The virus is probably made in England, since there were multiple reports of it being found from there in 1992.

In addition to that, Power_Pump has been spread with several different shareware games collections, in a file called XYPHR2.ZIP or similar. In despite of this, the virus is not common.

Power_Pump can not be considered a real threat due the bugginess of it's code. It's highly unlikely that it could spread very far from an infected machine without being noticed.

It should be noted that since the virus is programmed in Turbo C and DOS batch language, false alarms of this virus are more likely than usual. If an antivirus program flags a file infected with Power_Pump, re-check with other products.





Description Created: Mikko Hypponen, F-Secure


SUBMIT A SAMPLE

Suspect a file or URL was wrongly detected? Submit a sample to our Labs for analysis

Submit Now

Give And Get Advice

Give advice. Get advice. Share the knowledge on our free discussion forum.

Learn More